Ramnit A & D detected! But am I really clean?

Hi,
yesterday at 13.00GMT I was on a streaming site and it loaded a popup triggering Microsoft Security Essentials to clean something.

Later on that day, Windows Firewall alerted me that svchost was being blocked, and asked me if I wanted to keep blocking. (A few days ago, I had been asked the same question out of context and I said 'unblock' as I thought it was a genuine system file).

I was now no longer able to load google through my firefox browser (which I was using up to now). I could search through yahoo though.
I decided to use IExplorer to use google for convenience and it worked fine.

I looked in system restore and found 4 points remaining, and that anything before 1st august was missing (may be related maybe not).

That's when I noticed two svchost files in processes. I tried to kill both but, they both reloaded.

I was unable to launch Malwarebytes successfully (it showed and then mysteriously disappeared everytime in processes, without loading the gui).
*In between cleans, malwarebytes finally loaded but I need to update so meanwhile I did other scans. But then the next restart after another scan, it stopped loading*
(After all scans and cleans were done, malwarebytes runs as normal everytime).

There was also a strange file in my user AppData, created on 4th august. I scanned it and no problems, but I deleted it anyway.

I ran Security Essentials scan and it found Ramnit Gen!A & D in couples (one in Win32, another in NT I think). I had to restart to finish the clean.
Security kept finding more so this had to be repeated 3 times.

Other scans I completed thereafter.
TDSS Killer cleaned about 4 items I think it was this scan which found iframe virus on my browser.
MBRcheck reported errors on external drive, but no errors after I disconnected that drive.
Malwarebytes cleaned a few items.
Msert found nothing.
Combofix did quite a few things but I was unable to decode what it was doing.
RogueKiller found some problems, additional ones looked like context menu edits which I had done earlier this year. Unsure, please check log.
Hitmanx64, Eset, Msert found nothing.

MGTools did things I couldn't decode what it was doing. It then tried to launch hijackthis, and tried to report errors about Hijackthis, but the url it web launched didnt exist. It then ran hijackthis and saved it somewhere on my pc. *I will attach the log to the post immediately after this*.

I deleted some empty created folders that were created in my username's temp folder dated 4th August 13.00.

I searched for ramnit in regedit and found some items which seemed like virus scanner entries so I left them alone.

After all of this was complete, I ran security essentials and malwarebytes and tdsskiller multiple times after multiple restarts, and they didn't find anything. Firefox is also running as normal again.

I have attached all logs
PLEASE NOTE: All scans took place when windows was loaded normally.

At the moment, I cannot see any problems. Although I have found a folder on my system drive called "Qoobox" which it won't allow me to access - dated last night during the scan periods.
But after reading many posts on here and other forums, I've found cause to believe I can never be fully clean from Ramnit. I'm unsure. Please check logs and advise!

- Thanks.

 

I've attached the MGTools logs to this reply (I had to redo the scan just now because I deleted the old log sadly)
I don't know where to find the eset, human64 or Msert scan log.
I've discovered that something keeps unhiding my hidden files and folders, despite my efforts to hide them.
I also found an internet explorer shortcut on desktop titled "The Internet"
By the way, the file I found in my user appdata was bndoajxk.exe.

 

Security Essentials just found another severe exploit: Java/Blacole.FK
SuperAntispyware just found adware threats.

 

Welcome to MajorGeeks, cleanme

In most cases the only safe and reliable way to properly remove Ramnit is to reinstall due to the damage it causes and also due to the security issues it opens. So let me first post a canned speech/warning about Ramnit.

If you would like to continue, please attach your initial log from MBAM as well as a new Full Scan results from it.

__

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  bndoajxk.exe
  /md5stop
  c:\users\HTS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
  c:\users\HTS\AppData\Local\shlcpgot\*.*
  %windir%\system32\drivers\*.sys /lockedfiles
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)