altheman

To me personaly I think that your answer is unacceptable, I have 3 pc's at home if they all become infected I have to re-image all 3. I mean re-imaging is always an option just thought that I'd give Mbam a chance. Thanks for nothing, really nothing.

********************************************************************************************************************************************************************************************** . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Synadmin02 at 16:45:39 on 2011-07-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1783.465 [GMT -4:00] . AV: Kaspersky Anti-Virus *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files (x86)\Century\TinyTERM\NetUtils\CenLPD.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Kaseya\SYNTKS36468151087708\AgentMon.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe C:\Program Files (x86)\PC Tools Security\pctsSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\PC Tools Security\pctsGui.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cenlpdstatus.exe C:\Program Files (x86)\Kaseya\SYNTKS36468151087708\KaUsrTsk.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [KASHSYNTKS36468151087708] "C:\Program Files (x86)\Kaseya\SYNTKS36468151087708\KaUsrTsk.exe" mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [AVP] "c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" mRun: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cenlpdstatus.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll TCP: DhcpNameServer = 10.0.0.101 TCP: Interfaces\{DA2FE57A-3CBB-4BA0-A2D1-0AD3D5D42404} : DhcpNameServer = 10.0.0.101 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Notify: DeviceNP - DeviceNP.dll AppInit_DLLs: c:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll BHO-X64: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll BHO-X64: Browser Defender BHO - No File BHO-X64: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll BHO-X64: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll BHO-X64: link filter bho - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll mRun-x64: [KASHSYNTKS36468151087708] "C:\Program Files (x86)\Kaseya\SYNTKS36468151087708\KaUsrTsk.exe" mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [AVP] "c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" mRun-x64: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent AppInit_DLLs-X64: c:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll . ============= SERVICES / DRIVERS =============== . R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?] R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 SbAlg;SbAlg;C:\Windows\System32\drivers\SbAlg.sys [2010-2-1 51800] R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-2-1 13256] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?] R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2010-2-1 40088] R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2010-6-18 377600] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-7-15 337872] R2 CenLPD;CenLPD;C:\Program Files (x86)\Century\TinyTERM\NetUtils\CenLPD.exe [2011-5-9 102400] R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-1-12 36864] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216] R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-2-1 281192] R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-11 297984] R2 KASYNTKS36468151087708;Kaseya Agent;C:\Program Files (x86)\Kaseya\SYNTKS36468151087708\AgentMon.exe [2011-5-20 835584] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-24 1128952] R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-7-15 371472] R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-7-15 1117144] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-24 2320920] R3 DEBridge;DEBridge;C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-2-1 704512] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 KAPFA;KAPFA;\??\C:\Windows\system32\drivers\KAPFA.SYS --> C:\Windows\system32\drivers\KAPFA.SYS [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 OxPPort;OxPPort;C:\Windows\system32\drivers\OxPPort.sys --> C:\Windows\system32\drivers\OxPPort.sys [?] S3 OxSer;OxSer;C:\Windows\system32\drivers\OxSer.sys --> C:\Windows\system32\drivers\OxSer.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2011-07-26 20:43:54 -------- d-----w- C:\Users\synadmin02\AppData\Local\Hewlett-Packard 2011-07-26 20:39:29 -------- d-----w- C:\Users\synadmin02\AppData\Local\Threat Expert 2011-07-26 20:34:08 -------- d-----w- C:\Users\synadmin02\AppData\Roaming\Malwarebytes 2011-07-26 20:34:04 -------- d-----w- C:\Users\synadmin02\AppData\Local\PDFC 2011-07-26 20:34:03 -------- d-----w- C:\Users\synadmin02\AppData\Local\LogMeIn 2011-07-15 13:08:18 767952 ----a-w- C:\Windows\BDTSupport.dll 2011-07-15 13:08:18 2078672 ----a-w- C:\Windows\PCTBDCore.dll 2011-07-15 13:08:18 149456 ----a-w- C:\Windows\SGDetectionTool.dll 2011-07-15 13:08:17 1533904 ----a-w- C:\Windows\PCTBDRes.dll 2011-07-15 13:04:57 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys 2011-07-15 13:04:57 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys 2011-07-15 13:04:56 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys 2011-07-15 13:04:56 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys 2011-07-15 13:04:51 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys 2011-07-15 13:04:44 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2011-07-15 13:04:40 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys 2011-07-15 13:04:34 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2011-07-15 13:04:32 -------- d-----w- C:\Program Files (x86)\PC Tools Security 2011-07-15 13:02:39 -------- d-----w- C:\ProgramData\PC Tools 2011-07-15 09:07:30 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24E3BDF3-CCB4-4522-810E-427FF040C276}\mpengine.dll 2011-07-14 17:58:17 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-14 17:45:00 -------- d-----w- C:\Users\synadmin02\AppData\Local\temp 2011-07-14 17:35:35 98816 ----a-w- C:\Windows\sed.exe 2011-07-14 17:35:35 518144 ----a-w- C:\Windows\SWREG.exe 2011-07-14 17:35:35 256000 ----a-w- C:\Windows\PEV.exe 2011-07-14 17:35:35 208896 ----a-w- C:\Windows\MBR.exe 2011-07-14 17:04:51 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-07-13 19:24:35 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-13 19:24:35 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-13 19:24:26 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-13 19:24:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-06 10:46:48 -------- d-----w- C:\Program Files\Spybot - Search & Destroy 2011-07-06 10:46:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-06 10:46:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy . ==================== Find3M ==================== . 2011-06-06 15:10:45 876032 ----a-w- C:\Windows\SysWow64\VFP6RENU.DLL 2011-06-06 15:10:45 24990 ----a-w- C:\Windows\SysWow64\VFP6RUN.EXE 2011-06-06 15:10:44 3370256 ----a-w- C:\Windows\SysWow64\VFP6R.DLL 2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-21 12:40:59 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll 2011-05-21 12:40:59 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll 2011-05-21 12:40:59 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll 2011-05-11 14:18:08 0 ----a-w- C:\Windows\ativpsrm.bin 2011-05-06 14:58:00 20968 ----a-w- C:\Windows\System32\pdfc_port.dll . ============= FINISH: 16:46:54.40 ===============

Attach.zipMalwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7286 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 7/26/2011 4:44:41 PM mbam-log-2011-07-26 (16-44-41).txt Scan type: Quick scan Objects scanned: 267727 Time elapsed: 4 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 75 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\windows\system32\antav\av.exe (Worm.Flooder) -> Quarantined and deleted successfully. c:\windows\syswow64\antav\av.exe (Worm.Flooder) -> Quarantined and deleted successfully. c:\users\administrator\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\alliant\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\dhagans\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\kacevedo\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin01\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin02\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\user\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\administrator\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\alliant\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\dhagans\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\kacevedo\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\public\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\synadmin\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\synadmin01\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\synadmin02\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\user\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\appdata\local\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\windows\temp\mtg\av.exe (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully. c:\users\administrator\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\alliant\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\dhagans\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\kacevedo\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\public\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin01\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin02\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\user\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\config\systemprofile\local settings\application data\avg\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\administrator\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\alliant\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\dhagans\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\kacevedo\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\public\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin01\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin02\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\user\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\config\systemprofile\local settings\application data\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. c:\users\administrator\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\alliant\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\dhagans\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\kacevedo\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\public\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin01\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin02\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\user\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\config\systemprofile\templates\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\administrator\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\alliant\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\dhagans\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\kacevedo\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\public\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin01\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\synadmin02\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\users\user\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\localservice\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\serviceprofiles\networkservice\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\config\systemprofile\templates\avg\av.exe (Trojan.MultipleAV) -> Quarantined and deleted successfully. c:\windows\system32\avi\av.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. c:\windows\syswow64\avi\av.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

I am pretty computer savvy and have been dealing with this Av.exe, Malwarebytes says it has removed it and needs reboot, after reboot it will find the av.exe again in all the same places. I bought the full version of Malwarebytes and had the same effect and result. Please advise I am about 4 hours away from re-imaging the machine.M_bam.zip