Nasty, nasty virus deleted my restore points

[loopdiloop]

I noticed today that Kaspersky blocked a link but I may have inadvertently clicked through to the site. In any case, I started to notice a suspicious slowing in operation and when I tried to reboot, it took 10 mins + to restart. Web navigation was not working, if I clicked on any computer icon it either didn't respond or took many minutes to open. I received warnings that Kaspersky had been disabled but I couldn't re-enable it. I went to system restore to see if I could restore to a prior point but to my surprise it said I had no known restore points saved! Frankly I am a little disappointed that Kaspersky let me down and this thing got through...tsk tsk.

I had to download the dds and aswmbr log from another computer and copy to infected computer but infected computer was acting so slow I couldn't even run the programs. So then i rebooted infected computer in safe mode w/networking (which is how i am typing this now) and was able to run the programs. My system is windows 7. I have never had such a debilitating virus to my system as this one. Please help!

Attached and following are the logs:

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by chris at 21:35:00 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.2216 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe -k secsvcs
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.searchya.com/?f=1&a=orgnl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzztAyEtBtDyE0EtCyE0CtN0D0Tzu0StAyDzztN1L2XzutBtFtBtFtCtFyEtBtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0S1J2U1E1P&cr=921141239&ir=
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uProxyOverride = 127.0.0.1;<local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ironsource LTD Helper Object: {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.5.25.0\bh\searchya.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SearchYa Toolbar: {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.5.25.0\searchyaTlbr.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIKONM~1.LNK - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{82A53D75-850F-4AC8-B152-8C8EF18FABAB} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541}\340543F575946494 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541}\5343850583 : DHCPNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541}\74275656E686F6573756 : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541}\76275656E686F6573756 : DHCPNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{BE6F6748-73DC-47A5-AAE2-1EE7F0650541}\C414353402642756560275966696 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.searchya.com/?f=1&a=orgnl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzztAyEtBtDyE0EtCyE0CtN0D0Tzu0StAyDzztN1L2XzutBtFtBtFtCtFyEtBtCtN1L1Czu0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C1V0S1J2U1E1P&cr=921141239&ir=
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2010-4-22 28504]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-5-19 946688]
S1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178008]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-5-19 202752]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;"C:\Program Files\TOSHIBA\TECO\TecoService.exe" --> C:\Program Files\TOSHIBA\TECO\TecoService.exe [?]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-19 35008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-5-19 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-19 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-9-28 1255736]
.
=============== Created Last 30 ================
.
2013-01-03 04:36:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDABE6C4-A47A-4FCB-AB0D-907F34D1F51C}\mpengine.dll
2012-12-24 23:29:24 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-24 23:24:36 -------- d-----w- C:\Users\chris\AppData\Roaming\Searchya
2012-12-24 23:24:28 -------- d-----w- C:\Program Files (x86)\SearchYa!
2012-12-21 07:55:57 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-21 07:55:57 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-21 07:55:56 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-21 07:55:56 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-12 14:03:23 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-12-12 14:03:23 2048 ----a-w- C:\windows\System32\tzres.dll
2012-12-12 14:03:05 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-12-12 14:01:32 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-12-12 14:01:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-12-04 07:28:28 64856 ----a-w- C:\windows\System32\klfphc.dll
2012-12-04 07:27:49 -------- d-----w- C:\windows\ELAMBKUP
.
==================== Find3M ====================
.
2012-12-04 08:08:01 54104 ----a-w- C:\windows\System32\drivers\kltdi.sys
2012-12-04 08:08:00 29528 ----a-w- C:\windows\System32\drivers\klmouflt.sys
2012-12-04 08:08:00 29016 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
2012-11-27 05:08:43 102248 ----a-w- C:\Users\chris\GoToAssistDownloadHelper.exe
2012-11-12 12:28:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-27 06:26:55 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-27 05:51:21 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 21:36:39.43 ===============

aswMBR LOG:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-02 21:41:05
-----------------------------
21:41:05.644 OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:05.644 Number of processors: 2 586 0x603
21:41:05.644 ComputerName: CHRIS-PC UserName: chris
21:41:06.409 Initialize success
21:41:36.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:41:36.798 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ003M Size: 305245MB BusType: 11
21:41:36.798 Disk 0 MBR read successfully
21:41:36.829 Disk 0 MBR scan
21:41:36.829 Disk 0 Windows VISTA default MBR code
21:41:36.829 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:41:36.845 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293431 MB offset 3074048
21:41:36.876 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10313 MB offset 604020736
21:41:36.923 Disk 0 scanning C:\windows\system32\drivers
21:41:44.192 Service scanning
21:42:17.202 Modules scanning
21:42:17.202 Disk 0 trace - called modules:
21:42:17.264 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:42:17.280 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800314d060]
21:42:17.280 3 CLASSPNP.SYS[fffff8800219c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030dd680]
21:42:17.295 Scan finished successfully
21:42:35.735 Disk 0 MBR has been saved successfully to "C:\Users\chris\Desktop\MBR.dat"
21:42:35.735 The log file has been saved successfully to "C:\Users\chris\Desktop\aswMBR.txt"


Thanking you in advance for your help.

NOTE: I did not run ERUNT as I have windows 7 and was not comfortable with the instructions for that program concerning windows 7.

loopy

[ken545]

So sorry for the late reply , a lot of people away during the holidays and things got a bit backed up.


You can do this in Safemode with Networking

Please download Malwarebytes Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan as shown below.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs







Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[loopdiloop]

hi ken

thanks so much for helping me out. unfortunately i seem to be having some serious problems. i hadn't restarted my computer since i posted my logs and when i did and hit F2 on startup, i kept getting a system utility screen rather than the one asking if i wanted to boot up in safe mode. i shut it down and tried again and finally got it in safe mode, but during the bootup while it was loading windows drivers it just stalled for over an hour. so i hard shut it down and rebooted again. this time it said i need to do a windows startup repair, or start normally. i tried normal start and while it brought up my normal screen (after about 30 mins), as usual, it didn't work. so i booted up again and accepted request to have it repair the restart menu, after about an hour it said that it could not repair the restart menu.

not sure what to do at this point. i can open the windows utility but it is scary looking. and i was also asked after the windows repair didn't work if i wanted to try and go into advanced repair but obviously eschewed that option. now when i boot up, it asks me what operating system i am using....SCARY.

Any thoughts?

[ken545]

Good Morning,

So at this point your saying you cant boot up your system ? The key for safemode is F8

Try this

• Go to Start> Shut off your Computer> Restart
• Or if the computer is off press the power button
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Last Known Good Configuration
• Then press the Enter Key on your Keyboard

Let me know if it worked

[loopdiloop]

Hi Ken

Ok, thanks for the F8 tip. So I did what you asked this morning and it did bring up the screen for "last know good configuration". I selected that option and hit enter and ultimately it did nothing...I just had a black screen with a mouse pointer.

Incidentally, last night when I booted up it had asked what operating system and i selected windows 7, it then said press F8 to take me to advanced options (which is the screen you had asked me to go to this morning) and I selected the option for safemode with networking. When it is loading the windows files it gets hung up right after this:

Loaded:\windows\system 32\DRIVERS\AtiPcie.sys


I've also seen a message on boot up that says registry corrupted and something about not being able to connect to an external device.

Not sure what to do at this point.

[ken545]

Hi,

AtiPcie.sys <--This is related to your Graphics card

searchya <--This is malware on your system

registry corrupted <-- This could be a problem, not really sure what you have done so far to cause this.

I think what I would do at this point is to possibly do a System Repair or to completely format your hard drive and re-install windows.

What I would like you to do is post here for help, the site like Safer is free but you will need to register, please use your same sign on name that your using here so that I can find you and offer any assistance if I can. Link them to this thread so they can see what we have done. If you don't get a reply in about 12 hours or so I will contact the techs and give them a heads up.

Do you have your windows CD or the recovery disk that came with your system ?


Go here and create an account
http://www.whatthetech.com/

Post here after you register
http://forums.whatthetech.com/index.php?showforum=119

Good luck, these guys are pretty good at fixing things like this.

[loopdiloop]

Hi Ken

Apparently i was already registered on that site (you guys probably have referred me there in the past); it is under the name Loopi.
Here is a link to my post:

http://forums.whatthetech.com/index....owtopic=125320

regarding the AtiPcie.sys - this looks like last driver it loads before it stalls, so it might be the next one causing the problem?

I was pretty sure SearchYa was something that got dumped on me when i registered for Skype recently. I wonder why Kaspersky didn't catch it?

I will have to go look in the garage but i don't recall this laptop coming with a Windows disk. Is it standard protocol to get one with a new computer?

Thanks for your help Ken. I really hope i can get this fixed.

[ken545]

When you buy a computer through a manufacturer like Dell or HP for instance, they usually install a Recovery Console in lew of the windows disk but sometimes include a recovery CD.

I see you posted, lets see what they say, I am linked and will follow along

[loopdiloop]

hi ken
I'm throwing in the towel on this repair myself. I think we're spoiled on this website because you guys give such explicit instruction. I am not comfortable with my skills to follow the instruction given me from the other website....and it is going on far to long without my computer.

thank you for your help. Hopefully if i ever get infected again, it will not be such a debilitating virus...i can't believe what that has done to my computer.

[ken545]

Hello Loopi,

Actually I am not looking at a very serious virus, just that searchya thing that alters your browser settings
http://www.systemlookup.com/search.p...ch=searchya&s=


Sometimes computers just get a bit wacky, whats going on can be related to many things, could be a software or hardware problem that caused this.


Anyway, maybe it is best to take it to a shop and have them fix it, in the course of repair they can tell you if there is anything wrong with your hardware, like motherboard, disk drives, graphics card and the like.


When its fixed please post back and let me know what they done and what the problem was.

Good Luck,

Ken