Infected with several rootkits

[oyehia]

Hello,
My system has been acting slow lately, but nothing could detect the cause, so i gave Spybot Search & Destroy 2 Beta a whirl, and chose the Rootkit quick scan and what do you know it found several rootkits in my system, particularly:

C:\Windows\0
C:\Windows\system32\5-18
and C:\windows\<some weird characters here>, i have added the logs requested, please help

Also note that i ran Combofix and it found some other malware but nothing related to what S&D 2.0 found
Regards,

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by R0M at 4:47:49 on 2012-11-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1359 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\NetWorx\networx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Teco Image Systems\iCan-Print_Setup\pjsua_Win.exe
C:\Windows\system32\dns-sd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\getright\xx2gr.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "c:\users\r0m\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files\getright\GetRight.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ican-print server.lnk - c:\windows\installer\{c09424a2-9938-4370-884e-f33b753f511e}\_25EFA6BAAAE534F92BD016.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 24.201.245.77 24.200.241.37 24.200.243.189
TCP: Interfaces\{5AA86C8E-11D9-49BC-B0A3-5A4DAFD1F8E7} : DHCPNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DHCPNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r0m\appdata\roaming\mozilla\firefox\profiles\3ha9f3yu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\r0m\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; ; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-11-11 17904]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-7 49864]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-18 51976]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-11-11 3084176]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-12-22 110408]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-21 47640]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2012-10-29 21208]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2012-10-29 150168]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-6-13 248248]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-27 127496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-11-11 54072]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-8-17 22640]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
.
=============== Created Last 30 ================
.
2012-11-12 03:24:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-12 02:54:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 23:39:39 -------- d-----w- c:\users\r0m\appdata\local\temp
2012-11-11 23:38:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-11-09 17:19:55 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad0b4ccd-724e-4a54-b2b0-b517de94a2ce}\mpengine.dll
2012-10-31 23:58:38 -------- d-----w- c:\program files\Teco Image Systems
2012-10-30 02:56:33 -------- d-----r- C:\RavBin
2012-10-30 02:54:58 21208 ----a-w- c:\windows\system32\drivers\protreg.sys
2012-10-30 02:54:58 -------- d-----w- c:\program files\Rising
2012-10-30 02:54:41 -------- d-----w- c:\programdata\Rising
2012-10-28 20:41:38 -------- d-----w- c:\programdata\GFI Software
2012-10-26 21:41:49 -------- d-----w- c:\program files\common files\Western Digital
2012-10-26 21:41:48 -------- d-----w- c:\program files\Western Digital
2012-10-26 21:40:49 -------- d-----w- c:\users\r0m\appdata\local\Western Digital
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-20 10:29:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-11-12 03:05:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 03:05:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-05 20:32:56 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32:56 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32:55 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 20:32:55 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-05 08:08:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 08:08:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 20:02:43 108048 ----a-w- c:\windows\RegBootClean.exe
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 4:48:11.93 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 04:50:29
-----------------------------
04:50:29.311 OS Version: Windows 6.0.6002 Service Pack 2
04:50:29.311 Number of processors: 4 586 0xF0B
04:50:29.312 ComputerName: ROMSTER2 UserName: R0M
04:50:30.993 Initialize success
04:50:55.166 AVAST engine defs: 12111101
04:51:00.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:51:00.457 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
04:51:00.460 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
04:51:00.462 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
04:51:00.464 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
04:51:00.467 Disk 2 Vendor: Size: 953869MB BusType: 0
04:51:00.469 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007b
04:51:00.472 Disk 3 Vendor: Size: 953869MB BusType: 0
04:51:00.475 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007c
04:51:00.478 Disk 4 Vendor: Size: 953869MB BusType: 0
04:51:00.481 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007d
04:51:00.484 Disk 5 Vendor: Size: 953869MB BusType: 0
04:51:00.488 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
04:51:00.493 Disk 6 Vendor: Size: 953869MB BusType: 0
04:51:00.514 Disk 0 MBR read successfully
04:51:00.518 Disk 0 MBR scan
04:51:00.524 Disk 0 Windows VISTA default MBR code
04:51:00.529 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:51:00.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:51:00.553 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:51:00.571 Disk 0 scanning sectors +976771072
04:51:00.695 Disk 0 scanning C:\Windows\system32\drivers
04:51:11.830 Service scanning
04:51:33.878 Modules scanning
04:51:42.230 Disk 0 trace - called modules:
04:51:42.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
04:51:42.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a54c0]
04:51:42.294 3 CLASSPNP.SYS[8ada48b3] -> nt!IofCallDriver -> [0x8522c538]
04:51:42.299 5 acpi.sys[830956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff0b98]
04:51:43.779 AVAST engine scan C:\Windows
04:51:52.920 AVAST engine scan C:\Windows\system32
04:54:22.138 AVAST engine scan C:\Windows\system32\drivers
04:54:33.384 AVAST engine scan C:\Users\R0M
06:19:08.902 AVAST engine scan C:\ProgramData
06:21:16.968 Scan finished successfully
12:35:53.441 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
12:35:53.508 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"

Facebook.Messenger: [SBI $63375265] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}

Facebook.Messenger: [SBI $9191B288] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}

Facebook.Messenger: [SBI $6D1029B1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser

Facebook.Messenger: [SBI $7F45EA00] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser.1.0

Facebook.Messenger: [SBI $59117437] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Facebook

Facebook.Messenger: [SBI $62F77180] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}

Facebook.Messenger: [SBI $9051916D] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}

Facebook.Messenger: [SBI $573FFD1B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{132885F2-8DE9-40F2-BEAE-1B31FDBAB159}

Facebook.Messenger: [SBI $BAA66334] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3B692A7D-330E-4388-A955-724500AC0BC5}

Facebook.Messenger: [SBI $C061D222] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{649D9E01-9847-4EE9-9145-2CB4BC8298D0}

Facebook.Messenger: [SBI $6B188C64] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{71692661-DCBA-484A-BD41-A39404532B52}

Facebook.Messenger: [SBI $D849531E] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B72C7377-0AA5-4F52-BDA2-85C4D1DB930E}

Facebook.Messenger: [SBI $06D47759] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D0843545-5E7C-4C6D-B4E2-05948F759440}

Uniblue.DriverScanner: [SBI $5530A65D] Program directory (Directory, nothing done)
C:\Users\R0M\AppData\Roaming\Uniblue\

Uniblue.DriverScanner: [SBI $DE69382C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-11-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-10-31 Includes\Adware.sbi (*)
2012-11-07 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-10-16 Includes\Hijackers.sbi (*)
2012-11-07 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-11-07 Includes\MalwareC.sbi (*)
2012-10-24 Includes\PUPS.sbi (*)
2012-10-30 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-10-31 Includes\TrojansC-02.sbi (*)
2012-11-07 Includes\TrojansC-03.sbi (*)
2012-10-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

---------------------------------------------
Edit

Waiting for help in the Malware Forum FOUR days or longer?

[shelf life]

hi oyehia,

Your post is a few days old. If you still need help simply reply back.

[oyehia]

Yes i still need help, been waiting enough

[shelf life]

ok. The version of Spybot you have is a beta version. The stable version was released a few days ago. I would uninstall it via add/remove programs panel, reboot your machine then download and install the current version and run it.

[oyehia]

K i get the following when i run Rootkit Scan

The quickscan found evidence suggesting a possible rootkit infection!
Detected items:

C:\windows\system32\5-18
C:\windows\system32\null
C:\windows\system32\??

Btw the system took a long time to boot after i uninstalled the old version

Regards,

[shelf life]

Thats not a lot to go on. You ran tdsskiller, did it remove anything? You can find its log in your root drive, usually C:

TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (name,version#,date,time)

Please post the log.

Also looking in your root drive you will find a folder called Qoobox, inside this folder theres a text file called Combofix-quarantined-files.txt
Please copy/paste that log in your reply also.