Solved Exploit.Drop.GS? Removal help?

[ryhalt]

The other day I got hit with some form of ransomeware and I hit the switch on my power supply before the page could finish loading, lucky for me I'm on dialup!

When I rebooted my computer I got some error about a .dll trying to open when I logged into windows. I wasn't sure what had happened at first so I searched online for abit, then I got offline downloaded avast! anti virus at a friends while I ran Malwarebytes.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Adam :: BALEFIRE [administrator]

9/25/2012 1:32:19 PM
mbam-log-2012-09-25 (13-32-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209247
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Exploit.Drop.GS) -> Data: C:\Users\Adam\AppData\Local\Temp\wpbt0.dll -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Adam\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

I ran GMER (as per instruction thread) and it didn't detect anything.

I ran DDS, here are the logs.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Adam at 9:38:03 on 2012-09-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2528 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [CPU_Control] C:\Program Files (x86)\CPU-Control\CPU_Control.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\hxb1rxwl.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-25 44808]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-21 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 CAXHWCD2;CAXHWCD2;C:\Windows\system32\DRIVERS\CAXHWCD2.sys --> C:\Windows\system32\DRIVERS\CAXHWCD2.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-09-26 10:18:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{016210F0-7E56-4605-8CF4-739FF2317252}\offreg.dll
2012-09-26 01:01:56 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-09-26 01:01:55 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-09-26 01:01:53 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-09-26 01:01:22 41224 ----a-w- C:\Windows\avastSS.scr
2012-09-26 01:01:12 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-26 01:01:12 -------- d-----w- C:\Program Files\AVAST Software
2012-09-25 17:12:50 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-09-25 17:12:50 203264 ----a-w- C:\Windows\System32\unrar.dll
2012-09-25 17:12:49 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
2012-09-21 15:35:11 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-09-21 15:35:11 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-09-21 15:35:11 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-09-21 15:35:11 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-09-21 15:35:11 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-21 15:35:02 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-09-21 15:35:02 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-09-13 19:37:27 -------- d-----w- C:\Users\Adam\AppData\Roaming\NVIDIA
2012-09-12 05:36:17 -------- d-----w- C:\Users\Adam\AppData\Local\Microsoft Games
2012-09-11 18:27:53 35328 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-09-11 18:27:53 303616 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-09-11 18:22:40 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-09-11 18:22:40 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-09-11 18:22:40 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-09-11 18:22:40 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-09-11 18:22:40 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-09-11 18:22:40 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-09-11 18:22:40 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-09-10 13:07:01 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
2012-09-10 05:18:56 -------- d-----w- C:\Users\Adam\AppData\Local\Macromedia
2012-09-10 05:16:52 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 05:16:52 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-09 04:08:08 -------- d-----w- C:\Windows\pss
2012-09-09 03:10:14 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-09-09 03:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-09-07 17:22:35 -------- d-----w- C:\Users\Adam\AppData\Local\Paint.NET
2012-09-07 17:22:35 -------- d-----w- C:\Program Files\Paint.NET
2012-09-07 12:57:48 -------- d-----w- C:\Users\Adam\My Stuff
2012-09-07 05:23:46 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-09-07 05:23:46 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-09-07 05:23:46 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-09-07 05:23:14 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-09-07 05:23:14 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-09-07 05:23:14 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-09-07 05:23:14 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-09-07 05:21:47 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-09-07 05:20:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-09-07 05:20:29 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-09-07 05:20:11 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-09-07 05:20:11 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-09-07 05:20:11 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-09-07 05:20:11 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-09-07 05:20:11 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-09-07 05:19:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-09-07 05:19:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-09-07 05:19:58 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-09-07 05:19:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-09-07 05:18:51 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-09-07 05:18:51 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-09-07 05:18:51 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-09-07 05:17:57 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-09-07 05:17:57 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-09-07 05:17:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-09-07 05:17:46 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-09-07 05:17:40 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-09-07 05:17:35 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-09-07 05:16:03 77312 ----a-w- C:\Windows\System32\packager.dll
2012-09-07 05:16:03 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-09-07 04:59:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-07 04:59:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-07 04:59:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-07 04:59:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-06 19:03:37 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{016210F0-7E56-4605-8CF4-739FF2317252}\mpengine.dll
2012-09-06 19:03:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-09-05 16:47:43 -------- d-----w- C:\Users\Adam\AppData\Local\Freelancer
2012-09-05 13:10:55 69632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-09-05 13:10:55 61440 ----a-w- C:\Windows\SysWow64\ISUSPM.cpl
2012-09-05 13:10:55 446464 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-09-05 13:10:55 385024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-09-05 13:10:55 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-09-05 13:10:55 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-09-05 13:10:55 196608 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-09-05 13:02:40 -------- d-----w- C:\Users\Adam\AppData\Local\Gas Powered Games
2012-09-05 01:45:27 -------- d-----w- C:\temp
2012-09-05 01:16:19 -------- d-----w- C:\Users\Adam\AppData\Roaming\Malwarebytes
2012-09-04 21:03:57 -------- d-----w- C:\Users\Adam\AppData\Local\Mozilla
2012-09-04 20:54:45 -------- d-----w- C:\Users\Adam\AppData\Local\The Witcher 2
2012-09-04 20:49:38 -------- d-----w- C:\Users\Adam\AppData\Roaming\XRay Engine
2012-09-04 20:47:44 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-09-04 20:23:01 -------- d-----w- C:\Windows\Panther
2012-09-04 20:22:48 -------- d-sh--w- C:\Boot
2012-09-04 19:53:59 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2012-09-04 19:45:11 -------- d-----w- C:\Games
2012-09-04 19:39:37 -------- d-----w- C:\Users\Adam\AppData\Roaming\CPUControl
2012-09-04 19:39:35 -------- d-----w- C:\Program Files (x86)\CPU-Control
2012-09-04 19:34:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-04 19:34:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-04 19:34:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-04 19:33:47 -------- d-----w- C:\Program Files\CCleaner
2012-09-04 19:30:09 -------- d-----w- C:\Users\Adam\AppData\Local\Google
2012-09-04 19:25:15 -------- d-----w- C:\Program Files\CONEXANT
2012-09-04 19:25:10 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys
2012-09-04 19:25:10 410624 ----a-w- C:\Windows\System32\drivers\XAudio64.exe
2012-09-04 19:25:10 380928 ----a-w- C:\Windows\System32\drivers\CAXHWCD2.sys
2012-09-04 19:25:10 299520 ----a-w- C:\Windows\System32\UCI64M19.dll
2012-09-04 19:25:10 17024 ----a-w- C:\Windows\System32\drivers\mdmxsdk.sys
2012-09-04 19:25:10 1478656 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys
2012-09-04 19:25:10 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys
2012-09-04 19:14:04 -------- d-----w- C:\Users\Adam\AppData\Local\Apps
2012-09-04 19:05:06 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-09-04 19:03:56 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-09-04 19:03:36 -------- d-----w- C:\NVIDIA
2012-09-04 18:58:03 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-09-04 18:58:03 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-09-04 18:58:03 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-09-04 18:58:00 -------- d-----w- C:\Program Files (x86)\Realtek
2012-09-04 18:17:09 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-09-04 18:17:09 -------- d-----w- C:\Program Files (x86)\AMD
2012-09-04 18:16:40 -------- d-sh--w- C:\Windows\Installer
2012-09-04 18:16:40 -------- d-----w- C:\Program Files\ATI
2012-09-04 18:16:17 -------- d-----w- C:\Program Files\ATI Technologies
2012-09-04 18:15:51 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys
2012-09-04 18:07:02 -------- d-----w- C:\Windows\System32\SPReview
2012-09-04 17:52:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-09-04 17:51:59 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-09-04 17:51:33 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-09-04 17:51:33 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-09-04 17:44:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
2012-09-04 17:43:26 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-30 15:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-09-04 18:03:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-09-04 18:03:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
.
============= FINISH: 9:38:26.06 ===============

and Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2012 12:29:30 PM
System Uptime: 9/26/2012 2:18:18 AM (55 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790X-UD4P
Processor: AMD Phenom(tm) II X3 710 Processor | Socket M2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 118.589 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 233 GiB total, 179.226 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
«Sigerous Mod v2.2»
Adobe Flash Player 11 Plugin
Adobe Reader 9.3
AMD USB Filter Driver
avast! Free Antivirus
CPU-Control
DS2 All*Saves v2
Dungeon Siege 2
Google Talk (remove only)
Gothic III
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XML Parser
Mozilla Firefox 14.0.1 (x86 en-US)
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
Supreme Commander
The Witcher 2 Enhanced Edition version 3.0
Vampire - The Masquerade Bloodlines
Winamp
Winamp Detector Plug-in
.
==== Event Viewer Messages From Past Week ========
.
9/26/2012 3:36:22 AM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
9/26/2012 3:36:22 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
9/25/2012 2:34:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/25/2012 2:34:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/25/2012 2:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/25/2012 2:34:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/25/2012 2:34:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/25/2012 2:34:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/25/2012 2:34:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/25/2012 2:34:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2012 3:02:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/22/2012 3:02:50 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/22/2012 3:02:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/22/2012 3:02:41 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/22/2012 3:02:41 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

My goal is to just make sure it's safe for me to backup my private files so I can reformat, I have no intention of leaving this computer un-formatted even if it is clean and safe to use.

Thanks for any help! Cheers!

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[ryhalt]

Aye aye captain!

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 21:13:01
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Adam - BALEFIRE
# Boot Mode : Normal
# Running from : C:\Users\Adam\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-335754449-4038889276-93798832-1002\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\hxb1rxwl.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [820 octets] - [28/09/2012 21:12:02]
AdwCleaner[S1].txt - [1226 octets] - [28/09/2012 21:13:01]

########## EOF - C:\AdwCleaner[S1].txt - [1286 octets] ##########

 

[Jay Pfoutz]

Scan for malware

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


===================================

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

 

[ryhalt]

TDSSKiller Log is attached (too many characters to copy & paste) as per instructions.

Here is the Malwarebytes Log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Adam :: BALEFIRE [administrator]

9/29/2012 3:15:03 PM
mbam-log-2012-09-29 (15-15-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212582
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Jay Pfoutz]

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[ryhalt]

I'm trying to run the ESET online scanner but the virus database update keeps failing with "Unexpected Error 2002". I have avast! disabled while I'm trying to run it so I'll keep trying until told otherwise.

I haven't really tried using my computer much since I got hit by the malware so I can't really comment on it running slower but I haven't had any of the other things listed, the .dll message I had when I first got it went away after the very first malwarebytes scan I ran (my first post).

I have a quick question though, my USB drive I connected to my computer to transfer the avast! installer onto it (after the first malwarebytes scan), should I worry about it being infected by anything?

 

[ryhalt]

Sorry for double post, can't seem to find an edit button.

Got ESET to update after I disabled Windows Defender (dunno how it got turned on) it's scan came up clean with nothing found.

 

[Jay Pfoutz]

It shouldn't be infected, no.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[ryhalt]

Done and done.

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Firefox update
Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[ryhalt]

I will get those programs updated ASAP.

I wish I had another question to ask, I feel like I should have one but for the life of me I cannot think of one so I suppose I don't. I'm going to backup my personal files and format my hard drives just to give myself a little extra peace of mind.

Thank you very much for your time and help, sorry for not getting back to you faster on a couple of your replies.

 

[Jay Pfoutz]

That's fine. PM me for any more questions, glad to help.

Topic marked solved.