Looks like you have a Rootkit.
Please download ComboFix from
Here and save to your Desktop.
[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.
- NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
===================================
When the scan has finished, follow with this:
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
KillAll::
File::
c:\windows\system32\drivers\hitmanpro35.sys
Folder::
c:\program files\Hitman Pro 3.5
c:\docume~1\alluse~1\applic~1\Hitman Pro
c:\docume~1\alluse~1\applic~1\Alwil Software
Registry::
Driver::
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt .
Please attach to your next reply.
====================
You have a driver running that is related to the NForce Platform Drivers & Utilities for MSI motherboard. Do you or did you have a nVidia graphics card and an MSI motherboard?
I am having you remove Hitman Pro for these reasons:
Is there a particular reason you don't recommend the Hitman program?
Yes, a few. Based on what I read and the cleaning programs I run. Others may think differently. The publisher's description is:
Anti-spyware program combines up to six popular engines to maximize removal effectiveness.
While the scans with Hitman are free, removal of the malware can only be done within the 30 trial.
Hitman Pro (version 1 and 2) automatically downloads, installs and runs third party anti-spyware and anti-adware programs that are freely available on the Internet:
[*] Eset NOD32 antivirus system (trial, expires in 30 days)
[*] Webroot Spy Sweeper (trial, expires in 7 days)
[*] PC tools Spyware doctor (demo, will not clean anything)
[*] Lavasoft AdAware SE (freeware)
[*] Safer Networking Spybot - Search & Destroy (freeware)
[*] TrendMicro CWShredder (freeware)
[*] JavaCool Software SpywareBlaster (freeware)
[*] McAfee VirusScan SuperDAT (virus signature definition updates, McAfee PrimeSupport license required for qualifying product)
[*] Ewido Micro Scanner (freeware)(AVG)
The scan time was very long, the program used many system resources and errors in the used third party programs could cause system instability
Hitman Pro is using other people’s knowledge without their permission. NOD32 has granted permission to use their software. Software producer Lavasoft is in discussion with Mr. Loman over changes to the program before granting any official permission to implement their software and McAfee says they did not grant permission and claim no knowledge at all of the program with no further comment.[/quote]
Hitman Pro 3 uses a white list that includes Windows system files and other (safe) files that are present on most PCs.
Hitman Pro 3 also requires a license key to remove malware found on a users computer, however it does offer a free 30-day trial.
The new version of Hitman Pro, version 3, uses:
- NOD32 Antivirus
- Avira AntiVir
- Prevx
- G DATA Anti-Virus
- a-squared Anti-Malware
Virus scanners are not installed on the local computer, but in the scan cloud on Internet
Unlimited
free scanning and free
30-day version to remove detected malware
None of these programs- alone or together have the power of a program like Combofix- or other 'intensive' programs. While Hitman may resolve one problem, that does not mean all of the malware has been removed.