Hi, I have some unknown malware on my computer. When browsing online, constant annoying popups and ads come up, my homepage is constantly changed to aol for some reason, and I absolutely can't remove it. I've tried MBAM (latest one included, totally clean), AVAST, AVG, Lavasoft adaware, spybot, etc etc but nothing can get rid of it. I have attached all the following required information. Please help!
I didn't have any trouble running the required steps.
I am unable to post the DDS LOG or the DDS attach or the GMER One because I am getting the following error message when trying to post them: "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces." Should I attach them?
GMER TWO
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-13 15:57:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465.76GB
Running: u63z8etr.exe; Driver: C:\Users\3yoosh\AppData\Local\Temp\kwdiqpog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1412:3940] 000007fef59e506c
Thread C:\Windows\system32\svchost.exe [1412:3944] 000007fef6301c20
Thread C:\Windows\system32\svchost.exe [1412:3948] 000007fef6301c20
Thread C:\Windows\system32\svchost.exe [1412:3480] 000007fef7095124
Thread C:\Windows\system32\svchost.exe [1412:5928] 000007fef5a884d8
Thread C:\Windows\system32\svchost.exe [1412:5992] 000007fee72823a8
Thread C:\Windows\system32\svchost.exe [1412:6756] 000007feeada0d00
Thread C:\Windows\system32\svchost.exe [1412:7636] 000007fee71f9498
Thread C:\Windows\system32\svchost.exe [1412:8664] 000007fef8cc4164
Thread C:\Windows\system32\svchost.exe [1412:8268] 000007fee6dacb70
Thread C:\Windows\system32\svchost.exe [1412:6676] 000007fef9f41ab0
Thread C:\Windows\System32\spoolsv.exe [1728:3252] 000007fef5f810c8
Thread C:\Windows\System32\spoolsv.exe [1728:3260] 000007fef5f46144
Thread C:\Windows\System32\spoolsv.exe [1728:3264] 000007fef72a5fd0
Thread C:\Windows\System32\spoolsv.exe [1728:3268] 000007fef5f23438
Thread C:\Windows\System32\spoolsv.exe [1728:3272] 000007fef72a63ec
Thread C:\Windows\System32\spoolsv.exe [1728:3280] 000007fef6025e5c
Thread C:\Windows\System32\spoolsv.exe [1728:3288] 000007fef6055074
Thread C:\Windows\System32\spoolsv.exe [1728:3728] 000007fef60c2288
Thread C:\Windows\system32\svchost.exe [2176:1404] 000007fef59a2888
Thread C:\Windows\system32\svchost.exe [2176:5752] 000007fef59a2a40
Thread C:\Windows\SysWOW64\ntdll.dll [2628:2632] 000000000041e9fa
Thread C:\Windows\SysWOW64\ntdll.dll [2628:2712] 0000000000483580
Thread C:\Windows\SysWOW64\ntdll.dll [3460:976] 000000000042e828
Thread C:\Windows\SysWOW64\ntdll.dll [4216:4220] 000000000041953a
Thread C:\Windows\SysWOW64\ntdll.dll [4396:4400] 0000000000401292
Thread C:\Windows\System32\svchost.exe [4368:11504] 000007fef7099874
Thread C:\Windows\SysWOW64\ntdll.dll [3536:4348] 000000000059f17c
Thread C:\Windows\SysWOW64\ntdll.dll [3536:5596] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:4452] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:5960] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:3464] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:6048] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:3348] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:4912] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:4092] 00000000005a0828
Thread C:\Windows\SysWOW64\ntdll.dll [3536:1504] 00000000005a0828
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???y.2???????????-?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.??? ???y???????????????????????7?7?7?7?7?7?7?7?7?7?7?7?????Z?Z?Z???.?.?7?7?7?7?3?7?7?7?7?7?7?7?7?7???.???0?/?3?0?0?3?7??6???1???1???7?7?7?7?7?7?7?7?7?7?7?7?7?Z?Z???.?.?7?7?7?7?7?????7????????71804372-9596-47f6-97b1-7efa743??????/?/?3?/?7?/?/?7?/???0???h?k?k?k?k???k???0???&?&?&?&?&?&?-?-?-?&?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?,?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?-?.?-?.?-?-?-?-?-?-?.?-?.?.?-?.?.?.?.?.?-?-?.?.?-?.?.?0?-?8?8????8???.?.??.??.?.?.?.????.??;??????.????????????????????_?~?????-?-?-?-?????????.?-?.?.???????????-?-?-??????.???????????????(???ms_vwifi????????????????????(???ms_nativewifip??????????????????8???ms_ndiscap??????????????????????ms_pacer????????????????????????ms_server???????????????????(???ms_netbios??????????????????(???ms_wfplwf???????????????????(???ms_steelhead????????????????????8???ms_rassrv???????????????????(???ms_rasman???????????????????????ms_msclient?????????????????8??
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.13.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
3yoosh :: 3YOOSH-PC [administrator]
7/13/2013 3:58:41 PM
mbam-log-2013-07-13 (15-58-41).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 518947
Time elapsed: 1 hour(s), 31 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)