Browser Malware/hypertext virus/slow Comp/unable to update

I don't even know where to start. First, my browser firefox has some malware that gives me hypertext on every page, in addition to adds that shouldnt be there. As a result of this, my computer now runs at about 20% its normal speed. Everything runs slow/loads slow and operates slowly. Unfortunately, my system restore points are after the infection. In addition to these problems, i have been unable to update the service pack do to errors. i have followed numerous guides/instructions to resolve these issues to no avail. I thank you in advance for helping and i eagerly await your response.

-hopeless

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 00:59:18
# Updated 28/04/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# User : Robert - ROOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\Test\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18294

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\poq0kyyu.default\prefs.js

[OK] File is clean.

File : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\7949s07z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6422 octets] - [24/04/2013 08:54:14]
AdwCleaner[R2].txt - [6482 octets] - [24/04/2013 08:56:44]
AdwCleaner[S1].txt - [6660 octets] - [24/04/2013 09:25:08]
AdwCleaner[S2].txt - [1427 octets] - [07/05/2013 00:59:18]

########## EOF - C:\AdwCleaner[S2].txt - [1487 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.28.04

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Robert :: ROOM-PC [administrator]

4/28/2013 10:49:08 AM
MBAM-log-2013-04-28 (16-54-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 541052
Time elapsed: 5 hour(s), 51 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Robert\Programs\CFV100in.zip (HackTool.BruteForce) -> No action taken.
C:\Users\Robert\Programs\dcuo.zip (PUP.BundleInstaller.OI) -> No action taken.

(end)

Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Watch Live! Anti-Virus
Microsoft Security Essentials
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Java(TM) 6 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
Robert Desktop virus SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Please run MBAM again and "Remove the infections".
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
the Security log shows that your have three active AV's on your computer which could be causing some of your problems; Lavasoft Ad-Watch Live! Anti-Virus,
Microsoft Security Essentials and AVG Anti-Virus Free Edition 2012. Only one AV should be active on your computer. Please disable the other two.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Here is the relevant info:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.06.08

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Robert :: ROOM-PC [administrator]

5/8/2013 11:59:48 AM
mbam-log-2013-05-08 (11-59-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281176
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ComboFix 13-05-08.02 - Robert 05/08/2013 9:13.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2333 [GMT -7:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\users\Robert\AppData\Local\assembly\tmp
c:\windows\PolicyDefinitions
c:\windows\PolicyDefinitions\CaptureWizard.admx
c:\windows\PolicyDefinitions\en-US\CaptureWizard.adml
c:\windows\PolicyDefinitions\en-US\MovieMaker.adml
c:\windows\PolicyDefinitions\en-US\Search.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\MovieMaker.admx
c:\windows\PolicyDefinitions\Search.admx
c:\windows\PolicyDefinitions\WindowsMediaDRM.admx
c:\windows\PolicyDefinitions\WindowsMediaPlayer.admx
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))
.
.
2013-05-08 16:45 . 2013-05-08 16:45 -------- d-----w- c:\users\Test\AppData\Local\temp
2013-05-08 16:45 . 2013-05-08 16:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-05-08 16:45 . 2013-05-08 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-08 08:18 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34BF853E-BFA1-4312-B7D7-9DCBD69F2886}\mpengine.dll
2013-05-07 08:20 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-06 18:23 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 19:10 . 2013-04-30 19:10 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-04-24 16:54 . 2013-04-24 16:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-24 16:25 . 2013-05-07 08:00 974 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-24 16:22 . 2013-04-24 16:22 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-24 16:21 . 2013-04-24 16:21 208216 ----a-w- c:\windows\system32\drivers\25703624.sys
2013-04-24 16:11 . 2013-04-24 16:25 -------- d-----w- C:\5a49ad1279e76c41dff3c9
2013-04-24 15:55 . 2013-04-24 16:36 -------- d-----w- c:\users\Robert\Tracing
2013-04-24 15:53 . 2013-04-24 15:53 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-04-24 15:51 . 2013-04-24 15:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-24 15:49 . 2013-04-24 15:49 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2013-04-24 15:48 . 2013-04-24 15:54 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-23 15:53 . 2013-04-23 15:51 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53DFAD24-B175-46AE-8EE2-DDD6AE11BA24}\gapaengine.dll
2013-04-11 10:18 . 2013-04-11 10:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2009-10-19 17:26 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 16:03 . 2012-05-10 02:47 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-24 16:03 . 2011-05-29 20:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-17 02:02 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe
2013-04-04 21:50 . 2012-03-29 00:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 09:42 . 2013-03-30 09:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-03-30 09:42 . 2013-03-30 09:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-30 09:42 . 2013-03-30 09:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2013-03-26 06:43 . 2012-06-20 04:16 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-26 06:43 . 2010-04-17 05:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Aim6"="" [BU]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
"Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-30 620376]
"GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [BU]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [BU]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [BU]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [BU]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [BU]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-10 206120]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-08 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-29 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [2009-03-03 89600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:55 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:03]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 05:50]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 05:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-14 456192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\poq0kyyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - ExtSQL: !HIDDEN! 2009-09-02 19:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Robert\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149016911-2065750268-262534498-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9c,04,90,13,7c,20,10,2e,95,0d,fc,06,6e,a5,d7,51,bf,4c,fd,1f,07,
86,a6,bc,a2,d6,4b,61,b5,ed,35,b0,64,0b,ef,d7,08,b7,aa,67,03,df,22,5d,4f,53,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-05-08 09:50:57
ComboFix-quarantined-files.txt 2013-05-08 16:50
.
Pre-Run: 42,925,068,288 bytes free
Post-Run: 44,812,521,472 bytes free
.
- - End Of File - - 02EEB393AD882DA4F71285ADBE196EA0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Robert on Wed 05/08/2013 at 10:19:00.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Robert\AppData\Roaming\mozilla\firefox\profiles\poq0kyyu.default\extensions\getsavin@jetpack
Successfully deleted the following from C:\Users\Robert\AppData\Roaming\mozilla\firefox\profiles\poq0kyyu.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1366341663809");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1366055143335");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1366244997143");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1366233837338");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1366306158854");
Emptied folder: C:\Users\Robert\AppData\Roaming\mozilla\firefox\profiles\poq0kyyu.default\minidumps [193 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/08/2013 at 10:28:43.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
  
  Firefox::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  DDS::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log if you decide to run this script.
  

*******************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

******************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

Here is the stuff you asked for. The only problem i had was Rooter. Anytime I pressed Scan it would simply crash and close down. I tried several times, same result.


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Admin rights]
Mode : Scan -- Date : 05/08/2013 23:23:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK4058GSX ATA Device +++++
--- User ---
[MBR] 9c0804e116041043a8051380ccba011f
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 368338 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 754358272 | Size: 13214 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05082013_02d2323.txt >>
RKreport[1]_S_05082013_02d2323.txt

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Here it is

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=09e33ea47b1cd1458e34c627f28abbd8
# engine=13795
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 02:53:00
# local_time=2013-05-10 07:53:00 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1035 16777213 100 98 0 56903990 0 0
# compatibility_mode=5892 16776574 100 100 39824137 204796286 0 0
# scanned=290520
# found=3
# cleaned=3
# scan_time=26081
sh=FCDA221CE4BA255E4AD79F17F53FE3CB9D983729 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\da7fa12-519df0be"
sh=06A0FEFD7E5A08CCE5A9AA1A65342B30485630F5 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\33141117-6edeb439"
sh=8406FE891217FCC778ED79B7E6F862D5CB923EC4 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-1bb0f08b"

C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\da7fa12-519df0be multiple threats cleaned by deleting - quarantined
C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\33141117-6edeb439 a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-1bb0f08b a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined

Looks good. How's your computer running now before we cleanup?

It is running much better and i have noticed that the adds are gone and no hypertext yet!

Ok. Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

K great. I did the above, but a new issues have come up. Now i have no sound in my browser, programs like media player, games, winamp, itunes and other programs refuse to open. Additionally, whenever i try to use system restore, it says that an error has occurred and just shuts down. All of this started after I did the combofix /uninstall.
i have attempted to use the system restore feature by restarting my computer and pressing F8. i got the the system restore option and picked both of the only options. But it tells me Corrupt file, cannot restore.

I did as instructed except, when running the tool it gives me an error. Says,"We're sorry, but he program has encountered an error trying to contact the server. Please try again later. Code [80040154]" I know my internet connection is working since i can still browse the web. In addition to this I have also now noticed i am unable to copy and paste anything and nothing has sound. I can hear the startup sounds, the pings for errors and completes, but no program/game has sound. I have opened my sound mixer and checked there but there was nothing wrong with it. i check the bars to see if they light up when something is playing but they do not.

Please check your Device Manager to see if there are any yellow warning icons.
Please run this even if you don't have the OS disk and tell me what happens.

Do you have your OS CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

There are no yellow warning icons when i went to the device manager. After running the command prompt it said, "Verrification 100% complete. Windows Resource Protection found corrupt files but was unable to fix some of them."

First, before we continue I would like to thank you for the continued assistance. Now back to the issue at hand. I have done the repair computer thing and system repair, system recovery. the system repair says everything is fine. the system restore only has 1 date and that was today at around 12pm. so that wont work and the problem persists. I eagerly wait your response. =D

And you still have the problems?

yes. I am unable to open programs like media player, winamp, games, etc... Unable to play music or videos. I am also not getting sound in any of those or my browser, cannot use copy paste on anything, notepad, word etc.... I have tried going to the microsoft website to download media player and my computer will not validate anymore. I believe this all happened when i did the combofix uninstall because right before that, with your help, my computer was running perfectly. Then i removed the combofixed as instructed and everything went wrong.

Then i removed the combofixed as instructed and everything went wrong..

This is the first time I've seen this happen. Please try this:

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator


You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run the following.

i ran rkill and this is what it gave me in the log. i immediately tried to run a music file. it did not work.

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/14/2013 03:36:13 PM in x64 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/14/2013 03:36:23 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

I'm stumped. I'm going to get one of my colleagues to look at this.

K sounds great. i eagerly await your response.

At this point it's looking pretty much like you may have to do a compete Recovery of you system. You should start saving your important data to an external harddrive or DVD's.