aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 06:11:34
-----------------------------
06:11:34.223    OS Version: Windows x64 6.1.7600
06:11:34.223    Number of processors: 2 586 0x602
06:11:34.224    ComputerName: LIVINGROOM  UserName: Robert
06:11:38.319    Initialize success
06:11:53.107    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
06:11:53.109    Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
06:11:53.121    Disk 0 MBR read successfully
06:11:53.123    Disk 0 MBR scan
06:11:53.124    Disk 0 unknown MBR code
06:11:53.135    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
06:11:53.144    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       466726 MB offset 206848
06:11:53.175    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10112 MB offset 956061696
06:11:53.178    Service scanning
06:11:54.297    Modules scanning
06:11:54.300    Disk 0 trace - called modules:
06:11:54.311    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
06:11:54.314    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003356060]
06:11:54.317    3 CLASSPNP.SYS[fffff8800196943f] -> nt!IofCallDriver -> [0xfffffa80030db7a0]
06:11:54.321    5 ACPI.sys[fffff88000f97781] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80030db060]
06:11:54.326    Scan finished successfully
06:13:16.370    Disk 0 MBR has been saved successfully to "C:\uploads\MBR.dat"
06:13:16.375    The log file has been saved successfully to "C:\uploads\aswMBR.txt"

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Robert :: LIVINGROOM [administrator]

2/9/2012 6:14:37 AM
mbam-log-2012-02-09 (06-14-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 808452
Time elapsed: 1 hour(s), 31 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

XP

Do the following: 
Start -> Run 
type diskmgmt.msc 
Click "OK" 
 
Disk Management will open. 
 
Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns. 
 
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

VISTA - 7

Do the following: 

• Click on the Start button and then choose Control Panel. 
• Click on the System and Security link. 
   
  Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4. 
• In the System and Security window, click on the Administrative Tools heading located near the bottom of the window. 
• In the Administrative Tools window, double-click on the Computer Management icon. 
• When Computer Management opens, click on Disk Management on the left side of the window, located under Storage. 
   
  After a brief loading period, Disk Management should now appear on the right side of the Computer Management window. 
   
  Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Had to attach screenshot

• Download RogueKiller and save it on your desktop.  
•     Quit all programs 
•     Start RogueKiller.exe.  
•     Wait until Prescan has finished ... 
•     Click on Scan

• Wait for the end of the scan.   
•     The report has been created on the desktop.   
•     Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix  
    
    
• The report has been created on the desktop.

Please post:  
  
All RKreport logs located on your desktop.

NEXT

Download OTL  to your Desktop.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe

netbt.sys

atapi.sys

volsnap.sys

redbook.sys

lsi_sas.sys

lsi_scsi.sys

cdrom*

tcpip.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • attach both logs

RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Robert [Admin rights]
Mode: Scan -- Date : 02/12/2012 15:51:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
::1 localhost
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 478cfdd535ea4be06ed8fb97fc6cf8be
[BSP] bd2594b1bf406cdf459a438723ab3fd1 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 466726 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956061696 | Size: 10112 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Robert [Admin rights]
Mode: Remove -- Date : 02/12/2012 18:00:19

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
::1 localhost
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 478cfdd535ea4be06ed8fb97fc6cf8be
[BSP] bd2594b1bf406cdf459a438723ab3fd1 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 466726 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956061696 | Size: 10112 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Please attach the OTL log as requested...

OK...i realized u alerdy attached the OTL logs...i see the bad boys...I see u have stopzilla which is related to TDSS infections...I will remove it for u.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems 

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot 

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E E3 35 00 E8 39 F2 41 90 B6 01 BB 18 81 9D AC  [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E E3 35 00 E8 39 F2 41 90 B6 01 BB 18 81 9D AC  [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E E3 35 00 E8 39 F2 41 90 B6 01 BB 18 81 9D AC  [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E E3 35 00 E8 39 F2 41 90 B6 01 BB 18 81 9D AC  [binary data]
IE - HKU\S-1-5-21-918244078-1702145985-1200703881-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1E E3 35 00 E8 39 F2 41 90 B6 01 BB 18 81 9D AC  [binary data]
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1043669&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Informative Google Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.rr.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}:1.1.3
FF - prefs.js..extensions.enabledItems: {15392110-3e64-431c-a489-793eec3c1686}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9877
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mxvlxq6s.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/04/05 22:16:01 | 000,000,000 | ---D | M] ("Search Engine Security") -- 
PRC - [2011/12/07 17:12:30 | 000,183,336 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B63300D1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B755D674
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1AAB2E68



ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please attach the log generated after the fix completion.

 NEXT

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
3. Open notepad and copy/paste the text in the code box below into it:

Folder::
c:\Program Files (x86)\STOPzilla!
c:\Program Files (x86)\Common Files\iS3

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.