BOO/TDss.m

[Bossk34]

Hey. I've started having problems with my comp. I tried scanning with malwarebytes and it would not work in normal mode, it would remove the program or something, When I would try to re run it it said it could not find the path. So i uninstalled, updated and ran a scan in safe mode. Found a bunch of items and I thought I was good. Start up normal mode, try re running malwarebytes and it gives me the same thing. Stops scanning after a few moments, shuts down, exits and gives me the same "cant find path" etc message again. So i did the same thing, re install update, run in safe mode, finds 2 files over and over.

So I downloaded and installed Avira, ran a scan in safe mode, found some stuff, thought I removed it. Tried running in normal mode after, Won't work.

The file I found was BOO/TDss.m.

Help??

[Bossk34]

To add some info, I did another avira scan in safe mode again after uninstalling etc.

Found this BOO/TDss.B (before it was BOO/TDss.M I noticed) - The file name is $RA9FRRC.dat

Found this too. TR/Crypt.XPACK.Gen - file name is 373518902:3382795553.exe - in the C:/Windows directory. I opened task manager and the 373518902:3382795553.exe I cant end task.

I'll paste the Avira scan file too.

Avira AntiVir Personal

Report file date: September-05-11 22:30

Scanning for 3334229 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7

Windows version : (plain) [6.1.7600]

Boot mode : Safe mode

Username : Brice

Computer name : BRICE-PC

Version information:

BUILD.DAT : 10.2.0.700 35934 Bytes 21/07/2011 17:12:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 06/09/2011 02:27:05

AVSCAN.DLL : 10.0.5.0 47464 Bytes 06/09/2011 02:27:05

LUKE.DLL : 10.3.0.5 45416 Bytes 06/09/2011 02:27:05

LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 04:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 06/09/2011 02:27:06

AVREG.DLL : 10.3.0.9 88833 Bytes 06/09/2011 02:27:06

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 11:53:55

VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 11:53:56

VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 16:36:57

VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 16:18:22

VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 02:27:04

VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 02:27:04

VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 02:27:04

VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 02:27:04

VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 02:27:04

VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 02:27:04

VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 02:27:04

VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 02:27:04

VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 02:27:04

VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 02:27:04

VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 02:27:04

VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 02:27:04

VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 02:27:04

VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 02:27:04

VBASE019.VDF : 7.11.14.48 133120 Bytes 31/08/2011 02:27:04

VBASE020.VDF : 7.11.14.78 156160 Bytes 02/09/2011 02:27:04

VBASE021.VDF : 7.11.14.79 2048 Bytes 02/09/2011 02:27:04

VBASE022.VDF : 7.11.14.80 2048 Bytes 02/09/2011 02:27:04

VBASE023.VDF : 7.11.14.81 2048 Bytes 02/09/2011 02:27:04

VBASE024.VDF : 7.11.14.82 2048 Bytes 02/09/2011 02:27:04

VBASE025.VDF : 7.11.14.83 2048 Bytes 02/09/2011 02:27:04

VBASE026.VDF : 7.11.14.84 2048 Bytes 02/09/2011 02:27:04

VBASE027.VDF : 7.11.14.85 2048 Bytes 02/09/2011 02:27:04

VBASE028.VDF : 7.11.14.86 2048 Bytes 02/09/2011 02:27:04

VBASE029.VDF : 7.11.14.87 2048 Bytes 02/09/2011 02:27:04

VBASE030.VDF : 7.11.14.88 2048 Bytes 02/09/2011 02:27:04

VBASE031.VDF : 7.11.14.103 80896 Bytes 05/09/2011 02:27:04

Engineversion : 8.2.6.54

AEVDF.DLL : 8.1.2.1 106868 Bytes 21/04/2011 11:53:28

AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 06/09/2011 02:27:05

AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 11:53:27

AESBX.DLL : 8.2.1.34 323957 Bytes 16/06/2011 04:54:00

AERDL.DLL : 8.1.9.13 639349 Bytes 06/09/2011 02:27:05

AEPACK.DLL : 8.2.10.10 684407 Bytes 06/09/2011 02:27:05

AEOFFICE.DLL : 8.1.2.13 201083 Bytes 06/09/2011 02:27:05

AEHEUR.DLL : 8.1.2.164 3654007 Bytes 06/09/2011 02:27:04

AEHELP.DLL : 8.1.17.7 254327 Bytes 06/09/2011 02:27:04

AEGEN.DLL : 8.1.5.9 401780 Bytes 06/09/2011 02:27:04

AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 11:53:14

AECORE.DLL : 8.1.23.0 196983 Bytes 06/09/2011 02:27:04

AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 11:53:14

AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 11:53:36

AVPREF.DLL : 10.0.3.2 44904 Bytes 06/09/2011 02:27:05

AVREP.DLL : 10.0.0.10 174120 Bytes 06/09/2011 02:27:06

AVARKT.DLL : 10.0.26.1 255336 Bytes 06/09/2011 02:27:05

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 06/09/2011 02:27:05

SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 19:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 11:53:36

NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 11:53:46

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 06/09/2011 02:27:04

RCTEXT.DLL : 10.0.64.0 97640 Bytes 06/09/2011 02:27:04

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: September-05-11 22:30

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '67' Module(s) have been scanned

Scan process 'avcenter.exe' - '74' Module(s) have been scanned

Scan process 'ctfmon.exe' - '21' Module(s) have been scanned

Scan process 'Explorer.EXE' - '147' Module(s) have been scanned

Scan process 'svchost.exe' - '20' Module(s) have been scanned

Scan process 'svchost.exe' - '28' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'svchost.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '51' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

Scan process 'lsass.exe' - '61' Module(s) have been scanned

Scan process 'winlogon.exe' - '23' Module(s) have been scanned

Scan process 'services.exe' - '31' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'wininit.exe' - '21' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Master boot sector HD0

[DETECTION] Contains code of the BOO/TDss.M boot sector virus

[NOTE] The boot sector was written!

Boot sector 'C:\'

[DETECTION] Contains code of the BOO/TDss.M boot sector virus

[NOTE] The boot sector has not been repaired!

Starting to scan executable files (registry).

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

[WARNING] The file could not be opened!

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

[WARNING] The file could not be opened!

C:\Windows\system32\Wat\WatAdminSvc.exe

[WARNING] The file could not be opened!

The registry was scanned ( '498' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\$Recycle.Bin\S-1-5-21-1215871253-2448568710-1958106673-1001\$RA9FRRC.dat

[DETECTION] Contains code of the BOO/TDss.B boot sector virus

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

[WARNING] The file could not be opened!

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

[WARNING] The file could not be opened!

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[WARNING] The file could not be opened!

C:\Windows\3735182902:3382795553.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

C:\Windows\System32\Wat\npWatWeb.dll

[WARNING] The file could not be opened!

C:\Windows\System32\Wat\WatAdminSvc.exe

[WARNING] The file could not be opened!

C:\Windows\System32\Wat\WatUX.exe

[WARNING] The file could not be opened!

C:\Windows\System32\Wat\WatWeb.dll

[WARNING] The file could not be opened!

Beginning disinfection:

C:\Windows\3735182902:3382795553.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4bd32f03.qua'.

C:\$Recycle.Bin\S-1-5-21-1215871253-2448568710-1958106673-1001\$RA9FRRC.dat

[DETECTION] Contains code of the BOO/TDss.B boot sector virus

[NOTE] The file was moved to the quarantine directory under the name '537a00bf.qua'.

End of the scan: September-05-11 22:56

Used time: 23:12 Minute(s)

The scan has been done completely.

19937 Scanned directories

219914 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

1 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

10 Files cannot be scanned

219902 Files not concerned

1437 Archives were scanned

10 Warnings

4 Notes

[Bossk34]

Another update. I got a friend over trying to help me out with this. We tried to find the recycle bin, no dice. So we opened control panel after following instructions on the Microsoft website in order to try and see hidden files. The option to view hidden files is gone, not even available.

[screen317]

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

[Bossk34]

Hey, thanks for the reply. So there is where I am at. Yesterday I went scanning on other sites how to get rid of that dam virus. I came across TDSSkiller. So I ran it but to no avail much. But, once i ran it, then ran malewarebytes and avira in safe mode, it was able to get rid of the virus, only problem was that I couldn't use the internet after lol. So I went to the furthest system restore point back I could, unfortunately I couldn't get far back enough for the virus to be gone, but I can use the internet now.

So here are the reports. Thanks a lot for your help.

2011/09/07 22:51:21.0215 2168 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/07 22:51:23.0243 2168 ================================================================================

2011/09/07 22:51:23.0243 2168 SystemInfo:

2011/09/07 22:51:23.0243 2168

2011/09/07 22:51:23.0243 2168 OS Version: 6.1.7600 ServicePack: 0.0

2011/09/07 22:51:23.0243 2168 Product type: Workstation

2011/09/07 22:51:23.0243 2168 ComputerName: BRICE-PC

2011/09/07 22:51:23.0243 2168 UserName: Brice

2011/09/07 22:51:23.0243 2168 Windows directory: C:\Windows

2011/09/07 22:51:23.0243 2168 System windows directory: C:\Windows

2011/09/07 22:51:23.0243 2168 Processor architecture: Intel x86

2011/09/07 22:51:23.0243 2168 Number of processors: 2

2011/09/07 22:51:23.0243 2168 Page size: 0x1000

2011/09/07 22:51:23.0243 2168 Boot type: Normal boot

2011/09/07 22:51:23.0243 2168 ================================================================================

2011/09/07 22:51:25.0161 2168 Initialize success

2011/09/07 22:51:26.0893 2240 ================================================================================

2011/09/07 22:51:26.0893 2240 Scan started

2011/09/07 22:51:26.0893 2240 Mode: Manual;

2011/09/07 22:51:26.0893 2240 ================================================================================

2011/09/07 22:51:27.0985 2240 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/09/07 22:51:28.0047 2240 365ea2de (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3735182902:3382795553.exe

2011/09/07 22:51:28.0047 2240 Suspicious file (Hidden): C:\Windows\3735182902:3382795553.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/09/07 22:51:28.0047 2240 365ea2de - detected HiddenFile.Multi.Generic (1)

2011/09/07 22:51:28.0079 2240 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/09/07 22:51:28.0110 2240 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/09/07 22:51:28.0141 2240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/07 22:51:28.0172 2240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/07 22:51:28.0203 2240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/07 22:51:28.0266 2240 AFD (dbbcd12483bd1ff0befee4135ce35626) C:\Windows\system32\drivers\afd.sys

2011/09/07 22:51:28.0266 2240 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: dbbcd12483bd1ff0befee4135ce35626, Fake md5: 0db7a48388d54d154ebec120461a0fcd

2011/09/07 22:51:28.0266 2240 AFD - detected Rootkit.Win32.ZAccess.e (0)

2011/09/07 22:51:28.0297 2240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/09/07 22:51:28.0359 2240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/09/07 22:51:28.0391 2240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/09/07 22:51:28.0422 2240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/09/07 22:51:28.0453 2240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/09/07 22:51:28.0469 2240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/07 22:51:28.0500 2240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/07 22:51:28.0531 2240 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/09/07 22:51:28.0547 2240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/07 22:51:28.0578 2240 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/09/07 22:51:28.0593 2240 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/09/07 22:51:28.0671 2240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/09/07 22:51:28.0703 2240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/07 22:51:28.0734 2240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/07 22:51:28.0781 2240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/09/07 22:51:28.0874 2240 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/09/07 22:51:28.0983 2240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/09/07 22:51:28.0999 2240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/09/07 22:51:29.0061 2240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/09/07 22:51:29.0108 2240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/07 22:51:29.0171 2240 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/07 22:51:29.0217 2240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/07 22:51:29.0233 2240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/07 22:51:29.0264 2240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/09/07 22:51:29.0311 2240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/07 22:51:29.0327 2240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/07 22:51:29.0342 2240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/07 22:51:29.0373 2240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/07 22:51:29.0405 2240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/07 22:51:29.0483 2240 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/07 22:51:29.0529 2240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/07 22:51:29.0545 2240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/09/07 22:51:29.0607 2240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/07 22:51:29.0623 2240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/09/07 22:51:29.0654 2240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/09/07 22:51:29.0685 2240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/07 22:51:29.0732 2240 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/09/07 22:51:29.0763 2240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/07 22:51:29.0810 2240 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/09/07 22:51:29.0873 2240 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

2011/09/07 22:51:29.0904 2240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/09/07 22:51:29.0935 2240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/09/07 22:51:29.0997 2240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/09/07 22:51:30.0044 2240 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/07 22:51:30.0091 2240 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys

2011/09/07 22:51:30.0169 2240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/09/07 22:51:30.0278 2240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/07 22:51:30.0309 2240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/09/07 22:51:30.0356 2240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/09/07 22:51:30.0372 2240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/09/07 22:51:30.0419 2240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/07 22:51:30.0450 2240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/09/07 22:51:30.0465 2240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/09/07 22:51:30.0497 2240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/07 22:51:30.0512 2240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/09/07 22:51:30.0543 2240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/09/07 22:51:30.0590 2240 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/09/07 22:51:30.0637 2240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/07 22:51:30.0684 2240 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/07 22:51:30.0699 2240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/07 22:51:30.0762 2240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/07 22:51:30.0824 2240 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/09/07 22:51:30.0855 2240 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/07 22:51:30.0871 2240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/07 22:51:30.0902 2240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/07 22:51:30.0933 2240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/07 22:51:30.0965 2240 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/07 22:51:31.0011 2240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/09/07 22:51:31.0058 2240 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/09/07 22:51:31.0089 2240 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/07 22:51:31.0121 2240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/07 22:51:31.0183 2240 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/09/07 22:51:31.0214 2240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/07 22:51:31.0245 2240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/09/07 22:51:31.0292 2240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/07 22:51:31.0308 2240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/07 22:51:31.0339 2240 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/09/07 22:51:31.0370 2240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/09/07 22:51:31.0401 2240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/09/07 22:51:31.0417 2240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/09/07 22:51:31.0433 2240 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/07 22:51:31.0479 2240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/07 22:51:31.0495 2240 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/07 22:51:31.0542 2240 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/07 22:51:31.0589 2240 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/07 22:51:31.0698 2240 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/09/07 22:51:31.0745 2240 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/09/07 22:51:31.0791 2240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/07 22:51:31.0854 2240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/07 22:51:31.0869 2240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/07 22:51:31.0885 2240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/07 22:51:31.0916 2240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/07 22:51:31.0963 2240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/09/07 22:51:32.0010 2240 MBAMSwissArmy (dfcd77be118dbe22fef9fefa926b607f) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/09/07 22:51:32.0010 2240 Suspicious file (Forged): C:\Windows\system32\drivers\mbamswissarmy.sys. Real md5: dfcd77be118dbe22fef9fefa926b607f, Fake md5: 33ebe9135a74efb6589b2c6ced72085e

2011/09/07 22:51:32.0010 2240 MBAMSwissArmy - detected ForgedFile.Multi.Generic (1)

2011/09/07 22:51:32.0072 2240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/07 22:51:32.0119 2240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/07 22:51:32.0150 2240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/09/07 22:51:32.0181 2240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/07 22:51:32.0213 2240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/07 22:51:32.0244 2240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/07 22:51:32.0259 2240 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/09/07 22:51:32.0291 2240 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/09/07 22:51:32.0306 2240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/07 22:51:32.0337 2240 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/09/07 22:51:32.0384 2240 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/07 22:51:32.0447 2240 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/07 22:51:32.0478 2240 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/07 22:51:32.0509 2240 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/09/07 22:51:32.0525 2240 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/09/07 22:51:32.0587 2240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/09/07 22:51:32.0603 2240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/07 22:51:32.0634 2240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/09/07 22:51:32.0665 2240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/07 22:51:32.0696 2240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/07 22:51:32.0712 2240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/09/07 22:51:32.0743 2240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/09/07 22:51:32.0774 2240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/07 22:51:32.0790 2240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/09/07 22:51:32.0821 2240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/07 22:51:32.0852 2240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/09/07 22:51:32.0883 2240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/07 22:51:32.0915 2240 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/09/07 22:51:32.0961 2240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/07 22:51:32.0993 2240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/07 22:51:33.0008 2240 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/07 22:51:33.0039 2240 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/07 22:51:33.0055 2240 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/09/07 22:51:33.0086 2240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/07 22:51:33.0102 2240 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/07 22:51:33.0164 2240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/07 22:51:33.0195 2240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/09/07 22:51:33.0227 2240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/07 22:51:33.0289 2240 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/09/07 22:51:33.0336 2240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/09/07 22:51:33.0383 2240 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/09/07 22:51:33.0414 2240 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/09/07 22:51:33.0445 2240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/09/07 22:51:33.0476 2240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/07 22:51:33.0539 2240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/09/07 22:51:33.0570 2240 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/09/07 22:51:33.0585 2240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/09/07 22:51:33.0679 2240 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/09/07 22:51:33.0710 2240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/09/07 22:51:33.0726 2240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/07 22:51:33.0757 2240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/09/07 22:51:33.0788 2240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/09/07 22:51:33.0882 2240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/07 22:51:33.0913 2240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/09/07 22:51:33.0960 2240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/07 22:51:34.0007 2240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/07 22:51:34.0069 2240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/07 22:51:34.0100 2240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/07 22:51:34.0116 2240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/07 22:51:34.0163 2240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/07 22:51:34.0194 2240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/07 22:51:34.0225 2240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/07 22:51:34.0241 2240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/07 22:51:34.0272 2240 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/07 22:51:34.0287 2240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/07 22:51:34.0319 2240 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/07 22:51:34.0350 2240 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/09/07 22:51:34.0381 2240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/07 22:51:34.0412 2240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/07 22:51:34.0428 2240 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/09/07 22:51:34.0475 2240 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/09/07 22:51:34.0537 2240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/07 22:51:34.0599 2240 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/09/07 22:51:34.0631 2240 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/09/07 22:51:34.0662 2240 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/07 22:51:34.0724 2240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/07 22:51:34.0771 2240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/07 22:51:34.0787 2240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/09/07 22:51:34.0818 2240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/07 22:51:34.0865 2240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/09/07 22:51:34.0880 2240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/09/07 22:51:34.0911 2240 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/09/07 22:51:34.0927 2240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/07 22:51:34.0974 2240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/09/07 22:51:34.0989 2240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/07 22:51:35.0021 2240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/07 22:51:35.0052 2240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/09/07 22:51:35.0099 2240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/09/07 22:51:35.0177 2240 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

2011/09/07 22:51:35.0192 2240 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/07 22:51:35.0239 2240 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/07 22:51:35.0286 2240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/07 22:51:35.0333 2240 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/09/07 22:51:35.0364 2240 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/09/07 22:51:35.0395 2240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/07 22:51:35.0489 2240 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

2011/09/07 22:51:35.0551 2240 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/07 22:51:35.0582 2240 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/07 22:51:35.0613 2240 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/09/07 22:51:35.0645 2240 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/09/07 22:51:35.0676 2240 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/07 22:51:35.0691 2240 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/07 22:51:35.0754 2240 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/07 22:51:35.0769 2240 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/07 22:51:35.0801 2240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/07 22:51:35.0832 2240 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/07 22:51:35.0879 2240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/09/07 22:51:35.0910 2240 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/07 22:51:35.0925 2240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/07 22:51:35.0972 2240 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/07 22:51:36.0003 2240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/09/07 22:51:36.0019 2240 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/07 22:51:36.0066 2240 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/07 22:51:36.0113 2240 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

2011/09/07 22:51:36.0144 2240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/07 22:51:36.0175 2240 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/07 22:51:36.0222 2240 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/07 22:51:36.0253 2240 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/07 22:51:36.0300 2240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/09/07 22:51:36.0331 2240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/07 22:51:36.0362 2240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/09/07 22:51:36.0378 2240 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/09/07 22:51:36.0409 2240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/09/07 22:51:36.0440 2240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/09/07 22:51:36.0456 2240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/09/07 22:51:36.0487 2240 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/09/07 22:51:36.0518 2240 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/09/07 22:51:36.0549 2240 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/09/07 22:51:36.0565 2240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/09/07 22:51:36.0596 2240 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/09/07 22:51:36.0627 2240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/07 22:51:36.0674 2240 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS

2011/09/07 22:51:36.0721 2240 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/09/07 22:51:36.0752 2240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/09/07 22:51:36.0815 2240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/07 22:51:36.0846 2240 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/07 22:51:36.0861 2240 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/07 22:51:36.0939 2240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/09/07 22:51:36.0971 2240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/07 22:51:37.0049 2240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/07 22:51:37.0064 2240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/09/07 22:51:37.0111 2240 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/09/07 22:51:37.0205 2240 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/07 22:51:37.0251 2240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/07 22:51:37.0314 2240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/07 22:51:37.0361 2240 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/09/07 22:51:37.0376 2240 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/07 22:51:37.0439 2240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/09/07 22:51:37.0454 2240 Boot (0x1200) (462f3349a70a6d0f88b5142b2bb12e16) \Device\Harddisk0\DR0\Partition0

2011/09/07 22:51:37.0485 2240 Boot (0x1200) (d169dba72b5367527e6ab38a9f17cafe) \Device\Harddisk0\DR0\Partition1

2011/09/07 22:51:37.0485 2240 ================================================================================

2011/09/07 22:51:37.0485 2240 Scan finished

2011/09/07 22:51:37.0485 2240 ================================================================================

2011/09/07 22:51:37.0501 2184 Detected object count: 3

2011/09/07 22:51:37.0501 2184 Actual detected object count: 3

2011/09/07 22:51:51.0229 2184 HiddenFile.Multi.Generic(365ea2de) - User select action: Skip

2011/09/07 22:51:51.0338 2184 AFD (dbbcd12483bd1ff0befee4135ce35626) C:\Windows\system32\drivers\afd.sys

2011/09/07 22:51:51.0338 2184 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: dbbcd12483bd1ff0befee4135ce35626, Fake md5: 0db7a48388d54d154ebec120461a0fcd

2011/09/07 22:51:53.0382 2184 Backup copy not found, trying to cure infected file..

2011/09/07 22:51:53.0382 2184 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)

2011/09/07 22:51:53.0382 2184 C:\Windows\system32\drivers\afd.sys - processing error

2011/09/07 22:51:53.0382 2184 Rootkit.Win32.ZAccess.e(AFD) - User select action: Cure

2011/09/07 22:51:53.0382 2184 ForgedFile.Multi.Generic(MBAMSwissArmy) - User select action: Skip

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Brice at 22:56:09 on 2011-09-07

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2046.1239 [GMT -4:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\3735182902:3382795553.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Brice\Desktop\TDSS\TDSSKiller.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2966884

uInternet Settings,ProxyServer = http=127.0.0.1:55071

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll

mURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [<NO NAME>]

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRun: [1414025238] c:\windows\system32\config\systemprofile\appdata\local\nru.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 64.59.176.13 64.59.176.15

TCP: Interfaces\{F846AD76-5347-41E3-9B85-177B993334A0} : DhcpNameServer = 192.168.1.1 64.59.176.13 64.59.176.15

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brice\appdata\roaming\mozilla\firefox\profiles\3p2tw528.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.chopra.com/dailyinspiration

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\users\brice\appdata\roaming\mozilla\firefox\profiles\3p2tw528.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 136176]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-31 94880]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 136176]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-2 15232]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-7 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-08 02:50:44 -------- d-----w- c:\users\brice\appdata\local\{6595C4DE-F2E5-4946-AA25-D54A9CDA1AE3}

2011-09-08 02:49:18 -------- d-----w- c:\users\brice\appdata\local\{597F9324-F6CF-4A59-BE3A-A9EA459B38F2}

2011-09-08 02:43:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-08 02:43:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-08 02:37:37 -------- d-----w- c:\users\brice\appdata\local\{8C217A8B-C187-4678-88ED-96A80D4150C8}

2011-09-08 02:02:38 -------- d-----w- c:\users\brice\appdata\local\{A77B7599-9B37-4D85-BB38-99D73CB56E2D}

2011-09-08 01:54:14 -------- d-----w- c:\users\brice\appdata\local\{53C4087B-BDDA-4F9A-A8C5-DDDD8EC8116D}

2011-09-07 21:00:35 -------- d-----w- c:\users\brice\appdata\local\{BDC9DB1D-DE41-4D64-8BFF-33B1733EF6EF}

2011-09-07 20:48:37 -------- d-----w- c:\users\brice\appdata\local\{2E23AAF0-407E-4046-8903-1B556006DB4E}

2011-09-07 15:26:19 -------- d-----w- c:\users\brice\appdata\local\{0413861D-2A7F-44F6-BBCD-1BA6D7755BA7}

2011-09-07 05:57:19 -------- d-----w- c:\users\brice\appdata\local\{4A3E2F8E-4DA9-453F-A2CD-F44565861FAC}

2011-09-07 05:49:53 -------- d-----w- C:\dell

2011-09-07 05:34:23 -------- d-----w- c:\users\brice\appdata\local\{617EBD88-765F-4E2B-B9A2-A2F6F76D4942}

2011-09-07 05:32:08 -------- d-----w- c:\users\brice\appdata\local\{BD5E8F85-974E-4A63-8154-C555B514E28C}

2011-09-07 05:27:29 -------- d-----w- c:\users\brice\appdata\local\{1602616D-5DCD-4A8E-AFAA-64245CA178B7}

2011-09-07 05:22:58 -------- d-----w- c:\users\brice\appdata\local\{EFA6D1DE-7D38-4BCA-8367-DF4233D2A897}

2011-09-07 03:42:32 -------- d-----w- c:\users\brice\appdata\roaming\DeviceDoctorSoftware

2011-09-06 22:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-06 21:42:58 -------- d-----w- c:\programdata\REPORTS

2011-09-06 21:42:58 -------- d-----w- c:\programdata\LOGFILES

2011-09-06 21:42:58 -------- d-----w- c:\programdata\INFECTED

2011-09-06 17:07:53 -------- d-----w- c:\users\brice\appdata\local\{410C1A93-0E69-4AF5-A371-4FA49A4FEEE0}

2011-09-06 17:07:21 -------- d-----w- c:\users\brice\appdata\local\{56CE209B-2118-48B9-B9A2-CA1624F4A730}

2011-09-06 04:28:50 -------- d-----w- c:\users\brice\appdata\roaming\uTorrent

2011-09-06 04:28:50 -------- d-----w- c:\users\brice\appdata\local\uTorrent

2011-09-06 02:04:37 -------- d-----w- c:\users\brice\appdata\local\{44885678-9BC6-4BDD-AC1B-0125252681FB}

2011-09-06 02:04:26 -------- d-----w- c:\users\brice\appdata\local\{F1460941-69E1-4657-BE52-B411CEEF76A1}

2011-09-05 14:04:08 -------- d-----w- c:\users\brice\appdata\local\{517B5860-6020-4B4A-AF15-121A869EFB7A}

2011-09-05 14:04:05 -------- d-----w- c:\users\brice\appdata\local\{D172B543-CA4E-49EB-B4D3-437A8CC145D5}

2011-09-05 01:54:00 -------- d-----w- c:\users\brice\Malwarebytes' Anti-Malware

2011-09-04 23:45:22 -------- d-----w- c:\users\brice\appdata\local\{4D4ABB7F-930D-4F58-9934-706E9E8F486B}

2011-09-04 23:44:56 -------- d-----w- c:\users\brice\appdata\local\{21265DF9-C214-4EAB-8DB8-65C7A7C544B3}

2011-09-04 23:42:07 -------- d-----w- c:\program files\CCleaner

2011-09-04 23:40:45 -------- d-----w- c:\users\brice\appdata\roaming\RegClean

2011-09-04 23:40:41 -------- d-----w- c:\program files\RegClean

2011-09-04 11:44:22 -------- d-----w- c:\users\brice\appdata\local\{F476C582-A0AB-4ADF-924D-FAE5A3F43D62}

2011-09-04 11:43:59 -------- d-----w- c:\users\brice\appdata\local\{7B1A7C23-C746-4E17-B4BB-5F8203E4217E}

2011-09-04 06:12:35 -------- d-----w- c:\users\brice\appdata\local\{4D0E0B20-98BD-471F-BEDC-0A91FA1162DA}

2011-09-03 16:04:04 -------- d-----w- c:\users\brice\appdata\local\{C709C4DE-04E1-45FC-980A-1A102AB4AF38}

2011-09-03 16:03:57 -------- d-----w- c:\users\brice\appdata\local\{70593294-4D64-4B5A-90FB-1D265311329B}

2011-09-03 16:02:13 0 ----a-w- c:\users\brice\appdata\local\Bjahitokesik.bin

2011-09-03 16:02:06 -------- d-----w- c:\users\brice\appdata\local\{0180AD48-B35E-4A28-B625-80CA2C306C47}

2011-09-02 17:07:43 4194304 ----a-w- c:\windows\system32\xadqgnnk.dll

2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\wbgb.exe

2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\vmst.exe

2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\rgoc.exe

2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\lknr.exe

2011-09-02 15:19:01 0 ----a-w- c:\programdata\ytuu.exe

2011-09-02 15:19:01 0 ----a-w- c:\programdata\pyfi.exe

2011-09-02 15:19:01 0 ----a-w- c:\programdata\ooqr.exe

2011-09-02 15:19:01 0 ----a-w- c:\programdata\noaf.exe

2011-09-02 14:43:18 -------- d-----w- c:\users\brice\appdata\local\{2B163D51-BB0C-4F49-AA82-0DD7573B03FD}

2011-09-02 14:43:16 -------- d-----w- c:\users\brice\appdata\local\{7E745D95-2917-46E5-A6F9-39EFC9B35D3A}

2011-09-01 19:04:33 -------- d-----w- c:\programdata\fD09801HjFmG09801

2011-09-01 18:41:57 -------- d-----w- c:\users\brice\appdata\local\{94628BB4-7223-4BC0-81CE-C672C6C0D530}

2011-09-01 18:41:25 -------- d-----w- c:\users\brice\appdata\local\{65D347C9-AD94-4861-8032-5B39F86509AD}

2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\uqbi.exe

2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\qpyx.exe

2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\oeng.exe

2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\ikri.exe

2011-09-01 16:43:20 0 ----a-w- c:\programdata\vgiw.exe

2011-09-01 16:43:20 0 ----a-w- c:\programdata\psda.exe

2011-09-01 16:43:20 0 ----a-w- c:\programdata\inrp.exe

2011-09-01 16:43:20 0 ----a-w- c:\programdata\futf.exe

2011-09-01 06:41:04 -------- d-----w- c:\users\brice\appdata\local\{CE7BDAD9-794D-41F9-B010-9C0402AF6253}

2011-09-01 06:41:01 -------- d-----w- c:\users\brice\appdata\local\{71150AAB-92A0-4C88-936A-863104D2D22D}

2011-08-31 20:44:14 177664 ----a-w- c:\windows\system32\unrar.dll

2011-08-31 20:44:14 -------- d-----w- c:\program files\Unrar Extract and Recover 4.2

2011-08-31 20:36:51 -------- d-----w- c:\program files\Conduit

2011-08-31 20:36:50 -------- d-----w- c:\users\brice\appdata\local\Conduit

2011-08-31 20:36:50 -------- d-----w- c:\program files\PhotoJoy_Bar

2011-08-31 20:36:27 -------- d-----w- c:\program files\Intelore

2011-08-31 15:09:31 -------- d-----w- c:\users\brice\appdata\local\{861FCEA7-6CFC-453D-859F-71438DF57946}

2011-08-31 15:08:22 -------- d-----w- c:\users\brice\appdata\local\{1497C669-DFB3-41EE-8986-89EBD9CDBD48}

2011-08-31 03:05:11 -------- d-----w- c:\users\brice\appdata\local\{81B696AA-CD4B-4712-9F5B-C41BF4103B0D}

2011-08-31 03:04:07 -------- d-----w- c:\users\brice\appdata\local\{8D088E08-71AC-4BB9-ADE6-DFC6D02D4A39}

2011-08-30 15:03:34 -------- d-----w- c:\users\brice\appdata\local\{E9B15090-5F26-47A2-8DD5-E4CFC709A5B4}

2011-08-30 15:03:11 -------- d-----w- c:\users\brice\appdata\local\{14ED39FC-92BE-43ED-A10E-1230B8CBE951}

2011-08-30 03:02:25 -------- d-----w- c:\users\brice\appdata\local\{1E4734C2-5EDD-437B-B47C-103D2DE3D879}

2011-08-30 03:00:55 -------- d-----w- c:\users\brice\appdata\local\{A5D11A39-A96B-4C69-97FC-C6AF3E6AEFC2}

2011-08-29 14:09:49 -------- d-----w- c:\users\brice\appdata\local\{DB8238B9-8BB8-42E7-B332-4E3F4299D226}

2011-08-29 14:08:59 -------- d-----w- c:\users\brice\appdata\local\{7F36145A-336E-49DD-9A69-B25AACA0B85B}

2011-08-28 18:40:34 -------- d-----w- c:\users\brice\appdata\local\{C6C05ED5-48A1-4649-B416-ED18CDB6938C}

2011-08-28 18:39:29 -------- d-----w- c:\users\brice\appdata\local\{2C027371-43EF-4B0F-9980-B89861B819EC}

2011-08-27 18:52:47 -------- d-----w- c:\users\brice\appdata\local\{69EF345D-70A8-4D3D-995C-1A21239058AB}

2011-08-27 18:52:39 -------- d-----w- c:\users\brice\appdata\local\{1D7D0182-9735-4AB1-8390-2639D2C8CE9D}

2011-08-27 05:59:31 -------- d-----w- c:\users\brice\appdata\local\{39423B4A-614C-4C10-ABD3-EAC4074C07BE}

2011-08-26 16:25:43 -------- d-----w- c:\users\brice\appdata\local\{44002B0C-2675-4EBD-8EEA-B35CC3D155F1}

2011-08-26 16:25:29 -------- d-----w- c:\users\brice\appdata\local\{17349B5A-8D36-462D-A223-E9268B5946B3}

2011-08-26 04:25:12 -------- d-----w- c:\users\brice\appdata\local\{03D9075E-B198-45F7-987F-6493967B3EA2}

2011-08-26 04:24:43 -------- d-----w- c:\users\brice\appdata\local\{E71E428E-EC40-44BF-8ADA-0DC17C5F650C}

2011-08-25 16:24:09 -------- d-----w- c:\users\brice\appdata\local\{4FDF6F82-AFCC-4009-99D5-E9CDF5A2F703}

2011-08-25 16:23:49 -------- d-----w- c:\users\brice\appdata\local\{D6F15894-69FC-4FC9-954A-8A7F834B2186}

2011-08-25 04:23:09 -------- d-----w- c:\users\brice\appdata\local\{521F5482-B167-491F-98E7-C4CB4F50A8A7}

2011-08-24 15:57:07 -------- d-----w- c:\users\brice\appdata\local\{F401310B-72CB-4AAA-9030-E6E9E74D9458}

2011-08-24 15:56:53 -------- d-----w- c:\users\brice\appdata\local\{758EF851-75A8-488D-8A91-6400FF0C7A9C}

2011-08-24 03:47:12 -------- d-----w- c:\users\brice\appdata\local\{527AB5BE-438B-4914-B98D-35B56857C9D6}

2011-08-24 03:46:39 -------- d-----w- c:\users\brice\appdata\local\{9AFF5E57-B7F5-4580-B488-84FD8376C003}

2011-08-23 20:45:36 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 14:32:26 -------- d-----w- c:\users\brice\appdata\local\{F190564F-9D0F-471B-B75D-6B23F190DAEF}

2011-08-23 04:08:57 -------- d-----w- c:\users\brice\appdata\local\{1D6ACDE3-F414-4843-B795-6CA50F3C2411}

2011-08-22 12:25:04 -------- d-----w- c:\users\brice\appdata\local\{2F186D31-6A2E-4F4A-93FB-6105EE72814C}

2011-08-22 12:25:02 -------- d-----w- c:\users\brice\appdata\local\{B1C1ACFB-5709-4F7D-A9DC-0F912D2129DC}

2011-08-21 16:18:50 -------- d-----w- c:\users\brice\appdata\local\{F91B2707-76BF-43D7-BDA2-EA9030B74AD9}

2011-08-21 16:18:03 -------- d-----w- c:\users\brice\appdata\local\{FE3F8C81-E7E1-47C7-BF1A-B8904DB88476}

2011-08-20 23:27:51 -------- d-----w- c:\users\brice\appdata\local\{760AF597-323B-4791-AB34-41CA9C29B4BA}

2011-08-20 23:27:01 -------- d-----w- c:\users\brice\appdata\local\{7C3D76F8-1878-4C53-A459-AD9B3549A047}

2011-08-20 06:43:25 -------- d-----w- c:\users\brice\appdata\local\{591F8B0D-A972-4CF5-BCB2-DAA4D49E3BFE}

2011-08-20 06:43:20 -------- d-----w- c:\users\brice\appdata\local\{AEB55C06-8B36-4B2C-9F0A-525E3E88EE5C}

2011-08-20 00:13:48 -------- d-----w- c:\program files\YouTube Downloader Toolbar

2011-08-20 00:13:48 -------- d-----w- c:\program files\common files\Spigot

2011-08-20 00:13:48 -------- d-----w- c:\program files\Application Updater

2011-08-19 11:47:38 -------- d-----w- c:\users\brice\appdata\local\{22EE0E08-46E9-460A-83C8-54F8514372CE}

2011-08-19 11:47:36 -------- d-----w- c:\users\brice\appdata\local\{5B940978-9C34-48B7-8393-DD012A46255B}

2011-08-18 05:30:56 -------- d-----w- c:\users\brice\appdata\local\{6DB30432-3205-4085-B7AD-95B87FFEC0DE}

2011-08-18 05:30:24 -------- d-----w- c:\users\brice\appdata\local\{D94CD60B-CA71-4828-A173-96893B8D07CA}

2011-08-17 17:30:08 -------- d-----w- c:\users\brice\appdata\local\{4E26B0C9-FFFB-41F3-B18A-63332DB2EBF6}

2011-08-17 17:29:05 -------- d-----w- c:\users\brice\appdata\local\{6ABB1549-D453-40E1-8944-30E8BCAAF4FA}

2011-08-17 03:42:31 -------- d-----w- c:\users\brice\appdata\local\{79983774-AC2F-4AB8-8113-5077E980777F}

2011-08-17 03:41:44 -------- d-----w- c:\users\brice\appdata\local\{9383F3E6-860F-44CE-BC9B-D5E1DD64C293}

2011-08-16 11:17:32 -------- d-----w- c:\users\brice\appdata\local\{CCF6A5FD-2503-4F04-9401-C2A49C69C9B1}

2011-08-16 11:17:30 -------- d-----w- c:\users\brice\appdata\local\{DF3F786B-4165-418C-ADF4-79ECEC96DE9A}

2011-08-15 09:45:47 -------- d-----w- c:\users\brice\appdata\local\{F7474C52-5E6B-478B-A5A3-A93CF0ACE063}

2011-08-15 09:45:45 -------- d-----w- c:\users\brice\appdata\local\{0E11C191-1034-4A38-B7E8-ED08A3D37CA7}

2011-08-13 15:36:36 -------- d-----w- c:\users\brice\appdata\local\{161E1ECA-E1CC-48AE-8954-F2388DFA32E7}

2011-08-13 15:36:19 -------- d-----w- c:\users\brice\appdata\local\{B060D322-C8DF-45E4-99E3-5F6ABE741EDF}

2011-08-13 02:02:59 -------- d-----w- c:\users\brice\appdata\local\{C010BFD7-30D5-4E09-808B-84B24BBFC3A3}

2011-08-12 12:00:09 -------- d-----w- c:\users\brice\appdata\local\{FC785FF6-A081-4CD8-BC3E-2A89086FB848}

2011-08-12 12:00:07 -------- d-----w- c:\users\brice\appdata\local\{5C64E399-7573-4270-8743-EA68E9B94081}

2011-08-11 15:24:22 -------- d-----w- c:\users\brice\appdata\local\{ABF60853-75B4-42D8-BCAF-5FB0449F8816}

2011-08-11 15:24:07 -------- d-----w- c:\users\brice\appdata\local\{63D7C192-4712-487C-B720-A8E2CFBEC113}

2011-08-10 15:57:10 -------- d-----w- c:\users\brice\appdata\local\{169D0DBE-6643-4845-911D-B1014F70CDB8}

2011-08-10 15:56:44 -------- d-----w- c:\users\brice\appdata\local\{E67A8B39-5BBA-4C8D-9D1D-6209E890002D}

2011-08-09 16:06:52 -------- d-----w- c:\users\brice\appdata\local\{17C6CD76-AFDF-49F2-BC49-D9DF3F6A32B3}

2011-08-09 16:05:48 -------- d-----w- c:\users\brice\appdata\local\{F2903689-4FCA-4BC9-B2EB-149BC7F49F0F}

2011-08-09 03:42:45 -------- d-----w- c:\users\brice\appdata\local\{EDD268DC-72D2-4507-B5AD-E8D7E0A1862F}

2011-08-09 03:42:14 -------- d-----w- c:\users\brice\appdata\local\{644F7788-BCF1-44C0-9849-055FFDA81D83}

.

==================== Find3M ====================

.

2011-08-17 17:32:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-29 07:19:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec

2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:56:37.83 ===============

[Bossk34]

Oh as well, the TDSSkiller didn't prompt me to reboot, if that means anything. It found 3 items, but one it said skip.

[Bossk34]

Hey sorry for posting so much, but the virus running when I look in task manager is 3735182902:3382795553.exe and is SYSTEM under user name.

[Bossk34]

Hey sorry for posting so much, but the virus running when I look in task manager is 3735182902:3382795553.exe and is SYSTEM under user name.

I keep posting stuff, but im gonna put as much info as I can in order to hopefully help you get a scope of whats going on so we can get rid of this virus.

On top of that when I turned my computer on this morning i left to go eat breakfast and I came back and it said it had installed updates. I take it the virus is re installing itself?

[screen317]

Hi,

My apologies for the delay.

Please delete your copy of TDSSKiller, grab a fresh copy, run it, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!