Inactive Need help removing (rootkit?) infection. Logs posted

[Cactuar]

My work computer has gotten infected, and I'm largely unable to use it for anything. The problems started abruptly about three days ago, though I'm not sure where I got the infection.

It will sometimes take to freezing near constantly, with only about a second of being able to use the mouse before it re-freezes. Behavior like that often culminates in a BSOD. Even if it isn't doing either of those things, I'm having difficulty using the internet, and all search engines I've tried will not load any results but stop loading with a blank page displayed. I am unable to print anything in the office from this computer, since the problems started. I've since unplugged it from the office network, perhaps later than I ought to have, since I'm not sure whether problems like this could spread, and I suspect I'm in enough trouble as it is.

There may be other indications that I've not found yet because I haven't been using it much at all since then. (I'm posting this from my personal laptop, which I've been taking to work since the issues started). The work computer didn't have anything but what came standard on it at first.

Before I found this forum, as I was trying to solve the problem myself, I added AVG, MalwareBytes, and Webroot Secure(all transferred by flash, as downloading them with the infected computer isn't working out), and Webroot has detected/ostensibly removed what it informs me is a rootkit infection in a file called Wdf01000.sys many times, with no lasting effects. I also made a stab at doing it manually with no success.

Logs follow.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7969

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

2011/10/18 11:58:15 ??
mbam-log-2011-10-18 (11-57-50).txt

Scan type: Quick scan
Objects scanned: 226382
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\teuser12\AppData\Local\Temp\jar_cache7615848301089221467.tmp (Trojan.Agent) -> No action taken.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-18 12:19:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2160BJ_G2 rev.0046001E
Running: ky8tps99.exe; Driver: C:\Users\teuser12\AppData\Local\Temp\kfddqpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)

---- Threads - GMER 1.0.15 ----

Thread System [4:548] 8633816D
Thread System [4:1216] 869F1B90

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20
Run by teuser12 at 12:20:59 on 2011-10-18
Microsoftｮ Windows Vista・Business 6.0.6002.2.1252.1.1033.18.2008.779 [GMT 9:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\netsw\netservc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\DispSw\DispSw.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vill.tomari.hokkaido.jp/main.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DispSw] c:\program files\dispsw\DispSw.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{EB44EA71-9E9C-4C93-8352-D761F5F53BCE} : NameServer = 192.168.1.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\teuser12\appdata\roaming\mozilla\firefox\profiles\tr2co5s5.default\
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-10-17 106312]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-17 366152]
R2 MobileOptimizer;MobileOptimizer;c:\program files\netsw\NETSERVC.EXE [2009-11-30 61440]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-9-29 4869488]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-2-25 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-2-25 36432]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-9-29 416112]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-10-17 599616]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-3 223232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-17 22216]
R3 necbatt;Battery Filter Driver;c:\windows\system32\drivers\necbatt.sys [2008-10-27 9216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-7 135664]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-25 652552]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-9-29 16240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2011-10-18 02:43:24 503864 ----a-w- c:\windows\system32\drivers\IblGBIPG.sys
2011-10-18 02:04:40 503864 ----a-w- c:\windows\system32\drivers\BnLeaunI.sys
2011-10-17 23:24:52 503864 ----a-w- c:\windows\system32\drivers\aCiZaTdV.sys
2011-10-17 07:31:51 503864 ----a-w- c:\windows\system32\drivers\BLSQuUeH.sys
2011-10-17 06:51:06 503864 ----a-w- c:\windows\system32\drivers\ZFqROvIw.sys
2011-10-17 02:41:08 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-17 00:44:09 503864 ----a-w- c:\windows\system32\drivers\euSFqUEp.sys
2011-10-17 00:11:48 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-10-17 00:11:47 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-10-17 00:11:46 -------- d-----w- c:\program files\Webroot
2011-10-17 00:11:45 -------- d-----w- c:\programdata\WRData
2011-10-16 23:44:06 -------- d-----w- c:\users\teuser12\appdata\roaming\Malwarebytes
2011-10-16 23:43:59 -------- d-----w- c:\programdata\Malwarebytes
2011-10-16 23:43:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-16 23:43:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 06:09:03 -------- d-----w- c:\users\teuser12\appdata\local\Mozilla
2011-10-14 04:59:55 -------- d--h--w- C:\$AVG
2011-10-14 04:24:44 -------- d-----w- c:\users\teuser12\appdata\roaming\AVG2012
2011-10-14 04:24:08 -------- d--h--w- c:\programdata\Common Files
2011-10-14 04:22:56 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-14 04:22:56 -------- d-----w- c:\programdata\AVG2012
2011-10-14 04:22:07 -------- d-----w- c:\program files\AVG
2011-10-14 04:16:20 -------- d-----w- c:\programdata\MFAData
2011-10-14 00:24:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 23:37:19 -------- d-----w- c:\programdata\AppData
2011-09-28 23:36:02 -------- d-----w- c:\users\teuser12\appdata\roaming\WTablet
2011-09-28 23:36:01 642928 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-09-28 23:35:55 -------- d-----w- c:\program files\TabletPlugins
2011-09-28 23:35:30 16240 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-09-28 23:34:55 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-09-28 23:33:26 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-09-28 23:33:24 650096 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-09-28 23:33:24 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-09-28 23:33:20 -------- d-----w- c:\program files\Tablet
2011-09-28 23:30:42 -------- d-----w- c:\programdata\Bamboo
.
==================== Find3M ====================
.
2011-10-03 23:21:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-12 21:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 12:25:23.64 ===============

 

[Bobbye]

Welcome to TechSpot! I'll start you off, but depending on what I see in the logs, I may refer you to the IT for the Office Network.
------------------------------------------------
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
1. Wdf01000.sys is for the WDF Dynamic driver from Microsoft. It is a legitimate file. The Webroot describes this as a "suspecious file" and goes on to add: It is possible that your PC could be infected. The file name WDF01000.SYS is used by both safe and unsafe programs.
====================================
2. You are running 2 antivirus programs:
AV: Webroot SecureAnywhere *
AV: AVG Anti-Virus Free Edition 2012
Note: I'm going to have you run Combofox. It will not run with AVG on the system, so AVG will have to be removed temporarily. Directions are further down.
======================================
3. You do not have to run Malwarebytes again because there is only 1 entry and it's in the Java cache. But if you run it again sometime, be sure to check the line to remove the entries it finds. You will clean the cache. This usually happens if there is outdated Java on the system: (JavaVersion: 1.6.0_20)
------------------------------------------
4. Please update Java to v6u27: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
-------------------------------------------
5. To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
==========================================
7. Since this is a global board and most members don't add anything to their profile, this is set as your Start page:
uStart Page = hxxp://www.vill.tomari.hokkaido.jp/main.html
Did you set it? Do you know if it's a safe site. There is no English site for me to check. I do see signs of another language being on the system.
==================================
8. There is another log from DDS. It's named Attach.txt. That is the name, not a direction so please paste it into your next reply.
==================================
9.Please review these Policy Settings. Did you set them up?

uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)

========================================
10.Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

=============================
11.Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
12.Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==================================
Please give me answers and logs in next reply. So far I'm not seeing a rootkit.

 

[Cactuar]

Changes in the system: Failed to start up all the way the first time I turned it on this morning. Regretfully I didn't write down the name of whatever file it said was corrupted. Chose to revert to "last settings that worked."

1. Thanks, I'm not very well versed at all.

4-5. Done.

7. Yes, that's a safe page.

8. I'll paste it in at the end of my reply.

9. I don't believe I, personally, did... This computer was inherited as-is from my predecessor in this job, and even most of the stuff that I'm pretty sure didn't come with the computer, like Skype and VLC, were here already when I got it. I've not had it that long, and haven't made many changes/added many things, myself. It's worked like a dream before now, though.

10-12. Done. Logs will follow. When I started it, I had already closed Webroot, but it still generated an error stating that it was active. I didn't know what else to do, since I'd exited the program, so I uninstalled it before I clicked 'OK' and let CF get started.

So far I'm not seeing a rootkit.

Thank you again, I'm glad to hear that. As I said I'm not very knowledgeable about these things, so it's quite possible I've completely mis-evaluated the situation. :/ Perhaps it isn't any kind of infection at all. (Especially since it seems, to my in-expert eye that ComboFix has not found anything of note)

I'd only thought it may have been because of the sudden onset of the problems and the fact that they coincided with AV getting alerted to something, but if it isn't, at least I'll be able to confirm that and move on to finding the right way to fix whatever the actual issue is.

Logs...

.
DDS (Ver_2011-08-26.01)
.
.
Motherboard: NEC | | KML90
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Socket P uFCPGA | 2194/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 12.228 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 98.944 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????????
???????????????(2.15.0841)
ｵTorrent
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Audacity 1.3.11 (Unicode)
AVG 2012
Bamboo
CutePDF Writer 2.8
ECO????????
EPSON LP-S9000 プリンタドライバ
EPSON Printer Software
Freeware PDF Unlocker
GIMP 2.6.8
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 20
KONICA MINOLTA bizhub 501/421/361
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileOptimizer
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NX PAD Driver
One-Touch Start Button Settings(2.15.0921)
One-Touch Start Button Settings(2.15.0922)
OpenOffice.org 3.2
QuickTime
Realtek High Definition Audio Driver
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJB
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype・5.5
SmartSound Quicktracks for Premiere Elements 8.0
Trend Micro OfficeScan Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VLC media player 1.1.5
Webroot SecureAnywhere
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - NEC (necbatt) Battery (10/27/2008 1.0.0.3)
Windows Media Player Firefox Plugin
WinDVD for NEC
.
==== End Of File ===========================

ComboFix 11-10-20.07 - teuser12 2011/10/21 9:11.1.1 - x86
Microsoftｮ Windows Vista・Business 6.0.6002.2.1252.1.1033.18.2008.991 [GMT 9:00]
Running from: c:\users\teuser12\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-20 00:41 . 2011-10-20 00:41 106312 ----a-w- c:\windows\system32\drivers\XpRGfeoJ.sys
2011-10-20 00:40 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\WmXoWyxM.sys
2011-10-19 05:40 . 2011-10-19 05:40 -------- d-----w- c:\program files\Common Files\Java
2011-10-18 23:29 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\oCUFOSvY.sys
2011-10-18 07:12 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\qjtVOywI.sys
2011-10-18 03:30 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\oNENcjxF.sys
2011-10-18 02:43 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\IblGBIPG.sys
2011-10-18 02:04 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\BnLeaunI.sys
2011-10-17 23:24 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\aCiZaTdV.sys
2011-10-17 07:31 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\BLSQuUeH.sys
2011-10-17 06:58 . 2011-10-17 06:58 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-10-17 06:52 . 2011-10-17 06:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\WTablet
2011-10-17 06:51 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\ZFqROvIw.sys
2011-10-17 02:41 . 2011-10-18 03:33 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-17 00:44 . 2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\euSFqUEp.sys
2011-10-16 23:44 . 2011-10-16 23:44 -------- d-----w- c:\users\teuser12\AppData\Roaming\Malwarebytes
2011-10-16 23:43 . 2011-10-16 23:43 -------- d-----w- c:\programdata\Malwarebytes
2011-10-16 23:43 . 2011-10-16 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-16 23:43 . 2011-08-31 08:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-14 06:09 . 2011-10-14 06:09 -------- d-----w- c:\users\teuser12\AppData\Local\Mozilla
2011-10-14 04:59 . 2011-10-14 04:59 -------- d-----w- C:\$AVG
2011-10-14 04:24 . 2011-10-14 04:24 -------- d--h--w- c:\programdata\Common Files
2011-10-14 04:16 . 2011-10-19 05:53 -------- d-----w- c:\programdata\MFAData
2011-10-14 00:24 . 2011-10-14 00:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-14 00:17 . 2011-10-14 04:13 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-14 00:17 . 2011-10-14 04:13 -------- d-----w- c:\programdata\Lavasoft
2011-09-28 23:36 . 2011-09-28 23:36 -------- d-----w- c:\users\teuser12\AppData\Roaming\WTablet
2011-09-28 23:36 . 2010-10-21 00:38 642928 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-09-28 23:35 . 2010-10-05 04:26 16240 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-09-28 23:34 . 2010-10-05 04:26 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-09-28 23:33 . 2010-10-05 04:26 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-09-28 23:33 . 2010-10-21 00:38 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-09-28 23:33 . 2010-10-21 00:38 650096 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-09-28 23:33 . 2011-09-28 23:36 -------- d-----w- c:\program files\Tablet
2011-09-28 23:30 . 2011-09-28 23:30 -------- d-----w- c:\programdata\Bamboo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 05:39 . 2010-05-10 23:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 23:21 . 2011-09-04 23:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 06:53 . 2011-10-14 06:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"CAHeadless"="c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-05 615808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DispSw"="c:\program files\DispSw\DispSw.exe" [2009-02-27 54592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-30 6793760]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-11-30 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-02-25 718120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzc3MDM1MDcyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=881d02e6282747d18ef8d144186399ab-c287950f409fe3c8c04ffcb26755c011da0a65ed" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3129147724-2985013543-2573953104-1253\Scripts\Logon\0\0]
"Script"=koumu.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3129147724-2985013543-2573953104-1254\Scripts\Logon\0\0]
"Script"=koumu.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3129147724-2985013543-2573953104-1261\Scripts\Logon\0\0]
"Script"=koumu.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-11-30 08:00 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-11-30 08:00 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 08:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-02-25 05:25 718120 ----a-w- c:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-11-30 08:00 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CAHeadless"=c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NPSpeed"=c:\program files\NPSpeed\NPSpeed.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2169251323-3254271878-3760846248-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2169251323-3254271878-3760846248-500]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google ?????? ???? (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-20 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2010-10-20 36432]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-25 652552]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MobileOptimizer;MobileOptimizer;c:\program files\netsw\netservc.exe [2009-02-02 61440]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-11-30 223232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 necbatt;Battery Filter Driver;c:\windows\system32\DRIVERS\necbatt.sys [2009-11-30 9216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 06:56]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 06:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.vill.tomari.hokkaido.jp/main.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EB44EA71-9E9C-4C93-8352-D761F5F53BCE}: NameServer = 192.168.1.10
FF - ProfilePath -
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-WRSVC - c:\program files\Webroot\WRSA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 09:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-21 09:23:29
ComboFix-quarantined-files.txt 2011-10-21 00:23
.
Pre-Run: 12,796,665,856 bytes free
Post-Run: 13,552,635,904 bytes free
.
- - End Of File - - 78BF4F68312A1904C1DD0BD5735E2952

 

[Bobbye]

We're going to have some problem because there is another language on the system and the scans can't read those entries. For instance:
??????????
???????????????(2.15.0841)
ｵTorrent
R2 gupdate;Google ?????? ???? (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
ECO????????
EPSON LP-S9000 プリンタドライバ
=========================================
There is also a group of files from 2008, none of which I can identify:

2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\WmXoWyxM.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\oCUFOSvY.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\qjtVOywI.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\oNENcjxF.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\IblGBIPG.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\BnLeaunI.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\aCiZaTdV.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\BLSQuUeH.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\ZFqROvIw.sys
2008-01-21 02:24 503864 ----a-w- c:\windows\system32\drivers\euSFqUEp.sys

And another group on 10/17-10/18/2011

2011-10-18 02:43:24 503864 ----a-w- c:\windows\system32\drivers\IblGBIPG.sys
2011-10-18 02:04:40 503864 ----a-w- c:\windows\system32\drivers\BnLeaunI.sys
2011-10-17 23:24:52 503864 ----a-w- c:\windows\system32\drivers\aCiZaTdV.sys
2011-10-17 07:31:51 503864 ----a-w- c:\windows\system32\drivers\BLSQuUeH.sys
2011-10-17 06:51:06 503864 ----a-w- c:\windows\system32\drivers\ZFqROvIw.sys
2011-10-17 00:44:09 503864 ----a-w- c:\windows\system32\drivers\euSFqUEp.sys

=================================

This computer was inherited as-is from my predecessor in this job, and even most of the stuff that I'm pretty sure didn't come with the computer,

There is also the matter of the large number of policy settings that you didn't set.
==========================================
Since this is your work system, I'm going to point you to your choices:
1. Let the IT at work go over the system.
or
2. Do a reformat/reinstall.
Then only put the programs and settings needed, ones that you know what they do.

Technically, it's possible I could remove these entries. But since I can't identify them and there are so many, I don't consider this to be acceptable.