I have completed the scan and here is the result, first is the dds log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Dan Martell at 15:07:45 on 2013-01-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2438 [GMT -5:00] . AV: Advanced Antispyware Solution *Enabled/Updated* {92FF9ED9-4796-4037-A93D-E8AE9F61EDF1} AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Advanced Antispyware Solution *Enabled* . ============== Running Processes ================ . C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Teamviewer\Version6\TeamViewer_Service.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Teamviewer\Version6\TeamViewer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Skype\Phone\Skype.exe c:\program files\teamviewer\version6\TeamViewer_Desktop.exe C:\Program Files\Teamviewer\Version6\tv_w32.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.apkgroup.com/webshare/ApexSites/Apex Internet Sites.htm BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [cdloader] "c:\documents and settings\dan martell\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe mRun: [bginfo] c:\windows\system32\bginfo\bginfo.exe c:\windows\system32\bginfo\logon.bgi /timer:0 /nolicprompt /silent mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisallowRun = dword:1 uPolicies-DisallowRun: 0 = msseces.exe uPolicies-DisallowRun: 1 = MSASCui.exe uPolicies-DisallowRun: 4 = avgnt.exe uPolicies-DisallowRun: 5 = avcenter.exe uPolicies-DisallowRun: 6 = avscan.exe uPolicies-DisallowRun: 7 = avgfrw.exe uPolicies-DisallowRun: 8 = avgui.exe uPolicies-DisallowRun: 9 = avgtray.exe uPolicies-DisallowRun: 10 = avgscanx.exe uPolicies-DisallowRun: 11 = avgcfgex.exe uPolicies-DisallowRun: 12 = avgemc.exe uPolicies-DisallowRun: 13 = avgchsvx.exe uPolicies-DisallowRun: 14 = avgcmgr.exe uPolicies-DisallowRun: 15 = avgwdsvc.exe mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globemar.webex.com/client/T27LC/webex/ieatgpc.cab TCP: NameServer = 216.129.193.16 206.191.0.210 209.87.239.20 TCP: Interfaces\{6AEEBE7C-94E1-4ACA-A141-FC002F041692} : DHCPNameServer = 216.129.193.16 206.191.0.210 209.87.239.20 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: AlphaAV - svchost.exe IFEO: AlphaAV.exe - svchost.exe IFEO: Anti-Virus Professional.exe - svchost.exe IFEO: AntispywarXP2009.exe - svchost.exe IFEO: AntivirusPro_2010.exe - svchost.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-29 123760] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-29 107280] R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-2 217088] R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2012-7-4 999704] R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-2 112696] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2367360] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-10-16 9472] R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2010-2-2 36188] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?] S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2012-7-4 183944] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-29 174592] S3 ucgnm;BUFFALO WLI-UC-GNM Series Wireless LAN Driver;c:\windows\system32\drivers\ucgnm.sys [2010-7-6 826752] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-29 81192] . =============== Created Last 30 ================ . 2013-01-04 19:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-04 19:28:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 19:28:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 20:23:14 -------- d-----w- C:\Virus 2013-01-03 16:29:58 -------- d-----w- C:\Drivers 2013-01-03 15:32:56 -------- d-----w- c:\program files\ESET 2013-01-03 15:24:38 353707 ----a-w- C:\MonthlyCD.exe 2013-01-03 14:22:42 -------- d-----w- c:\windows\system32\driver 2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-01-03 14:06:31 -------- d-----w- c:\windows\system32\wbem\Repository 2013-01-03 14:06:15 -------- d-----w- c:\program files\SonicWALL 2013-01-03 14:06:15 -------- d-----w- c:\program files\common files\Deterministic Networks 2013-01-03 14:05:17 -------- d-sh--w- c:\documents and settings\dan martell\application data\Advanced Antispyware Solution 2013-01-03 14:05:17 -------- d-----w- c:\windows\system32\URTTEMP 2013-01-03 14:05:16 -------- d-----w- c:\windows\LastGood(2) 2013-01-02 21:22:37 -------- d-----w- C:\RECYCLER(2) 2012-12-21 19:22:50 -------- d-----w- c:\program files\BUFFALO 2012-12-21 16:54:09 -------- d-----w- c:\documents and settings\dan martell\local settings\application data\Mozilla 2012-12-21 16:54:01 -------- d-----w- c:\program files\Mozilla Firefox(2) . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd(3).dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 15:08:33.92 =============== Next is the MBAM Log file: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 1/4/2013 2:55:40 PM mbam-log-2013-01-04 (14-55-40).txt Scan type: Quick Scan Objects scanned: 99594 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) I have MBAM 3 times and each time came back with the same 2 files. They related to the ESET anti-virus on the PC, but the anti-virus is still working. Not sure if those files are related to the system restore that was done as of yesterday to fix another issue.