EssexBoy,
I am in a very similar situation. I was wondering if this fix or a slight variation of this fix would help me as well? Attached is my OTL log, and below are the MBAM and aswMBR logs.
MBAM;
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.orgDatabase version: v2012.06.29.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shay :: ALICE [administrator]
6/29/2012 7:01:07 PM
mbam-log-2012-06-29 (19-01-07).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 395852
Time elapsed: 1 hour(s), 43 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Shay\Desktop\finished\memory card full\Programs\Office 2010 Toolkit\Net_Framework 3.5_Update.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Shay\Desktop\finished\memory card full\Programs\VideoPad.Video.Editor.Pro.2.40_2\NCH Software - VideoPad 3.22 - KeYGeN_IMPosTOR.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\Installer\{dbcaa52c-e526-45d0-2df8-41b4d6fcb8cf}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)
aswMBR log;
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-30 12:57:21
-----------------------------
12:57:21.384 OS Version: Windows x64 6.1.7601 Service Pack 1
12:57:21.384 Number of processors: 2 586 0x603
12:57:21.387 ComputerName: ALICE UserName: Shay
12:57:23.751 Initialize success
12:57:23.883 AVAST engine defs: 12063000
12:57:28.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
12:57:28.426 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
12:57:28.448 Disk 0 MBR read successfully
12:57:28.454 Disk 0 MBR scan
12:57:28.461 Disk 0 Windows 7 default MBR code
12:57:28.478 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:57:28.493 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463010 MB offset 409600
12:57:28.539 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13626 MB offset 948654080
12:57:28.567 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
12:57:28.677 Disk 0 scanning C:\Windows\system32\drivers
12:57:49.550 Service scanning
12:58:22.192 Modules scanning
12:58:22.211 Disk 0 trace - called modules:
12:58:22.249 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:58:22.262 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042ee060]
12:58:22.275 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004279ac0]
12:58:22.288 5 amd_xata.sys[fffff88001080900] -> nt!IofCallDriver -> \Device\00000068[0xfffffa80042754a0]
12:58:24.422 AVAST engine scan C:\Windows
12:58:45.223 AVAST engine scan C:\Windows\system32
13:00:51.506 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
13:01:21.971 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:01:24.433 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:02:53.782 AVAST engine scan C:\Windows\system32\drivers
13:03:08.328 AVAST engine scan C:\Users\Shay
13:41:21.301 AVAST engine scan C:\ProgramData
13:48:16.115 Scan finished successfully
14:06:04.328 Disk 0 MBR has been saved successfully to "C:\Users\Shay\Desktop\MBR.dat"
14:06:04.343 The log file has been saved successfully to "C:\Users\Shay\Desktop\aswMBR.txt"
Thanks for any advice you an give me as well. You're doing a great thing, thank you!