Solved Possible virus/malware

[yinato]

For the past week and a half, I noticed that my browsers have been very slow and the bandwidth usage has been insanely high (in the 8GB range per day, and most of it is from uploads). At first, I thought that someone may've been piggy-backing on my wifi, so I ended up changing and hiding the SSID and password for the wireless connection. However, the bandwidth usage continued to be as high. I had shut off wifi for a day and used a wired connection, but I still ended up using around 6GB or bandwidth within 3 hours of being connected. Also, I'm the only one using the connection. Below are all of the logs. GMER didn't produce any logs.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.10.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-SAT-PC [administrator]
Protection: Enabled
11/11/2012 1:53:02 AM
mbam-log-2012-11-11 (01-53-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201702
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by tony at 2:03:23 on 2012-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7654.5601 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe
C:\Program Files\NetWorx\networx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0FD04827-A482-42FC-B871-0DEFA91E98EE} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0FD04827-A482-42FC-B871-0DEFA91E98EE}\0534E49687E23616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0FD04827-A482-42FC-B871-0DEFA91E98EE}\2454C4C4033353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0FD04827-A482-42FC-B871-0DEFA91E98EE}\2595542535F4E4 : DHCPNameServer = 141.117.199.78 141.117.199.82 141.117.199.74
TCP: Interfaces\{0FD04827-A482-42FC-B871-0DEFA91E98EE}\C4F4E474 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{11122252-4F96-447D-A760-051FAB1F5FD1}\0534E49687E23616 : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-1 31872]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-11-7 27800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-13 235520]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-7 84256]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-7 108320]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-11-7 99248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-7 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-7 676936]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-10-29 103552]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-10-29 220288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-7 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-29 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-29 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-10-29 880272]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-10-29 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\System32\drivers\AGUx64.sys [2012-10-29 1077760]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
.
=============== Created Last 30 ================
.
2012-11-10 05:22:22 -------- d-----w- C:\ProgramData\boost_interprocess
2012-11-09 17:37:14 -------- d-----w- C:\ProgramData\SoftPerfect
2012-11-09 17:37:14 -------- d-----w- C:\Program Files\NetWorx
2012-11-09 17:35:42 -------- d-----w- C:\Program Files (x86)\BandwidthMonitor
2012-11-08 15:42:14 -------- d-----w- C:\Users\tony\.thumbnails
2012-11-08 15:39:46 -------- d-----w- C:\Users\tony\AppData\Local\fontconfig
2012-11-08 15:39:43 -------- d-----w- C:\Users\tony\.gimp-2.8
2012-11-08 15:39:42 -------- d-----w- C:\Users\tony\AppData\Local\gegl-0.2
2012-11-08 13:52:12 -------- d-----w- C:\Program Files\GIMP 2
2012-11-08 13:50:21 -------- d-----w- C:\Users\tony\AppData\Roaming\tigerplayer
2012-11-08 13:50:21 -------- d-----w- C:\Users\tony\AppData\Roaming\CometPlayer
2012-11-08 13:50:21 -------- d-----w- C:\Program Files (x86)\MpcStar
2012-11-08 02:12:28 -------- d-----w- C:\Users\tony\AppData\Roaming\Malwarebytes
2012-11-08 02:12:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-08 02:12:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-08 02:12:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-07 16:05:51 -------- d-----w- C:\Users\tony\AppData\Roaming\Avira
2012-11-07 15:58:40 99248 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-11-07 15:58:40 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-11-07 15:58:38 -------- d-----w- C:\ProgramData\Avira
2012-11-07 15:58:38 -------- d-----w- C:\Program Files (x86)\Avira
2012-11-07 15:44:01 -------- d-----w- C:\Users\tony\AppData\Local\Diagnostics
2012-11-06 19:01:02 -------- d-----w- C:\Users\tony\AppData\Local\LogMeIn Rescue Applet
2012-11-06 18:31:19 -------- d-----w- C:\Users\tony\AppData\Roaming\Bell
2012-11-06 18:31:13 -------- d-----w- C:\ProgramData\Radialpoint
2012-11-06 18:31:10 -------- d-----w- C:\ProgramData\Bell
2012-11-04 05:49:04 -------- d-----w- C:\Users\tony\bluej
2012-11-03 02:25:18 -------- d-----w- C:\Program Files (x86)\BlueJ
2012-11-01 14:11:58 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-01 13:22:37 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-11-01 13:22:36 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-11-01 13:22:36 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-10-31 02:46:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 02:46:02 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-30 22:26:56 -------- d-----w- C:\Program Files (x86)\Kill3rCombo
2012-10-30 22:03:35 -------- d-----w- C:\Users\tony\Tracing
2012-10-30 21:52:37 -------- d-----w- C:\Users\tony\AppData\Local\Windows Live
2012-10-30 21:52:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-10-30 18:18:52 -------- d-----w- C:\ProgramData\NexonUS
2012-10-30 18:18:28 -------- d-----w- C:\Nexon
2012-10-30 17:54:24 -------- d-----w- C:\Users\tony\AppData\Local\Microsoft Games
2012-10-30 17:43:49 -------- d-----w- C:\Users\tony\AppData\Local\Adobe
2012-10-30 16:53:05 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-30 16:53:05 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-30 16:52:57 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-30 16:41:21 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-10-30 16:33:18 -------- d-----w- C:\Users\tony\AppData\Local\Google
2012-10-30 16:32:42 -------- d-----w- C:\Users\tony\AppData\Local\Apps
2012-10-30 16:32:41 -------- d-----w- C:\Users\tony\AppData\Local\Deployment
2012-10-30 16:29:41 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-30 13:17:56 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E431A59-D7C6-4FE3-971B-B33D6001661E}\mpengine.dll
2012-10-30 13:08:51 -------- d-----w- C:\Windows\PCHEALTH
2012-10-30 13:06:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-10-30 13:05:54 -------- d-----w- C:\Users\tony\AppData\Local\Microsoft Help
2012-10-29 23:36:00 -------- d-----w- C:\Windows\Panther
2012-10-29 21:37:39 -------- d-----w- C:\Windows\SysWow64\Wat
2012-10-29 21:37:39 -------- d-----w- C:\Windows\System32\Wat
2012-10-29 20:54:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-10-29 20:54:55 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-10-29 20:54:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-10-29 20:54:54 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-10-29 20:54:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-10-29 20:42:10 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-29 20:40:43 -------- d-----w- C:\Users\tony\AppData\Local\ATI
2012-10-29 20:40:32 220288 ----a-w- C:\Windows\System32\drivers\amdxhc.sys
2012-10-29 20:40:32 103552 ----a-w- C:\Windows\System32\drivers\amdhub30.sys
2012-10-29 20:39:26 -------- d-----w- C:\Windows\kdb
2012-10-29 20:39:24 -------- d-----w- C:\Program Files\AMD
2012-10-29 20:39:24 -------- d-----w- C:\Program Files (x86)\AMD
2012-10-29 20:39:22 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-10-29 20:39:19 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-10-29 20:39:19 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-10-29 20:38:09 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-10-29 20:34:35 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-10-29 20:34:27 -------- d-sh--w- C:\Windows\Installer
2012-10-29 20:34:22 -------- d-----w- C:\Program Files\ATI Technologies
2012-10-29 20:34:20 -------- d-----w- C:\Program Files\ATI
2012-10-29 20:23:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-29 20:22:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-10-29 20:20:41 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-10-29 20:19:56 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-10-29 20:17:28 -------- d-----w- C:\Windows\SysWow64\sda
2012-10-29 20:17:03 9887848 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll
2012-10-29 20:17:03 422504 ----a-w- C:\Windows\System32\RtsUStor.dll
2012-10-29 20:17:03 251496 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2012-10-29 20:14:57 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-10-29 20:13:49 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-10-29 19:59:27 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-29 19:57:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-29 19:57:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-29 19:57:11 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-29 19:53:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-29 19:53:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-29 19:52:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-29 19:52:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-29 19:50:24 1077760 ----a-w- C:\Windows\System32\drivers\AGUx64.sys
2012-10-29 19:47:03 -------- d-----w- C:\Users\tony\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 20:07:44 58368 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 2:04:04.13 ===============

 

[yinato]

And here's the attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2012 3:46:51 PM
System Uptime: 11/9/2012 8:37:17 PM (30 hours ago)
.
Motherboard: AMD | | Pumori
Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | Socket FT1 | 1387/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 645.689 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 10/30/2012 5:56:41 PM - WLSetup
RP16: 11/1/2012 7:22:59 AM - Windows Update
RP18: 11/2/2012 10:26:23 AM - Windows Modules Installer
RP19: 11/2/2012 10:24:48 PM - Installed BlueJ
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Avira Free Antivirus
BlueJ
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Elsword version v2.1024.2.1
GIMP 2.8.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java 7 Update 9 (64-bit)
Java SE Development Kit 7 Update 9 (64-bit)
Mabinogi
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MpcStar 5.4
MSVCRT
MSVCRT110
MSVCRT110_amd64
NetWorx 5.2.5
Nexon Game Manager
Notepad++
Photo Common
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RPS CRT
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype™ 6.0
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 9:17:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
11/9/2012 12:25:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
11/7/2012 6:14:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
11/6/2012 10:43:09 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
11/4/2012 12:30:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
11/4/2012 12:30:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800736d010, 0xfffff880040c5adc, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
11/10/2012 12:17:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[yinato]

Here's the combofix log

ComboFix 12-11-10.01 - tony 11/11/2012 11:05:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7654.5997 [GMT -5:00]
Running from: c:\users\tony\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20121109203717.932796
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 16:13 . 2012-11-11 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-10 05:22 . 2012-11-11 16:10 -------- d-----w- c:\programdata\boost_interprocess
2012-11-09 17:37 . 2012-11-09 17:37 -------- d-----w- c:\program files\NetWorx
2012-11-09 17:37 . 2012-11-09 17:37 -------- d-----w- c:\programdata\SoftPerfect
2012-11-09 17:35 . 2012-11-09 17:37 -------- d-----w- c:\program files (x86)\BandwidthMonitor
2012-11-08 13:52 . 2012-11-08 13:52 -------- d-----w- c:\program files\GIMP 2
2012-11-08 13:50 . 2012-11-08 13:50 -------- d-----w- c:\program files (x86)\MpcStar
2012-11-08 02:12 . 2012-11-08 02:12 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 02:12 . 2012-11-08 02:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 02:12 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-07 15:58 . 2012-10-04 17:07 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-07 15:58 . 2012-09-24 14:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-07 15:58 . 2012-09-13 20:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-07 15:58 . 2012-11-07 15:58 -------- d-----w- c:\programdata\Avira
2012-11-07 15:58 . 2012-11-07 15:58 -------- d-----w- c:\program files (x86)\Avira
2012-11-06 18:31 . 2012-11-06 18:31 -------- d-----w- c:\programdata\Radialpoint
2012-11-06 18:31 . 2012-11-09 14:22 -------- d-----w- c:\programdata\Bell
2012-11-05 22:55 . 2012-11-05 22:55 -------- d-----w- c:\program files\WinRAR
2012-11-03 02:25 . 2012-11-03 02:25 -------- d-----w- c:\program files (x86)\BlueJ
2012-11-03 01:56 . 2012-11-03 01:56 -------- d-----w- c:\program files (x86)\Notepad++
2012-11-01 14:11 . 2012-11-01 14:11 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-01 13:22 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-01 13:22 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-01 13:22 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-01 11:23 . 2012-11-01 11:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-10-31 02:46 . 2012-10-31 02:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 02:46 . 2012-10-31 02:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-31 02:46 . 2012-10-31 02:46 -------- d-----w- c:\windows\system32\Macromed
2012-10-30 22:26 . 2012-10-30 22:26 -------- d-----w- c:\program files (x86)\Kill3rCombo
2012-10-30 21:56 . 2012-10-30 21:58 -------- d-----w- c:\program files (x86)\Windows Live
2012-10-30 21:52 . 2012-10-30 21:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-10-30 18:18 . 2012-10-30 18:29 -------- d-----w- c:\programdata\NexonUS
2012-10-30 18:18 . 2012-10-30 18:18 -------- d-----w- C:\Nexon
2012-10-30 17:54 . 2012-10-30 17:54 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-30 17:40 . 2012-10-30 17:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-30 16:53 . 2012-10-30 16:52 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 16:53 . 2012-10-30 16:52 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-30 16:53 . 2012-10-30 16:52 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-30 16:52 . 2012-10-30 16:52 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-30 16:52 . 2012-10-30 16:52 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-30 16:52 . 2012-10-30 16:52 188904 ----a-w- c:\windows\system32\java.exe
2012-10-30 16:51 . 2012-10-30 16:52 -------- d-----w- c:\program files\Java
2012-10-30 16:41 . 2012-11-09 14:17 -------- d-----w- c:\program files (x86)\Pando Networks
2012-10-30 16:34 . 2012-10-30 16:34 -------- d-----w- c:\program files\Google
2012-10-30 16:33 . 2012-10-31 15:01 -------- d-----w- c:\program files (x86)\Google
2012-10-30 16:29 . 2012-10-30 16:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-30 16:29 . 2012-10-30 16:29 -------- d-----r- c:\program files (x86)\Skype
2012-10-30 16:29 . 2012-10-30 16:29 -------- d-----w- c:\programdata\Skype
2012-10-30 13:17 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E431A59-D7C6-4FE3-971B-B33D6001661E}\mpengine.dll
2012-10-30 13:09 . 2012-11-01 13:22 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-10-30 13:08 . 2012-10-30 13:08 -------- d-----w- c:\windows\PCHEALTH
2012-10-30 13:06 . 2012-10-30 13:06 -------- d-----w- c:\program files\Microsoft Office
2012-10-30 13:06 . 2012-10-30 13:06 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-10-30 13:05 . 2012-11-02 14:28 -------- d-----w- c:\programdata\Microsoft Help
2012-10-30 13:04 . 2012-10-30 13:04 -------- d-----r- C:\MSOCache
2012-10-29 23:36 . 2012-10-29 19:46 -------- d-----w- c:\windows\Panther
2012-10-29 21:47 . 2012-10-30 13:08 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-10-29 21:37 . 2012-10-29 21:37 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-29 21:37 . 2012-10-29 21:37 -------- d-----w- c:\windows\system32\Wat
2012-10-29 21:22 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-29 20:54 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-29 20:54 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-29 20:54 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-29 20:54 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-29 20:54 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-29 20:42 . 2012-10-29 20:42 0 ----a-w- c:\windows\ativpsrm.bin
2012-10-29 20:40 . 2012-10-29 20:40 -------- d-----w- c:\programdata\ATI
2012-10-29 20:40 . 2012-01-04 16:24 220288 ----a-w- c:\windows\system32\drivers\amdxhc.sys
2012-10-29 20:40 . 2012-01-04 16:24 103552 ----a-w- c:\windows\system32\drivers\amdhub30.sys
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\windows\kdb
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\program files\AMD
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\program files (x86)\AMD
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\program files (x86)\AMD APP
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-29 20:39 . 2012-10-29 20:39 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-10-29 20:38 . 2012-10-29 20:38 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-10-29 20:34 . 2012-10-29 20:34 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-29 20:34 . 2012-01-14 08:05 56448 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2012-10-29 20:34 . 2012-11-09 14:22 -------- d-sh--w- c:\windows\Installer
2012-10-29 20:34 . 2012-10-29 20:39 -------- d-----w- c:\program files\ATI Technologies
2012-10-29 20:34 . 2012-10-29 20:34 -------- d-----w- c:\program files\ATI
2012-10-29 20:23 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-29 20:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-10-29 20:20 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-29 20:19 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-10-29 20:17 . 2012-10-29 20:17 -------- d-----w- c:\windows\SysWow64\sda
2012-10-29 20:17 . 2011-08-17 18:27 9887848 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-10-29 20:17 . 2011-08-17 18:27 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-10-29 20:17 . 2011-08-17 18:27 251496 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-10-29 20:14 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-10-29 20:13 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-29 19:57 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-29 19:57 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-29 19:57 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-29 19:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-29 19:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-29 19:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-29 19:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-29 19:53 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-29 19:53 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-29 19:53 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-29 19:52 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-29 19:52 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-29 19:50 . 2012-04-13 18:34 1077760 ----a-w- c:\windows\system32\drivers\AGUx64.sys
2012-10-29 19:46 . 2012-11-08 15:42 -------- d-----w- c:\users\tony
2012-10-29 19:46 . 2012-10-29 19:46 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 20:07 . 2012-09-12 20:07 58368 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-08-20 17:38 . 2012-10-29 20:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-13 630912]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-16 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2012-04-13 1077760]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-13 235520]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 84256]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-01-04 103552]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-01-04 220288]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-06-19 880272]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
S3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - QWAVEDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 02:46]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 16:33]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 16:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-10-11 4757904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 11:25:01
ComboFix-quarantined-files.txt 2012-11-11 16:24
.
Pre-Run: 694,052,229,120 bytes free
Post-Run: 694,946,426,880 bytes free
.
- - End Of File - - 54C245AE459CB1138A356844386BDAB1

 

[Jay Pfoutz]

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 

[yinato]

I can't seem to run it. I'm not getting an option to run it as an admin when I right click it.

 

[Jay Pfoutz]

Hm...let's do the following instead (keep TDSSKiller for now):

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[yinato]

Okay, here are the logs:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tony [Admin rights]
Mode : Scan -- Date : 11/12/2012 08:22:57
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-80HXZT3 ATA Device +++++
--- User ---
[MBR] 987bed29dadb4197d79acb688c97a8d5
[BSP] d6720c4ffd816d05b67069ae612e4629 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11122012_02d0822.txt >>
RKreport[1]_S_11122012_02d0822.txt


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tony [Admin rights]
Mode : Remove -- Date : 11/12/2012 08:23:37
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-80HXZT3 ATA Device +++++
--- User ---
[MBR] 987bed29dadb4197d79acb688c97a8d5
[BSP] d6720c4ffd816d05b67069ae612e4629 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11122012_02d0823.txt >>
RKreport[1]_S_11122012_02d0822.txt ; RKreport[2]_D_11122012_02d0823.txt


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tony [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/12/2012 08:24:14
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 71 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 8 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 55 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_11122012_02d0824.txt >>
RKreport[1]_S_11122012_02d0822.txt ; RKreport[2]_D_11122012_02d0823.txt ; RKreport[3]_SC_11122012_02d0824.txt

 

[Jay Pfoutz]

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

 

[yinato]

No files were detected with either scans. Also, it seems that my laptop is responding even slower after running that online scan.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-SAT-PC [administrator]
Protection: Enabled
11/12/2012 2:39:37 PM
mbam-log-2012-11-12 (14-39-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203513
Time elapsed: 2 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Jay Pfoutz]

Try to run TDSSKiller once more, please.. and the following:

• Please download SanityCheck to your Desktop from here
  
  .
  
• Please close all open windows, double-click "SanitySetup.exe" and follow the prompts to install the tool.
  Please choose "I accept the agreement" and make sure to place a checkmark next to "Create a Desktop icon"
  
• At the end, please click the "Finish" button. Click "Yes" and "OK" to close the next messages.
  Please close the program and restart your computer.
  
• Now, please re-run the program by clicking its icon or from "Start" => "All the programs" => "SanityCheck" and click the "Analyze.." button.
  
• Finally, please click "OK" and scroll down the window to copy and paste the results in your next reply.

 

[yinato]

Turns out I had to manually add the .exe extension to get TDSSKiller working...anyway, below are the logs. The TDSS log was too large, so I'm attaching it.

[FONT=Segoe UI]No irregularities have been detected. Note that although this software does a thorough check on a number of techniques, it cannot be regarded as a guarantee that your system is not compromised.

As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments. [/FONT]

[FONT=Segoe UI]Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons". [/FONT]

[FONT=Segoe UI]
About your system:

Windows version: Windows 7 Service Pack 1, 6.1, build: 7601
Windows dir: C:\Windows
CPU: AuthenticAMD AMD A8-4500M APU with Radeon(tm) HD Graphics AMD586, level: 21
4 logical processors, active mask: 15
RAM: 8026185728 total

Report generated on 11/13/2012 3:46:46 PM[/FONT]

 

[Jay Pfoutz]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[yinato]

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Google Chrome 22.0.1229.96
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?

 

[yinato]

Nope, thanks for all the help!

 

[Jay Pfoutz]

Great. Topic marked.