Inactive [A] Rookit virus and 100% CPU usage

[SamNoMore]

Hello All,
This morning I was on my laptop and started to receive a message from my anti-virus about malicious programs trying to start, do not remember what the programs where I just hit "Quarantine". I am running windows XP and the anti-virus is Malwarebyes. So I decided to update the anti-virus so I can scan the computer. The update took for ever but it did update. I checked the Task Manager to find out that my CPU Usage is 100%.
I rebooted in SAFE mode to run a a full scan. After scan finished I was told to reboot to remove the viruses. After reboot the CPU is still running on 100% CPU Usage.

I was only able to run GMER in Normal mode, Marlwarebyes and DDS was run in Safe Mode.

Appreciate any help.
Sam


Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: ESAADEH [limited]

Protection: Disabled

3/13/2012 4:59:48 PM
mbam-log-2012-03-13 (16-59-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 491267
Time elapsed: 2 hour(s), 48 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\WINDOWS\system32\dlcj_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DBFAF92B-4BD1-40A8-9CAC-90DB38E1AE1B}\RP245\A0029968.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvupdtio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\388.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\389.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\38F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ewynjr\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\svcs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-13 22:20:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: 3zw7buqx.exe; Driver: C:\DOCUME~1\Essam\LOCALS~1\Temp\pwldapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 852AE0AE
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 852ADF76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 852AE0AE
Device \Driver\atapi \Device\Ide\IdePort0 852ADF76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 852AE0AE
Device \Driver\atapi \Device\Ide\IdePort1 852ADF76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 852AE0AE
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 852ADF76

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 336
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3404
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3496
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 3628

---- EOF - GMER 1.0.15 ----

 

[SamNoMore]

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 21:05:54 on 2012-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.750 [GMT -4:00]
.
.
============== Running Processes ===============
.
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
dExplorerRun: [JavaSoft] c:\windows\system32\config\systemprofile\application data\A40C14.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5BD2CDE5-169A-442D-9F45-8989D19A7133} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u17i13kw.default\
.
============= SERVICES / DRIVERS ===============
.
S2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2011-9-21 7632288]
S2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2011-12-12 11936]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2011-9-21 45384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-21 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-21 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-13 40776]
S3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\drivers\PTLIBUSB0.SYS [2011-12-12 22144]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-8-21 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== File Associations ===============
.
.txt=SigilTXT
.
=============== Created Last 30 ================
.
2012-03-14 00:49:21 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2012-03-14 00:38:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-13 20:59:00 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-03-13 04:14:03 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-13 04:13:20 847872 ----a-w- c:\documents and settings\all users\application data\5D40.tmp
2012-03-13 04:13:20 847872 ----a-w- c:\documents and settings\all users\application data\23C1.tmp
2012-02-20 16:08:25 -------- d-----w- c:\windows\XSxS
2012-02-20 16:08:25 -------- d-----w- c:\program files\Xenocode
2012-02-15 23:18:15 -------- d-----w- c:\program files\Jtag Tool
2012-02-15 02:42:25 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 02:42:25 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 21:47:09 -------- d-----w- c:\program files\CommViewWiFi
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 21:19:18 203976 ----a-w- c:\windows\system32\Richtx32.ocx
2012-01-07 17:47:09 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2012-01-03 07:28:06 2570286 ----a-w- c:\windows\system32\abgx360.exe
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2009-02-09 12:10:48 31744 --sh--w- c:\windows\system32\config\systemprofile\application data\A40C14.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x86DD8A2E]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x86ddb180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x86ddb178]; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F73AB8]
\Driver\Disk[0x86F749A8] -> IRP_MJ_READ -> 0x86DD8A2E
kernel: MBR read successfully
_asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86DD90AE
\Driver\atapi -> 0x86dd8f76
IoDeviceObjectType -> ParseProcedure -> 0x86dd820c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x86dd820c
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21:06:10.07 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/21/2011 11:59:14 AM
System Uptime: 3/13/2012 8:46:43 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0YD632
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 18.094 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CF1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CF1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CF1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CF1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CF1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CF1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CF1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CF1028&REV_01\3&61AAA01&0&FB
Service:
.
==== System Restore Points ===================
.
RP185: 1/12/2012 1:50:19 AM - System Checkpoint
RP186: 1/13/2012 2:48:27 AM - System Checkpoint
RP187: 1/14/2012 3:48:27 AM - System Checkpoint
RP188: 1/15/2012 4:51:47 AM - System Checkpoint
RP189: 1/16/2012 5:13:05 AM - System Checkpoint
RP190: 1/17/2012 6:13:00 AM - System Checkpoint
RP191: 1/18/2012 7:13:08 AM - System Checkpoint
RP192: 1/19/2012 8:13:08 AM - System Checkpoint
RP193: 1/20/2012 9:13:16 AM - System Checkpoint
RP194: 1/21/2012 10:13:09 AM - System Checkpoint
RP195: 1/22/2012 11:13:08 AM - System Checkpoint
RP196: 1/23/2012 12:38:38 AM - Software Distribution Service 3.0
RP197: 1/24/2012 12:49:47 AM - System Checkpoint
RP198: 1/25/2012 12:55:28 AM - System Checkpoint
RP199: 1/26/2012 1:54:33 AM - System Checkpoint
RP200: 1/27/2012 2:54:32 AM - System Checkpoint
RP201: 1/28/2012 3:54:38 AM - System Checkpoint
RP202: 1/29/2012 4:54:36 AM - System Checkpoint
RP203: 1/30/2012 5:54:32 AM - System Checkpoint
RP204: 1/31/2012 6:09:01 AM - System Checkpoint
RP205: 2/1/2012 6:54:37 AM - System Checkpoint
RP206: 2/2/2012 7:54:47 AM - System Checkpoint
RP207: 2/3/2012 9:07:11 AM - System Checkpoint
RP208: 2/4/2012 9:54:41 AM - System Checkpoint
RP209: 2/5/2012 10:55:46 AM - System Checkpoint
RP210: 2/6/2012 11:53:38 AM - System Checkpoint
RP211: 2/7/2012 3:28:41 PM - System Checkpoint
RP212: 2/8/2012 5:43:33 PM - System Checkpoint
RP213: 2/9/2012 5:49:40 PM - System Checkpoint
RP214: 2/10/2012 5:54:33 PM - System Checkpoint
RP215: 2/11/2012 6:55:47 PM - System Checkpoint
RP216: 2/12/2012 8:08:08 PM - System Checkpoint
RP217: 2/13/2012 8:57:26 PM - System Checkpoint
RP218: 2/14/2012 10:24:26 PM - System Checkpoint
RP219: 2/15/2012 11:06:16 PM - System Checkpoint
RP220: 2/16/2012 11:48:25 PM - System Checkpoint
RP221: 2/17/2012 11:52:34 PM - System Checkpoint
RP222: 2/19/2012 12:04:37 AM - System Checkpoint
RP223: 2/20/2012 12:43:38 AM - System Checkpoint
RP224: 2/21/2012 12:46:58 AM - System Checkpoint
RP225: 2/22/2012 1:00:23 AM - System Checkpoint
RP226: 2/23/2012 2:00:20 AM - System Checkpoint
RP227: 2/24/2012 3:01:02 AM - System Checkpoint
RP228: 2/25/2012 4:00:29 AM - System Checkpoint
RP229: 2/26/2012 5:00:39 AM - System Checkpoint
RP230: 2/27/2012 5:47:09 AM - System Checkpoint
RP231: 2/28/2012 6:47:15 AM - System Checkpoint
RP232: 2/29/2012 7:48:31 AM - System Checkpoint
RP233: 3/1/2012 8:47:23 AM - System Checkpoint
RP234: 3/2/2012 9:01:48 AM - System Checkpoint
RP235: 3/3/2012 9:47:36 AM - System Checkpoint
RP236: 3/4/2012 10:47:37 AM - System Checkpoint
RP237: 3/5/2012 12:08:17 PM - System Checkpoint
RP238: 3/6/2012 12:49:35 PM - System Checkpoint
RP239: 3/7/2012 2:44:40 PM - System Checkpoint
RP240: 3/8/2012 3:06:05 PM - System Checkpoint
RP241: 3/9/2012 3:56:53 PM - System Checkpoint
RP242: 3/10/2012 4:47:42 PM - System Checkpoint
RP243: 3/10/2012 8:40:47 PM - Software Distribution Service 3.0
RP244: 3/11/2012 10:03:50 PM - System Checkpoint
RP245: 3/12/2012 10:15:31 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
abgx360 v1.0.6
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BayGenie eBay Auction Sniper Pro Edition 3.3.5.8
bitRipper
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom TPM Driver Installer
calibre
CloneCD
CommView for WiFi
Conexant HDA D110 MDC V.92 Modem
Connected Backup/PC Agent
ConvertXtoDVD 4.1.19.365
DVD Decrypter (Remove Only)
DVD Shrink 3.2
GDR 1617 for SQL Server 2008 R2 (KB2494088)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java(TM) 6 Update 26
JDownloader 0.9
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client Activex Control
K-Lite Mega Codec Pack 7.0.0
KProbe 2.5.2
LeapFrog Connect
LeapFrog My Pals Plugin
Lexmark Software Uninstall
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft DirectX 9.0 SDK Update (October 2005)
Microsoft Document Explorer 2005
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Software Update for Web Folders (English) 12
Microsoft Speech SDK 5.1
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual SourceSafe 6.0
Microsoft Visual Studio 2005 Professional Edition - ENU
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 6.0 Parser
NVIDIA Drivers
Oz776 SCR Driver V1.1.4.2
Python 2.7 pycrypto-2.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SES Driver
Sigil 0.4.2
SigmaTel Audio
Snagit 10.0.1
SQL Server 2008 R2 Client Tools
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Management Studio
StAPH ver 1.25 - "Rise Of The Themes"
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
visionapp Remote Desktop 2010 R2
VNC Free Edition 4.1.3
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WinSCP 4.3.4
XMPEG 5.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:21:54 AM, error: Dhcp [1002] - The IP address lease 172.30.102.25 for the Network Card with network address 00FF983CCA86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
3/7/2012 9:28:57 AM, error: Dhcp [1002] - The IP address lease 172.30.102.6 for the Network Card with network address 00FF983CCA86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
3/13/2012 9:53:45 AM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: The specified procedure could not be found.
3/13/2012 9:38:40 AM, error: Service Control Manager [7023] - The Stac97 service terminated with the following error: The specified procedure could not be found.
3/13/2012 9:37:46 AM, error: Service Control Manager [7023] - The StkScan service terminated with the following error: The specified procedure could not be found.
3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Winsock service terminated with the following error: The specified module could not be found.
3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified module could not be found.
3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified module could not be found.
3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: The specified module could not be found.
3/13/2012 9:32:58 AM, error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: The specified module could not be found.
3/13/2012 9:22:50 AM, error: Service Control Manager [7023] - The MicroSoft Team Provider service terminated with the following error: The specified procedure could not be found.
3/13/2012 9:22:50 AM, error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: The specified procedure could not be found.
3/13/2012 8:53:26 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/13/2012 8:51:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/13/2012 8:27:11 PM, error: Service Control Manager [7023] - The Npptnt2 service terminated with the following error: The specified module could not be found.
3/13/2012 4:58:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/13/2012 4:58:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/13/2012 4:58:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2012 4:25:55 PM, error: Service Control Manager [7023] - The Rpaservice service terminated with the following error: The specified module could not be found.
3/13/2012 3:47:55 AM, error: VolSnap [20] - The shadow copy of volume G: was aborted because of a failed free space computation.
3/13/2012 2:31:47 AM, error: PlugPlayManager [11] - The device Root\LEGACY_.NETBT\0000 disappeared from the system without first being prepared for removal.
3/13/2012 12:19:13 AM, error: Service Control Manager [7023] - The Nmsaccess service terminated with the following error: The specified procedure could not be found.
3/13/2012 12:18:15 AM, error: Service Control Manager [7023] - The Winsock service terminated with the following error: The specified procedure could not be found.
3/13/2012 12:15:14 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified procedure could not be found.
3/13/2012 12:14:18 AM, error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified procedure could not be found.
3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Tng-dtmg service terminated with the following error: The specified module could not be found.
3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The StkScan service terminated with the following error: The specified module could not be found.
3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Stac97 service terminated with the following error: The specified module could not be found.
3/13/2012 11:47:57 AM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: The specified module could not be found.
3/13/2012 11:47:57 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/13/2012 11:42:09 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/13/2012 10:08:48 AM, error: Service Control Manager [7023] - The Tng-dtmg service terminated with the following error: The specified procedure could not be found.
3/12/2012 9:38:22 AM, error: Service Control Manager [7023] - The DNS Client service terminated with the following error: No protocol sequences have been registered.
3/12/2012 9:38:20 AM, error: dnscache [11004] - Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below.
3/12/2012 9:38:05 AM, error: Dhcp [1002] - The IP address lease 172.30.102.16 for the Network Card with network address 00FF8804D986 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
3/11/2012 10:32:51 AM, error: Dhcp [1002] - The IP address lease 172.30.102.25 for the Network Card with network address 00FF8804D986 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
3/10/2012 6:54:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
3/10/2012 6:54:21 PM, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/10/2012 6:54:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/10/2012 10:19:34 PM, error: LV_Tracker [68] -
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.