Stubborn hidden malware help removing please!

[soapie]

hello Safer Networking Malware Removal Forum

I am here to ask for some help in possibly dissinfecting my system of some stuborn hidden malware

i have ran a bootable scan using kaspersky recue disk and norton bootable recovery disk. these unfortuantely found nothing.

i also ran online scanner using ESET online scanner this found some cookies and a toolbat classed as malware.

I also ran ComboFix after a friend/colleague told me about it.

I am asking for help from professional malware removal team because i am sure i have malware on my PC that hidden and very difficult yo remove!

my system is acting very strangely. it often crashes. the CPU runs very high.
i have made sure i have updated all drivers from my PC manufacturers web site. all drivers seem to be ok.

can someone take a look at my DDS logs and maybe help me to get my system back to a decent safe state. so i once again have confidence.

I have attached my Attach.txt and DDS.txt log files to this post.

Thanks..

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by mark at 10:28:37 on 2012-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3067.1652 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DD864D4C-4ABA-4E43-941C-0362C710E2E6} : DhcpNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\hfl3d2xi.default-1341159644110\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 06132003;06132003;c:\windows\system32\drivers\06132003.sys [2012-6-5 133208]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-6-8 65720]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-1 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-1 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-29 382624]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_34302.sys [2012-6-6 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-6-8 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-6-8 166840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-1 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-7-1 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-7 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2012-3-20 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2012-3-5 94208]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-1 138232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-2 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-2 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-6-29 166528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-6-6 21520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-5-31 137488]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-17 257224]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-8-18 4994560]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-6 275968]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-29 29736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-12 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-6-13 14416]
.
=============== Created Last 30 ================
.
2012-07-02 06:32:31 -------- d-----w- c:\users\mark\appdata\roaming\Acreon
2012-07-02 06:32:28 -------- d-----w- c:\users\mark\appdata\local\._Revolution_
2012-07-02 06:21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-01 16:34:30 -------- d-----w- c:\programdata\IdealSoftware
2012-07-01 16:34:30 -------- d-----w- C:\IDEALDVDCOPY_TEMP
2012-07-01 16:32:32 -------- d-----w- c:\users\mark\appdata\local\IdealSoftware
2012-07-01 16:32:31 -------- d-----w- c:\program files\IdealDVDCopy
2012-07-01 13:12:06 -------- d-----w- c:\program files\ESET
2012-07-01 13:01:30 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-07-01 13:01:29 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-07-01 13:01:27 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
2012-07-01 13:01:27 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2012-07-01 13:01:24 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-07-01 13:01:23 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-07-01 13:01:23 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
2012-07-01 12:59:18 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
2012-07-01 12:33:31 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-01 12:33:30 -------- d-----w- c:\program files\Symantec
2012-07-01 12:33:30 -------- d-----w- c:\program files\common files\Symantec Shared
2012-07-01 12:30:54 -------- d-----w- c:\windows\system32\drivers\NIS
2012-07-01 12:30:52 -------- d-----w- c:\program files\Norton Internet Security
2012-07-01 12:30:34 -------- d-----w- c:\program files\NortonInstaller
2012-06-30 21:17:43 -------- d-----w- C:\kl.files
2012-06-30 18:15:42 -------- d-----w- C:\Mozilla
2012-06-30 17:49:55 -------- d-----w- c:\program files\Oracle
2012-06-29 20:37:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-29 20:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-29 20:36:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-29 20:22:43 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-06-29 19:28:07 -------- d-----w- C:\8711ec7118b8aa676278a6b9b5e2c246
2012-06-29 16:43:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-29 15:59:00 -------- d-----w- c:\programdata\F-Secure uninstallationtool
2012-06-29 15:53:11 302 ----a-w- C:\FixitRegBackup.reg
2012-06-29 08:08:19 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-27 14:51:18 -------- d-----w- c:\users\mark\appdata\local\VirtualStore
2012-06-27 10:25:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-27 10:16:00 -------- d-----w- c:\windows\system32\SPReview
2012-06-27 07:49:13 388096 ----a-r- c:\users\mark\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-27 07:49:13 -------- d-----w- c:\program files\Trend Micro
2012-06-26 09:42:49 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-26 09:35:35 -------- d-----w- C:\inetpub
2012-06-26 01:01:23 -------- d-----r- C:\AHCache
2012-06-25 14:00:30 -------- d-----w- C:\f288c559972fa8b4080a56
2012-06-22 13:10:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:09:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:09:33 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 13:09:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 01:12:08 -------- d-----w- C:\CCE_Quarantine
2012-06-17 03:00:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 03:00:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 00:40:13 -------- d-----w- c:\program files\Sandboxie
2012-06-16 23:06:11 -------- d-----w- c:\program files\Axantum
2012-06-16 23:00:33 -------- d--h--w- c:\programdata\Common Files
2012-06-14 02:25:19 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-14 02:25:19 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-14 00:19:47 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:19:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:19:42 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:19:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:19:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:19:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:19:39 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:19:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:19:26 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:19:26 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:14:11 -------- d-----w- c:\users\mark\appdata\local\Macromedia
2012-06-13 14:13:55 -------- d-----w- c:\program files\ffdshow
2012-06-08 20:42:28 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-07 17:02:10 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-07 16:50:26 -------- d-----w- c:\programdata\IObit
2012-06-07 16:50:06 -------- d-----w- c:\users\mark\appdata\roaming\IObit
2012-06-07 16:49:41 -------- d-----w- c:\program files\IObit
2012-06-05 23:42:59 -------- d-----w- c:\users\mark\appdata\local\Trusteer
2012-06-05 23:42:51 -------- d-----w- c:\program files\Trusteer
2012-06-05 23:41:43 -------- d-----w- c:\programdata\Trusteer
2012-06-05 02:10:52 133208 ----a-w- c:\windows\system32\drivers\06132003.sys
2012-06-04 00:23:05 -------- d-----w- c:\users\mark\appdata\roaming\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\programdata\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\program files\Leawo
2012-06-03 23:53:55 -------- d-----w- c:\program files\common files\Steam
.
==================== Find3M ====================
.
2012-06-27 10:22:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-07 04:17:57 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-07 04:17:57 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-05 21:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 21:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 21:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
.
============= FINISH: 10:30:10.30 ===============

[JonTom]

Hello soapie and

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

I also ran ComboFix after a friend/colleague told me about it.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

That being said, the log produced by ComboFix contains important information for us. Kindly post the contents of the C:\ComboFix.txt for me to review in your next reply.

[JonTom]

Do you still need help?

[JonTom]

Due to lack of response, this topic is now closed. If you need continued support, please begin a new thread.