Had virus, reverted to factory setting still suspect virus, issues

[printchic]

I had a trojan virus earlier in the week. Finally it became impossible to get windows to boot so I just restored my pc to factory settings from the partition the manufacturer setup on my pc. Before I did this I had attempted to go back to a restore point on my pc it was blocked. I tried everything to get rid of it but eventually it became obvious the best solution was to just go back to factory settings but I'm concerned since I did this from the partition on my pc that the manufacturer setup that I may still have a virus or trojan as mailwarebytes keeps blocking IPs when I'm not even surfing internet explorer. So I have;

-ran mailwarebytes full scan and it found some adware and it deleted it

-also ran norton full scan it didn't find anything. I then ran tdsskiller and it find a tssd system issue. When i attempted to quaruntine it Norton popped up a message saying it found a troj.gen.2 and listed one of the files tdsskiller mentioned but said it blocked it.

-The tdsskiller on the pc said it found a suspicious tsdd system on dr02

I recently started getting wired messages last night that MVIZ could not create file mapping object (5) and Mtxfr could not create file mapping object (5) when I surf with internet explorer. I don't know if it has anything to do with all this or the fact I had removed a couple of softwares I was evaluating.

Simply put I am not sure if I still have a troj or not. Before I restored to factory settings I was getting indication I had;

- troj_fakeav.dam

- troj_spnr.xxx (can't remember the last part).

As I said I just went ahead and did a factory restore when I couldn't log back into my system. I did the restore from my partition on my pc that the manufacturer setup.

I need help to find out if I still have a virus or not. I am attaching the 2 files requested;

DDS.txt and ATTACH.txt. I also attached the tssdkiller logs (before and after quaruntine/delete) in case it can help.

Signed,

Printchic

Sorry I think I should have posted my DDS.txt so it could be send. Instead I attached it. I'm including it here in hope someone can help to let me know if I am still dealing with a virus.

Thanks ahead of time.

----------------------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by AngelinaDH at 0:51:37 on 2012-01-13

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3885.2231 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files (x86)\MSGTAG\MSGTAG.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\ProgramData\WeCareReminder\ReminderHelper.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = file:///C:/myfrontpage.html

uDefault_Page_URL = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [MSGTAG] "C:\Program Files (x86)\MSGTAG\MSGTAG.exe" /startup

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: amazon.com\www

TCP: DhcpNameServer = 192.168.0.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{7C579BD3-09BF-4D5F-B5CF-BCF7ED8F6AA8} : DhcpNameServer = 192.168.0.1 75.75.75.75 75.75.76.76

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\AngelinaDH\AppData\Roaming\Mozilla\Firefox\Profiles\l2jwup6l.default\

FF - prefs.js: browser.startup.homepage - file:///C:/myfrontpage.html

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-11-30 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120112.002\IDSviA64.sys [2012-1-12 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-5 652872]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2012-1-4 138760]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-10 2314240]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-5 138360]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-01-13 03:44:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-13 00:49:09 -------- d-----w- C:\Windows\SysWow64\Wat

2012-01-13 00:49:09 -------- d-----w- C:\Windows\System32\Wat

2012-01-12 21:55:16 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2012-01-12 21:55:16 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2012-01-12 21:43:34 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2012-01-12 21:43:34 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2012-01-12 21:43:34 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2012-01-12 21:43:34 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2012-01-12 21:43:34 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2012-01-12 21:43:34 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2012-01-12 21:43:33 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2012-01-12 21:43:33 444752 ----a-w- C:\Windows\System32\mscoree.dll

2012-01-12 21:43:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2012-01-12 21:43:33 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-01-12 21:35:42 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2012-01-12 21:35:42 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2012-01-12 12:28:06 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-01-12 10:30:59 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2012-01-12 10:29:58 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-01-12 10:28:59 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-01-12 10:27:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-01-12 10:16:36 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\SoftGrid Client

2012-01-12 10:16:35 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\SoftGrid Client

2012-01-12 10:15:51 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-01-12 10:15:34 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\TP

2012-01-10 18:46:48 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\ElevatedDiagnostics

2012-01-09 22:01:18 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Microsoft Help

2012-01-09 21:43:09 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Adobe

2012-01-09 21:21:15 -------- d-----w- C:\ProgramData\Invoice Expert

2012-01-09 21:20:53 -------- d-----w- C:\ProgramData\WeCareReminder

2012-01-09 13:30:09 250640 ----a-w- C:\Windows\SysWow64\msexcl35.dll

2012-01-09 13:30:09 176128 ----a-w- C:\Windows\SysWow64\mstext35.dll

2012-01-08 05:33:31 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-01-07 22:43:33 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\GlobalSCAPE

2012-01-07 22:43:25 -------- d-----w- C:\Program Files (x86)\GlobalSCAPE

2012-01-07 22:42:55 -------- d-----w- C:\Windows\Downloaded Installations

2012-01-07 03:56:11 -------- d-----w- C:\paintlessdeco_accting

2012-01-07 02:39:09 -------- d-----w- C:\Program Files (x86)\owl_sb

2012-01-06 21:24:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-06 20:47:03 -------- d-----r- C:\Sandbox

2012-01-06 20:45:55 -------- d-----w- C:\Program Files\Sandboxie

2012-01-06 19:16:03 -------- d-----w- C:\ProgramData\MAGIX

2012-01-06 03:39:34 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Scansoft

2012-01-06 02:03:17 -------- d-----w- C:\Program Files (x86)\MSGTAG

2012-01-05 20:53:33 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Xara

2012-01-05 20:52:52 -------- d-----w- C:\ProgramData\Xara

2012-01-05 20:52:52 -------- d-----w- C:\Program Files (x86)\Xara

2012-01-05 20:50:53 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\MAGIX

2012-01-05 19:16:44 -------- d-----w- C:\Program Files\Nuance

2012-01-05 19:15:40 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared

2012-01-05 19:15:24 -------- d-----w- C:\Program Files (x86)\ScanSoft

2012-01-05 19:08:00 -------- d-----w- C:\ProgramData\Brother

2012-01-05 18:44:19 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\Malwarebytes

2012-01-05 18:44:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-05 18:44:15 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-05 18:44:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-05 15:54:49 -------- d-----w- C:\Program Files\ClickPic

2012-01-05 04:25:22 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys

2012-01-05 04:25:22 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys

2012-01-05 04:25:22 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys

2012-01-05 04:25:22 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys

2012-01-05 04:25:22 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys

2012-01-05 04:25:22 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys

2012-01-05 04:25:22 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys

2012-01-05 04:25:07 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A

2012-01-05 02:08:45 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\MailWasherPro

2012-01-05 02:08:44 -------- d-----w- C:\Program Files (x86)\FireTrust

2012-01-05 01:34:34 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Thunderbird

2012-01-04 23:31:41 -------- d-----w- C:\Users\AngelinaDH\Tracing

2012-01-04 23:29:26 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-01-04 23:23:47 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-01-04 23:23:47 -------- d-----w- C:\Program Files\Symantec

2012-01-04 23:23:47 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-01-04 23:23:20 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-01-04 23:23:18 -------- d-----w- C:\ProgramData\Norton

2012-01-04 23:23:18 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-01-04 23:07:44 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Best Buy pc app

2012-01-04 22:11:08 -------- d-----w- C:\ProgramData\NortonInstaller

2012-01-04 22:11:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-01-04 20:24:41 -------- d-----w- C:\Windows\System32\log

2012-01-04 17:37:05 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Diagnostics

2012-01-04 17:28:14 -------- d-----w- C:\Users\AngelinaDH\AppData\Roaming\Intel

2012-01-04 17:28:07 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Apps

2012-01-04 17:28:06 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\SRS Labs

2012-01-04 17:28:06 -------- d-----w- C:\Users\AngelinaDH\AppData\Local\Deployment

.

==================== Find3M ====================

.

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:22:37 366592 ----a-w- C:\Windows\System32\qdvd.dll

2011-10-26 05:22:37 1572864 ----a-w- C:\Windows\System32\quartz.dll

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-26 04:28:26 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2011-10-26 04:28:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

.

============= FINISH: 0:51:59.60 ===============

TDSSKiller.2.7.0.0_12.01.2012_22.42.58_log_BEFORE.txt

TDSSKiller.2.7.0.0_12.01.2012_23.04.03_log_AFTER.txt

DDS.txt

Attach.txt

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!