I can't remove this virus, Please help.

ind3sisziv · Mar 15, 2011

If this needs to be moved in hijackthis analysis please move it im not sure where to put it and its hard to navaigate in safemode with networking

So, I've got probably the worst virus ive ever had... I'm not sure where it came from but I can't get rid of it. I've looked in startup and removed most items, however it persists.
I've seen one of my svchost.exes go up to 100,000+ K of memory, I also noticed it had a couple of outgoing connections from comodo firewall. The fist symptoms I noticed was google chrome was freezing every couple of seconds and internet explorer was set to my default browser and It began freezing. I also thought I noticed my mouse moving but it could have been my other hand interefering with the mouse pad. Anyhow I did a system restore to about 3 days ago and I thought ihad gotten rid of it. I installed avast and comodo internet security (both free versions). Well when running comodo and looking what connections my computer was making, comodo froze and then the virus completly deleted it... My shortcut wouldn't run so I reinstalled it today. Oh and ive run combofix about 10 times now with a full malwarebytes scan. but I'll post my log along with my hijack this.

I'm on an alienware m11x so my computer has a lot of semi-bloat ware like the facial recognition and alienfx that starts with the computer, I would like to keep most of it

Combofix will not run unless it is in safemode and I can't browse the internet in normal mode because whatever browser i use freezes up constantly

combofix

Code:

ComboFix 11-03-14.07 - Pete 03/15/2011  11:16:59.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.3176 [GMT -5:00]
Running from: c:\users\Pete\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-15 to 2011-03-15  )))))))))))))))))))))))))))))))
.
.
2011-03-15 16:24 . 2011-03-15 16:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-15 15:07 . 2011-03-15 15:07	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2011-03-15 15:07 . 2011-03-15 15:07	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2011-03-15 15:06 . 2011-03-15 15:06	--------	d-----w-	c:\programdata\Comodo Downloader
2011-03-15 00:50 . 2011-03-15 00:50	--------	d-----w-	c:\windows\symbols
2011-03-15 00:50 . 2011-03-15 00:50	--------	d-----w-	c:\windows\system32\1033
2011-03-15 00:50 . 2011-03-15 00:50	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2011-03-15 00:06 . 2011-03-15 00:06	--------	d-----w-	C:\VritualRoot
2011-03-15 00:03 . 2011-03-15 15:07	--------	d-----w-	c:\program files\COMODO
2011-03-15 00:03 . 2011-03-15 15:42	--------	d-----w-	c:\programdata\Comodo
2011-03-15 00:00 . 2010-12-20 23:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-15 00:00 . 2010-12-20 23:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-14 23:45 . 2011-02-23 13:57	280408	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-03-14 23:45 . 2011-02-23 13:54	22360	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-14 23:44 . 2011-02-23 13:57	505176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-03-14 23:44 . 2011-02-23 13:55	53592	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-03-14 23:44 . 2011-02-23 13:55	31064	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-03-14 23:44 . 2011-02-23 14:04	238968	----a-w-	c:\windows\system32\aswBoot.exe
2011-03-14 23:44 . 2011-02-23 13:55	64344	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-03-14 23:44 . 2011-02-23 14:04	40648	----a-w-	c:\windows\avastSS.scr
2011-03-14 23:44 . 2011-02-23 14:04	190016	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-03-14 15:24 . 2007-01-10 20:21	14848	----a-w-	c:\windows\system32\Spool\prtprocs\x64\MIMFPR06.DLL
2011-03-14 15:23 . 2011-03-14 15:23	--------	d-----w-	c:\program files\KONICA MINOLTA
2011-03-14 15:23 . 2007-01-10 20:55	168448	----a-w-	c:\windows\system32\MUINST06.EXE
2011-03-14 15:23 . 2007-01-10 20:21	73216	----a-w-	c:\windows\system32\MSPOOL06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	58880	----a-w-	c:\windows\system32\MLMON_06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	298496	----a-w-	c:\windows\system32\MSMCML06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	2560	----a-w-	c:\windows\system32\MSHRES06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	21504	----a-w-	c:\windows\system32\MCMM__06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	13312	----a-w-	c:\windows\system32\MICM__06.DLL
2011-03-14 15:23 . 2006-05-17 19:40	34816	----a-w-	c:\windows\system32\MGDI3206.DLL
2011-03-14 15:23 . 2006-05-17 19:40	17408	----a-w-	c:\windows\system32\MIMF3206.DLL
2011-03-14 15:23 . 2006-05-17 19:40	7168	----a-w-	c:\windows\system32\MTAG3206.DLL
2011-03-14 15:23 . 2005-12-29 19:59	49152	----a-w-	c:\windows\system32\MINFIN06.EXE
2011-03-14 10:06 . 2011-03-14 10:06	--------	d-----w-	c:\programdata\AVAST Software
2011-03-14 10:06 . 2011-03-14 10:06	--------	d-----w-	c:\program files\AVAST Software
2011-03-14 07:02 . 2011-03-14 07:02	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-14 07:02 . 2011-03-15 00:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-14 05:27 . 2011-03-14 09:54	--------	d-----w-	c:\program files (x86)\Xfire
2011-03-14 05:27 . 2011-03-14 09:54	--------	d-----w-	c:\programdata\Xfire
2011-03-14 03:09 . 2011-03-14 09:54	--------	d-----w-	c:\program files (x86)\Project64 1.6
2011-03-14 01:53 . 2011-03-14 01:53	--------	d-----w-	c:\program files (x86)\Ubisoft
2011-03-13 23:59 . 2011-03-13 23:59	--------	d-----w-	C:\DirectX9
2011-03-13 22:56 . 2011-03-14 11:54	--------	d-----w-	c:\program files (x86)\WinHex
2011-03-13 22:11 . 2011-03-13 22:11	--------	d-----w-	c:\program files (x86)\THQ
2011-03-13 22:05 . 2011-03-13 22:05	--------	d-----w-	c:\windows\system32\RsFx
2011-03-13 22:05 . 2011-03-13 22:05	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2011-03-13 21:41 . 2011-03-13 21:41	--------	d-----w-	c:\program files\Microsoft Help Viewer
2011-03-13 21:20 . 2011-03-13 21:20	--------	d-----w-	c:\program files (x86)\CAPCOM
2011-03-11 15:45 . 2011-03-13 06:16	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2011-03-11 15:40 . 2011-02-23 15:34	7947600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB454D0B-F3F8-4763-A0D8-117A8D3DEBAF}\mpengine.dll
2011-03-11 15:38 . 2011-03-11 15:38	--------	d-----w-	c:\programdata\ALM
2011-03-11 15:36 . 2011-03-11 15:36	--------	d-----w-	c:\program files (x86)\TeamViewer
2011-03-11 15:17 . 2011-03-11 15:17	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2011-03-11 15:17 . 2011-03-11 15:17	--------	d-----w-	c:\program files (x86)\My Company Name
2011-03-11 15:17 . 2011-03-11 15:17	--------	d-----w-	c:\program files (x86)\Common Files\Sonic Shared
2011-03-11 15:17 . 2009-07-09 09:00	55280	------w-	c:\windows\system32\drivers\PxHlpa64.sys
2011-03-11 15:17 . 2009-06-23 09:00	10224	------w-	c:\windows\system32\drivers\cdralw2k.sys
2011-03-11 15:17 . 2009-06-23 09:00	10224	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2011-03-11 15:14 . 2011-03-11 15:39	--------	d-----w-	c:\program files\Common Files\Adobe
2011-03-11 15:14 . 2011-03-11 15:14	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2011-03-11 08:03 . 1999-05-07 06:00	140288	----a-w-	c:\windows\SysWow64\Comdlg32.ocx
2011-03-11 08:01 . 1999-05-07 06:00	140288	----a-w-	c:\windows\system32\Comdlg32.ocx
2011-03-11 07:54 . 2011-03-13 06:22	--------	d-----w-	c:\program files\IDoser Pack
2011-03-11 05:40 . 2011-03-11 14:55	--------	d-----w-	c:\windows\SysWow64\NV
2011-03-11 05:38 . 2011-03-15 15:09	--------	d-----w-	c:\users\UpdatusUser
2011-03-11 05:38 . 2011-03-11 05:39	--------	d-----w-	c:\programdata\NVIDIA
2011-03-11 05:16 . 2011-03-11 05:16	--------	d-----w-	C:\dell
2011-03-10 23:21 . 2011-03-10 23:21	--------	d-----w-	c:\program files (x86)\Microsoft XNA
2011-03-10 21:40 . 2011-03-10 21:40	--------	d-----w-	C:\NVIDIA
2011-03-10 20:45 . 2011-03-10 20:45	--------	d-----w-	c:\windows\SysWow64\Wat
2011-03-10 20:45 . 2011-03-10 20:45	--------	d-----w-	c:\windows\system32\Wat
2011-03-10 17:48 . 2011-03-10 22:41	--------	d-----w-	c:\programdata\Creative
2011-03-10 17:41 . 2011-03-10 17:41	--------	d-----w-	c:\program files (x86)\SQUARE ENIX - Eidos Interactive
2011-03-10 05:26 . 2011-03-10 05:26	--------	d-----w-	c:\program files (x86)\IDA
2011-03-10 04:52 . 2008-07-12 14:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2011-03-10 04:52 . 2008-07-12 14:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2011-03-10 04:52 . 2008-07-12 14:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2011-03-10 04:34 . 2011-03-10 04:34	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-03-10 04:34 . 2011-03-14 11:54	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-03-10 04:34 . 2011-03-10 04:34	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-03-10 04:17 . 2011-03-10 04:17	--------	d-----r-	C:\MSOCache
2011-03-10 04:17 . 2011-03-10 04:17	--------	d-----w-	c:\windows\SysWow64\xlive
2011-03-10 04:17 . 2011-03-10 20:45	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-10 03:00 . 2011-03-10 03:02	--------	d-----w-	c:\windows\WindowsMobile
2011-03-10 02:34 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-03-10 02:34 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-03-10 02:32 . 2011-03-10 02:33	--------	d-----w-	C:\Hotspot Shield
2011-03-10 02:32 . 2011-03-10 02:33	--------	d-----w-	c:\program files (x86)\Hotspot Shield
2011-03-10 02:31 . 2009-11-25 18:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-10 02:31 . 2009-11-25 18:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2011-03-10 02:31 . 2009-11-25 18:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2011-03-10 02:31 . 2009-11-25 18:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2011-03-10 02:31 . 2009-11-25 18:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2011-03-10 02:31 . 2009-11-25 18:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2011-03-10 02:31 . 2009-11-25 18:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-03-10 02:31 . 2009-11-25 18:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2011-03-10 02:31 . 2009-11-25 18:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2011-03-10 02:31 . 2009-11-25 18:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-03-10 01:55 . 2011-02-02 23:11	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-03-10 01:42 . 2008-07-12 14:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-03-10 01:42 . 2008-07-12 14:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2011-03-10 01:42 . 2008-07-12 14:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2011-03-10 01:40 . 2011-03-14 11:50	--------	d-----w-	C:\Riot Games
2011-03-10 01:21 . 2011-03-10 01:22	--------	d-----w-	c:\program files (x86)\FrostWire
2011-03-10 01:19 . 2011-03-10 01:20	--------	d-----w-	c:\programdata\PMB Files
2011-03-10 01:18 . 2011-03-10 01:18	--------	d-----w-	c:\program files (x86)\Windows Live
2011-03-10 01:18 . 2011-03-10 01:18	--------	d-----w-	c:\windows\PCHEALTH
2011-03-10 01:17 . 2011-03-11 14:55	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-03-10 01:16 . 2010-05-23 08:35	206848	----a-w-	c:\windows\system32\mfps.dll
2011-03-10 01:16 . 2010-05-23 10:15	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2011-03-10 01:16 . 2010-05-23 10:11	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2011-03-10 01:16 . 2010-05-23 08:37	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2011-03-10 01:16 . 2010-05-23 08:35	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-03-10 01:16 . 2010-05-23 10:11	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2011-03-10 01:16 . 2010-05-23 08:35	4068864	----a-w-	c:\windows\system32\mf.dll
2011-03-10 01:16 . 2011-03-10 01:16	--------	d-----w-	c:\program files (x86)\Cheat Engine 6
2011-03-10 01:14 . 2011-03-10 01:14	--------	d-----w-	c:\program files\CCleaner
2011-03-10 01:07 . 2011-03-10 01:07	--------	d-----w-	c:\program files (x86)\PowerISO
2011-03-10 01:07 . 2010-04-12 08:55	91568	----a-w-	c:\windows\system32\drivers\scdemu.sys
2011-03-10 01:03 . 2011-03-10 01:03	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2011-03-10 01:03 . 2011-03-10 01:03	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-03-10 01:03 . 2011-03-10 01:03	--------	d-----r-	c:\program files (x86)\Skype
2011-03-10 01:03 . 2011-03-10 01:03	--------	d-----w-	c:\programdata\Skype
2011-03-10 00:58 . 2011-03-10 00:58	--------	d-----w-	c:\program files (x86)\Common Files\Java
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 01:18 . 2010-06-24 17:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-05 04:42 . 2011-03-05 04:42	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-03-05 04:41 . 2011-03-05 04:41	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-05 04:41 . 2011-03-05 04:41	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-05 03:23 . 2010-05-21 20:37	200704	----a-w-	c:\windows\system32\CCBiosSupportAPI.dll
2011-01-06 22:37 . 2011-01-06 22:37	89840	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-01-06 22:37 . 2011-01-06 22:37	39888	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 22:36 . 2011-01-06 22:36	250008	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 22:36 . 2011-01-06 22:36	14184	----a-w-	c:\windows\system32\drivers\cmderd.sys
2010-12-29 06:42 . 2010-12-29 06:42	285480	----a-w-	c:\windows\SysWow64\guard32.dll
2010-12-29 06:42 . 2010-12-29 06:42	362784	----a-w-	c:\windows\system32\guard64.dll
2010-12-27 17:55 . 2010-12-27 17:55	6153320	----a-w-	c:\windows\system32\nvcpl.dll
2010-12-27 17:54 . 2010-12-27 17:54	795752	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2010-12-27 17:54 . 2010-12-27 17:54	3177576	----a-w-	c:\windows\system32\nvsvc64.dll
2010-12-27 17:54 . 2010-12-27 17:54	474127	----a-w-	c:\windows\system32\nvcoproc.bin
2010-12-27 17:54 . 2010-12-27 17:54	117864	----a-w-	c:\windows\system32\nvmctray.dll
2010-12-27 17:54 . 2010-12-27 17:54	793704	----a-w-	c:\windows\system32\nv3dappshext.dll
2010-12-27 17:54 . 2010-12-27 17:54	61032	----a-w-	c:\windows\system32\nvshext.dll
2010-12-27 17:54 . 2010-12-27 17:54	53864	----a-w-	c:\windows\system32\nv3dappshextr.dll
2010-12-27 17:54 . 2010-12-27 17:54	314472	----a-w-	c:\windows\system32\nvhotkey.dll
2010-12-27 17:54 . 2010-12-27 17:54	2558568	----a-w-	c:\windows\system32\nvsvcr.dll
2010-12-27 17:54 . 2010-12-27 17:54	1005160	----a-w-	c:\windows\system32\nvvsvc.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-03-15_01.23.21   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-15 01:12	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-15 16:08	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-15 01:12	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-15 16:08	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-15 16:08	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-15 01:12	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-15 14:42 . 2011-03-15 14:42	72080              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:10 . 2011-03-15 15:11	33764              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-03-15 00:04	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-03-15 15:08	86016              c:\windows\system32\DriverStore\infpub.dat
- 2011-03-09 21:03 . 2011-03-15 00:05	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-09 21:03 . 2011-03-15 15:10	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-09 21:03 . 2011-03-15 00:05	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-09 21:03 . 2011-03-15 15:10	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-15 15:10	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-15 15:11 . 2011-03-15 15:11	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2011-03-09 21:07 . 2011-03-15 01:16	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-09 21:07 . 2011-03-15 15:14	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-15 15:46	78720              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-03-09 21:07 . 2011-03-15 01:16	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-09 21:07 . 2011-03-15 15:14	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-09 21:07 . 2011-03-15 01:16	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-09 21:07 . 2011-03-15 15:14	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-09 21:06 . 2011-03-15 01:16	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-09 21:06 . 2011-03-15 15:14	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-09 21:06 . 2011-03-15 15:14	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-09 21:06 . 2011-03-15 01:16	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-15 15:08 . 2011-03-15 15:08	9560              c:\windows\system32\NetworkList\Icons\{38817140-FB1A-4A2A-8F24-FBE0D866D1CD}_48.bin
+ 2011-03-15 15:08 . 2011-03-15 15:08	4280              c:\windows\system32\NetworkList\Icons\{38817140-FB1A-4A2A-8F24-FBE0D866D1CD}_32.bin
+ 2011-03-15 15:08 . 2011-03-15 15:08	2456              c:\windows\system32\NetworkList\Icons\{38817140-FB1A-4A2A-8F24-FBE0D866D1CD}_24.bin
- 2011-03-14 12:56 . 2011-03-15 01:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-15 16:09 . 2011-03-15 16:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-15 16:09 . 2011-03-15 16:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-14 12:56 . 2011-03-15 01:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-05 03:17 . 2011-03-15 16:08	109800              c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2011-03-09 22:23 . 2011-03-15 16:08	297656              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-03-15 16:14	659580              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-15 16:14	120508              c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-03-15 00:04	143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-03-15 15:08	143360              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-03-15 00:04	143360              c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-03-15 15:08	143360              c:\windows\system32\DriverStore\infstor.dat
+ 2011-03-15 15:10 . 2011-03-15 15:10	109800              c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2011-03-15 15:06 . 2011-03-15 15:06	29908992              c:\windows\Installer\2fda42d.msi
+ 2011-03-15 15:06 . 2011-03-15 15:06	29908992              c:\windows\Installer\2fda42a.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FAStartup"="" [BU]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43	144712	----a-w-	c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-18 98208]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-22 1997416]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2010-11-19 158112]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHLPA64
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1567020562-1266985586-4040331478-1002Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 22:52]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1567020562-1266985586-4040331478-1002UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 22:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=10148&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {3F01158C-0654-453A-B97E-408679FE8901} = 10.29.16.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-15  11:26:01
ComboFix-quarantined-files.txt  2011-03-15 16:26
ComboFix2.txt  2011-03-15 16:06
ComboFix3.txt  2011-03-15 01:25
ComboFix4.txt  2011-03-14 08:18
.
Pre-Run: 134,731,382,784 bytes free
Post-Run: 134,384,201,728 bytes free
.
- - End Of File - - 7109F186814375F7974D22008240BD4F

Hijackthis

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:42 PM, on 3/15/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\Toaster.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\32788R22FWJFW\cmd.cfxxe
C:\32788R22FWJFW\NirCmd.cfxxe
C:\Users\Pete\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-21-1567020562-1266985586-4040331478-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1567020562-1266985586-4040331478-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F01158C-0654-453A-B97E-408679FE8901}: NameServer = 10.29.16.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision  - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12917 bytes

KSoD · Mar 15, 2011

C:\32788R22FWJFW\cmd.cfxxe
C:\32788R22FWJFW\NirCmd.cfxxe

These are infections. Microsoft does not use Folder names like that.

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

This is an infection as well.

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
This entry is located in the wrong place. It is supposed to be in the C:\Windows\System32 folder. Did you install this service from Dell yourself? If not then that is an infection as well.

I would get Malwarebytes Antimalware and run that, then run Combofix again. All within Safe Mode without networking. Then boot normally and run HiJack This and post a new log.

ind3sisziv · Mar 15, 2011

I had run a malwarebytes scan before i did the combofix but i did another just now and it came up with a single "false postive" nothing that I think would make a difference in another combofix run. I just remembered that I have a thing called alienrespawn and im going to research it a little bit and most likely just run it back to factory installs.. I would have just reinstalled windows but unfortunately i don't have a cd drive

KSoD · Mar 15, 2011

So you ran MBAM before CF? This helps how? These programs can be tricked. As evident by the fact you are still infected! How do you know it is a false positive? You never state if you did these scans in Safe Mode as suggested. You never state that HiJack This was run before or after CF and MBAM. With not knowing anything there is no way we can assist you. I am trying to help save you from reinstalling. But you clearly dont think that we can help.

I wish you luck. But you dont need a CD Drive to reinstall Windows. It can be done by the Restore Partition and/or USB Thumb Drive. Netbooks have done it since they were invented since they dont have optical drives at all.

I can't remove this virus, Please help.

ind3sisziv

Baseband Member

KSoD

Call me Mak or K, Mod Emeritus

ind3sisziv

Baseband Member

KSoD

Call me Mak or K, Mod Emeritus

Similar threads