can not remove stolen.data

[tomjoad]

Hello,

I am not able to remove stolen.data infection from my pc. Malwarebytes each time detects it and I erased the selection but it still comes back after next pc boot.

Could you help me pls ?

Thanks in advance for your help,

Laurent

here result of

lwarebytes Anti-Malware (Essai) 1.61.0.1400

www.malwarebytes.org

Version de la base de données: v2012.05.30.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laurent :: LAURENT-PC [administrateur]

Protection: Activé

30/05/2012 11:59:13

mbam-log-2012-05-30 (11-59-13).txt

Type d'examen: Examen rapide

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 200974

Temps écoulé: 22 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1

C:\Users\Laurent\AppData\Roaming\dclogs (Stolen.Data) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 1

C:\Users\Laurent\AppData\Roaming\dclogs\2012-05-30-4.dc (Stolen.Data) -> Mis en quarantaine et supprimé avec succès.

(fin)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Laurent at 11:23:09 on 2012-05-30

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6141.3685 [GMT 2:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\VyprVPN for Giganews\VyprVPN for Giganews.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Users\Laurent\AppData\Roaming\system\dgkiQhkvd6Kt\winreupdating.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [hodensack] C:\Users\Laurent\AppData\Roaming\system\dgkiQhkvd6Kt\winreupdating.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9EC35E8A-0972-4DF2-A171-C1EEECB22347} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AEC8E65F-EACE-44A2-A4D2-6E19B3790362} : NameServer = 208.67.222.222 208.67.220.220

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{6c97a91e-4524-4019-86af-2aa2d567bf5c}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{6c97a91e-4524-4019-86af-2aa2d567bf5c}

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-30 654408]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-25 2666880]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-15 116648]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152720]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 257696]

S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]

S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-15 116648]

S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-11-25 311928]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-30 07:26:13 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Malwarebytes

2012-05-30 07:26:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-30 07:26:08 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-30 07:26:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-30 06:26:38 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-05-30 06:25:35 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll

2012-05-30 06:25:35 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll

2012-05-30 06:25:29 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Simply Super Software

2012-05-30 06:25:29 -------- d-----w- C:\ProgramData\Simply Super Software

2012-05-30 06:25:29 -------- d-----w- C:\Program Files (x86)\Trojan Remover

2012-05-30 06:23:33 -------- d-----w- C:\Users\Laurent\AppData\Local\adawarebp

2012-05-30 06:23:32 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-05-30 06:23:31 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2012-05-30 06:23:30 -------- d-----w- C:\Program Files (x86)\adawaretb

2012-05-30 06:23:16 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2012-05-30 06:23:14 -------- d-----w- C:\Program Files (x86)\Lavasoft

2012-05-29 19:42:43 -------- d-----w- C:\Users\Laurent\AppData\Roaming\TeamViewer

2012-05-29 15:11:19 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D675E1A3-2981-45CC-A26E-46EAE1569C69}\mpengine.dll

2012-05-29 06:17:43 -------- d-----w- C:\Users\Laurent\AppData\Roaming\system

2012-05-25 17:33:59 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-05-23 18:38:44 -------- d-----w- C:\Users\Laurent\AppData\Local\ESET

2012-05-23 18:17:22 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Mimo

2012-05-23 18:17:15 -------- d-----w- C:\Program Files (x86)\Mimo

2012-05-23 18:16:09 -------- d-----w- C:\Program Files (x86)\Oracle

2012-05-23 18:16:03 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-23 18:16:03 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-23 18:08:39 -------- d-----w- C:\Users\Laurent\AppData\Local\GoldenFrog

2012-05-23 18:06:10 -------- d-----w- C:\Program Files (x86)\OpenVPN

2012-05-23 18:05:55 -------- d-----w- C:\Program Files (x86)\VyprVPN for Giganews

2012-05-23 14:37:55 -------- d-----w- C:\Users\Laurent\AppData\Local\sabnzbd

2012-05-23 14:37:48 -------- d-----w- C:\Program Files (x86)\SABnzbd

2012-05-19 08:51:59 -------- d-----w- C:\Users\Laurent\AppData\Local\Diagnostics

2012-05-10 05:57:22 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 05:57:22 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-10 05:57:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-10 05:57:17 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-10 05:57:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-10 05:57:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-10 05:55:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 05:55:19 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 05:55:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 05:55:17 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 05:55:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 05:55:16 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 05:55:16 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-06 21:03:48 -------- d-----w- C:\ProgramData\ma-config.com

2012-05-06 21:03:48 -------- d-----w- C:\Program Files (x86)\ma-config.com

2012-05-05 08:42:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-05-05 08:42:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 08:42:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-16 12:40:38 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-04-16 12:40:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-04-15 18:11:38 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-04-15 12:24:56 0 ----a-w- C:\Windows\ativpsrm.bin

.

============= FINISH: 11:23:24,27 ===============

Attach.txt

DDS.txt

[Maniac]

Hello Laurent! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Ad-Aware and to keep ESET NOD32 Antivirus. Also, uninstall Ad-Aware Security Toolbar, because is a VMN Toolbar variant by Visicom Media. VMN toolbars are sometime detected as AdWare.Win32.MegaSearch or Adware.VMN. Next, reboot your PC.

Step 2

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!