tdx.sys trojan and Google Redirects

Been having this problem for a month now and I can't handle it anymore, here is DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.0
Run by MatCat at 18:18:02 on 2012-04-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1234 [GMT -7:00]
.
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\MatCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Users\MatCat\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11g_Plugin.exe -update plugin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\matcat\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\matcat\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\matcat\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\anycom\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\anycom\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\anycom\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: DhcpNameServer = 192.168.1.14
TCP: Interfaces\{ACE29457-2DF4-4DEB-9C52-15803D89BAF8} : DhcpNameServer = 192.168.1.14
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE} : DhcpNameServer = 192.168.1.14
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\14273616471602642756560275966496 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\14273616471634F6F607055726C69636 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\3616C69666F627E65656771697 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\44F6E672370244F6E6574737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\4656661657C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\541627478637D454449414 : DhcpNameServer = 108.204.129.206
TCP: Interfaces\{F48471AC-5D2F-4528-897A-B5B1DA56A0DE}\C62556E64656A767F6573702D45737963602D20245F6269702A41636B637 : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matcat\appdata\roaming\mozilla\firefox\profiles\t60a9es5.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 6\plugins\npkanevapatch.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 6\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\matcat\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\matcat\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\matcat\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-4-26 17904]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-4-26 3065120]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-25 1153368]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-4-26 51632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2012-3-20 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-24 20464]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-29 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152152]
S2 ndasbus;Tb2RCAssist;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-7-21 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-7-21 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-7-21 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-7-21 25088]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2011-7-21 25856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2011-7-21 25728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-23 29736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-29 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-19 129976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2011-3-13 91392]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-3 15936]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-3 31808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-22 15872]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2012-1-4 468096]
S3 STTub30;USB Driver for Tube device v3.0.0;c:\windows\system32\drivers\STTub30.sys [2011-11-15 31104]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2010-9-24 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2010-9-24 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2010-9-24 28032]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-22 52224]
S3 vjoy;vJoy Device;c:\windows\system32\drivers\vjoy.sys [2011-11-26 16448]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 zonescreen;zonescreen;c:\windows\system32\drivers\zsport.sys [2010-10-31 10616]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-20 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2012-04-27 00:55:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-27 00:49:30 -------- d-----w- c:\users\matcat\appdata\local\temp
2012-04-27 00:13:33 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-26 22:13:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-25 23:42:09 -------- d-----w- c:\users\matcat\appdata\local\{4E5B514E-8F30-11E1-826D-B8AC6F996F26}
2012-04-25 23:41:26 -------- d-----w- c:\program files\common files\LegacyDataCollectorSet
2012-04-24 20:28:32 -------- d-----w- c:\users\matcat\appdata\local\{5780F836-FF2D-4EC5-9676-280D311D19DE}
2012-04-24 20:28:30 -------- d-----w- c:\users\matcat\appdata\local\{B9B35FFA-4800-4E11-A79E-E14C5FEA2A59}
2012-04-22 22:24:29 -------- d-----w- c:\users\matcat\appdata\local\{FDE272D8-6368-4122-B8C7-B11713F176EC}
2012-04-22 22:24:27 -------- d-----w- c:\users\matcat\appdata\local\{B8819329-89A9-47C1-ADA2-1CC7E7B7F768}
2012-04-21 21:24:22 454656 ----a-w- C:\putty.exe
2012-04-21 21:08:20 -------- d-----w- c:\users\matcat\appdata\local\{37F7B99F-43A2-46AE-A1D8-C1D6FEB424E6}
2012-04-21 21:08:18 -------- d-----w- c:\users\matcat\appdata\local\{AEFBF1AB-C772-4015-BAB8-682EC0DF7BF7}
2012-04-20 21:41:58 -------- d-----w- c:\users\matcat\appdata\roaming\OpenOffice.org
2012-04-20 21:30:59 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-15 20:44:18 -------- d-----w- c:\users\matcat\appdata\local\{98BB3CB8-6B5B-4B2F-B1C0-467631D20275}
2012-04-15 20:44:14 -------- d-----w- c:\users\matcat\appdata\local\{789B3889-D79D-4A5D-924C-495F559F0E23}
2012-04-14 22:00:04 -------- d-----w- c:\users\matcat\appdata\local\{B112EE01-2868-4F99-AAAD-C3A12EEF8642}
2012-04-14 22:00:01 -------- d-----w- c:\users\matcat\appdata\local\{370C9E65-C033-408D-9115-3E86B2547637}
2012-04-14 01:00:16 -------- d-----w- c:\program files\Virtual VCR
2012-04-13 21:24:24 -------- d-----w- c:\users\matcat\appdata\local\{132F1474-FA36-4907-871E-673E46E46972}
2012-04-13 21:24:22 -------- d-----w- c:\users\matcat\appdata\local\{CDD450BD-9876-4533-938F-5E066B307541}
2012-04-13 11:13:14 -------- d-----w- c:\users\matcat\appdata\roaming\Inopgo
2012-04-13 11:13:14 -------- d-----w- c:\users\matcat\appdata\roaming\Ezezc
2012-04-12 23:51:08 -------- d-----w- c:\program files\GCS
2012-04-07 17:18:23 -------- d-----w- c:\windows\en
2012-04-07 17:12:26 89944 ----a-w- c:\program files\common files\windows live\.cache\9af1a82f1cd14e101\DSETUP.dll
2012-04-07 17:12:26 537432 ----a-w- c:\program files\common files\windows live\.cache\9af1a82f1cd14e101\DXSETUP.exe
2012-04-07 17:12:26 1801048 ----a-w- c:\program files\common files\windows live\.cache\9af1a82f1cd14e101\dsetup32.dll
2012-04-07 17:11:46 -------- d-----w- c:\users\matcat\appdata\local\{C9A625D2-7F36-455E-B631-D1A9A271E7D7}
2012-04-07 17:11:31 -------- d-----w- c:\users\matcat\appdata\local\{EEC54E8E-1AC1-49D4-9E8D-DA05CF26C0AB}
2012-04-06 21:23:58 -------- d-----w- c:\users\matcat\appdata\local\{95FCC9D6-376C-48DA-9044-BB3658100E88}
2012-04-02 06:49:36 -------- d-----w- c:\users\matcat\appdata\local\{045A7ADF-6A0A-4A33-9194-6F2562A966D6}
2012-04-02 06:49:18 -------- d-----w- c:\users\matcat\appdata\local\{DFBE785D-514D-4DFF-96AE-D7A50C092958}
2012-04-02 00:45:08 -------- d-----w- c:\users\matcat\appdata\local\ElevatedDiagnostics
2012-04-02 00:44:29 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-02 00:44:26 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-01 06:50:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-31 22:51:17 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-04-27 00:12:44 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-27 00:05:51 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-25 19:55:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-09 01:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-09 01:10:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 18:16:56 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-22 17:56:27 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:18:29.82 ===============

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Here is the log from ComboFix, it did not fix the problem.

ComboFix 12-04-26.01 - MatCat 04/26/2012 17:26:47.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2166 [GMT -7:00]
Running from: c:\users\MatCat\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\LegacyDataCollectorSet\LegacyDataCollectorSet.dll
c:\users\MatCat\AppData\Local\assembly\tmp
c:\users\MatCat\AppData\Local\Temp\dmsrig.dll
c:\users\MatCat\AppData\Local\Temp\dsvdy.dll
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\bookmarks.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\clients.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\forms.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\history.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\passwords.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\prefs.json
c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\weave\toFetch\tabs.json
c:\users\MatCat\giukot.exe /s
c:\users\MatCat\start1.exe
c:\users\Public\videos\SuperOneClick.exe
c:\windows\$NtUninstallKB53256$
c:\windows\$NtUninstallKB53256$\1381073497\L\xadqgnnk
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 00:49 . 2012-04-27 00:57 -------- d-----w- c:\users\MatCat\AppData\Local\temp
2012-04-27 00:49 . 2012-04-27 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 00:14 . 2012-04-27 00:14 -------- d-----w- c:\program files\Common Files\Java
2012-04-26 22:13 . 2012-04-27 00:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-25 23:42 . 2012-04-25 23:42 -------- d-----w- c:\users\MatCat\AppData\Local\{4E5B514E-8F30-11E1-826D-B8AC6F996F26}
2012-04-25 23:41 . 2012-04-27 00:48 -------- d-----w- c:\program files\Common Files\LegacyDataCollectorSet
2012-04-21 21:24 . 2010-12-20 22:28 454656 ----a-w- C:\putty.exe
2012-04-20 21:41 . 2012-04-20 21:41 -------- d-----w- c:\users\MatCat\AppData\Roaming\OpenOffice.org
2012-04-20 21:30 . 2012-04-20 21:31 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-14 01:00 . 2012-04-14 01:00 -------- d-----w- c:\program files\Virtual VCR
2012-04-13 11:13 . 2012-04-27 00:06 -------- d-----w- c:\users\MatCat\AppData\Roaming\Inopgo
2012-04-13 11:13 . 2012-04-26 23:57 -------- d-----w- c:\users\MatCat\AppData\Roaming\Ezezc
2012-04-12 23:51 . 2012-04-12 23:51 -------- d-----w- c:\program files\GCS
2012-04-07 17:18 . 2012-04-07 17:18 -------- d-----w- c:\windows\en
2012-04-07 17:12 . 2012-04-07 17:12 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\9af1a82f1cd14e101\DSETUP.dll
2012-04-07 17:12 . 2012-04-07 17:12 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\9af1a82f1cd14e101\DXSETUP.exe
2012-04-07 17:12 . 2012-04-07 17:12 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\9af1a82f1cd14e101\dsetup32.dll
2012-04-02 00:45 . 2012-04-02 00:45 -------- d-----w- c:\users\MatCat\AppData\Local\ElevatedDiagnostics
2012-04-02 00:44 . 2012-04-02 00:44 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-02 00:44 . 2012-04-02 00:44 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-01 06:50 . 2012-03-25 19:55 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-31 22:51 . 2012-04-01 06:08 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 00:12 . 2012-04-27 00:13 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-27 00:12 . 2010-09-21 19:15 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-27 00:05 . 2011-02-23 02:57 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-25 19:55 . 2012-03-25 19:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-09 01:37 . 2012-03-09 01:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-09 01:10 . 2011-07-09 17:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 18:16 . 2011-06-05 02:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-22 17:56 . 2011-02-23 02:57 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\MatCat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\MatCat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\MatCat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\MatCat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-04-20 3361184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\MatCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MatCat\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 MpKsl014afd7c;MpKsl014afd7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51B6C3B3-E5C0-4AFD-BB30-0D4BD3F327D1}\MpKsl014afd7c.sys [x]
R1 MpKsl0ddf4ef3;MpKsl0ddf4ef3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C0C3C27-38F4-4847-830A-64AC37B8EC89}\MpKsl0ddf4ef3.sys [x]
R1 MpKsl2a7294ee;MpKsl2a7294ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08DF607F-7343-4EAD-AEB1-D12685D78815}\MpKsl2a7294ee.sys [x]
R1 MpKsl3b033a06;MpKsl3b033a06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F3D5534-9DE8-42FB-8582-FF33F84485BF}\MpKsl3b033a06.sys [x]
R1 MpKsl5b7abad1;MpKsl5b7abad1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42729D8E-CC1A-4BBC-8003-28E0EEBF3B3E}\MpKsl5b7abad1.sys [x]
R1 MpKsl5c3595e3;MpKsl5c3595e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42729D8E-CC1A-4BBC-8003-28E0EEBF3B3E}\MpKsl5c3595e3.sys [x]
R1 MpKslad90e12d;MpKslad90e12d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5B65CB-03DB-448E-8A49-89777024AC2F}\MpKslad90e12d.sys [x]
R1 MpKslc318a41f;MpKslc318a41f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42729D8E-CC1A-4BBC-8003-28E0EEBF3B3E}\MpKslc318a41f.sys [x]
R1 MpKslc9932de2;MpKslc9932de2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08DF607F-7343-4EAD-AEB1-D12685D78815}\MpKslc9932de2.sys [x]
R1 MpKsle769b527;MpKsle769b527;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B058CBB-F788-49D6-BB5B-30103DEFAC1C}\MpKsle769b527.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2010-11-29 25856]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-22 29736]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2012-03-20 15232]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-19 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 P1171VID;Creative WebCam Notebook 4036DA175479CE0160D526910278C91B0F6939A58A3599B344DB6F7F;c:\windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus.sys [2009-11-04 15936]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy.sys [2009-11-04 31808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-16 468096]
R3 STTub30;USB Driver for Tube device v3.0.0;c:\windows\system32\Drivers\STTub30.sys [2009-03-24 31104]
R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [2009-11-25 47360]
R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys [2009-11-25 47360]
R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys [2009-11-25 28032]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vjoy;vJoy Device;c:\windows\system32\DRIVERS\vjoy.sys [2011-10-14 16448]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 zonescreen;zonescreen;c:\windows\system32\DRIVERS\zsport.sys [2010-10-31 10616]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-04-20 3065120]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-03-25 2152152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CdaD10BA
sonypvs1
curtainssyssvc
slabbus
cportclm
defragfs
SNC
ndasbus
LKbdFlt2
gemserv
dbmang
issimon
taphss
SED133x
fips
KR10N
MRESP50a64
msdv
nvstor64
mwstick
dwusbdnt
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 01:31]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 01:31]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119944356-3869998340-973448521-1000Core.job
- c:\users\MatCat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 08:58]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3119944356-3869998340-973448521-1000UA.job
- c:\users\MatCat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 08:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.14
FF - ProfilePath - c:\users\MatCat\AppData\Roaming\Mozilla\Firefox\Profiles\t60a9es5.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKCU-Run-{3BF9B9B5-B1B5-8942-1A22-09237F7B01B1} - c:\users\MatCat\AppData\Roaming\Inopgo\azohiqe.exe
HKCU-Run-giukot - c:\users\MatCat\giukot.exe
HKLM-Run-LegacyDataCollectorSet - c:\program files\Common Files\LegacyDataCollectorSet\LegacyDataCollectorSet.dll
SafeBoot-16041753.sys
SafeBoot-91109818.sys
SafeBoot-MsMpSvc
AddRemove-{E2A1E774-8D7B-487A-8AF7-0120ED348963} - c:\program files\EMS\SQL Manager for SQL Server\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3119944356-3869998340-973448521-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,f9,cc,69,d4,79,b6,bc,7b,df,84,f0,91,6a,2b,a2,bd,30,24,17,4f,
95,d7,9e,26,2f,e9,e5,54,e6,01,9c,a1,b0,92,fd,fa,81,4d,d2,89,2a,c7,94,50,80,\
"rkeysecu"=hex:4d,80,87,ff,9c,a5,1c,72,ee,f5,9e,d7,3d,cc,06,15
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1600)
c:\users\MatCat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Altap Salamander\plugins\salamext.dll
c:\program files\ANYCOM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Mozilla Firefox 4.0 Beta 6\firefox.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-04-26 18:04:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 01:03
.
Pre-Run: 9,641,758,720 bytes free
Post-Run: 9,250,758,656 bytes free
.
- - End Of File - - 17A3A3AC94F2C6EB87428012E00D0AD1

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.