kaelyn

I have acquired a virus called Trojan horse Backdoor.Generic11.ZNE. AVG pops up claiming multiple threat detection and the virus keeps multiplying itself. It appears that it's multiplying quicker than when it first appeared. If I do a computer scan with AVG it doesn't show up. It says the file infected is C:\Windows\System32\hjgruituqrevee.dll.
Since the virus appeared my computer has been noticeably slower. Programs tend to not run well and go into not responding mode. ...and the time on the computer suddenly changed to two hours behind the actual time. I don't know if that's relevent but I thought I might as well include it. Also, the menu>restart button doesn't work. I have to physically turn off the computer by pressing the button.
I cannot get the program Gmer to run on my computer. I have tried four times, twice restarting my computer. I have including the information from the DDS program, however. If the Gmer information is dire, I can attempt to run it again.
I hope I have included everything you need. Thanks in advance for your help!

Here are the contents of the DDS log.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Cierra at 18:51:26.25 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3327.2396 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\infoaxe\updater.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cierra\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: infoaxe.com Toolbar: {2f8d500e-4546-45b7-9236-d4fd9850cf1c} - c:\program files\infoaxe\ietb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: infoaxe.com Toolbar: {717edde0-444f-4ff0-b9c9-f60ec423e690} - c:\program files\infoaxe\ietb.dll
uRun: [InfoaxeUpdater] c:\program files\infoaxe\updater.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DelReg] c:\program files\msi\dualcorecenter\DelReg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\cierra\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dualco~1.lnk - c:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: globalexpeditions.com\www
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-3 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-3 108552]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-2 25896]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-3 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-3 298776]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-4-23 95544]
R3 DualCoreCenter;DualCoreCenter;c:\program files\msi\dualcorecenter\NTGLM7X.sys [2009-7-3 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\msi\dualcorecenter\RushTop.sys [2009-7-3 56320]
R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2_X86.sys [2009-7-3 238072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-6 38160]

=============== Created Last 30 ================

2009-07-06 17:22 <DIR> --d----- c:\programdata\WindowsSearch
2009-07-06 12:17 <DIR> --d----- c:\users\cierra\appdata\roaming\Malwarebytes
2009-07-06 12:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 12:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-06 12:17 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-06 12:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 12:17 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-06 01:13 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-06 01:01 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-07-06 00:55 <DIR> --d----- c:\programdata\Adobe
2009-07-06 00:36 89,036 a---h--- c:\windows\system32\mlfcache.dat
2009-07-05 23:55 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-07-05 23:54 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-07-05 23:15 <DIR> --d----- c:\program files\infoaxe
2009-07-05 23:15 <DIR> --d----- c:\program files\YouTube Downloader
2009-07-05 23:07 <DIR> --d----- c:\users\cierra\appdata\roaming\Bump Technologies, Inc
2009-07-05 23:07 <DIR> --d----- c:\program files\BumpTop
2009-07-05 14:14 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-05 14:14 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-05 14:14 <DIR> --d----- c:\program files\iPod
2009-07-05 14:14 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-05 14:14 <DIR> --d----- c:\program files\iTunes
2009-07-05 14:14 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-05 14:14 <DIR> --d----- c:\program files\Bonjour
2009-07-05 14:14 <DIR> --d----- c:\programdata\Apple Computer
2009-07-05 14:14 <DIR> --d----- c:\programdata\Apple
2009-07-04 14:07 <DIR> --d----- c:\programdata\2DBoy
2009-07-04 14:07 <DIR> --d----- c:\progra~2\2DBoy
2009-07-04 14:06 <DIR> a-d----- c:\programdata\TEMP
2009-07-04 14:06 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-07-04 14:06 <DIR> --d----- c:\windows\system32\directx
2009-07-04 14:06 <DIR> --d----- c:\program files\World of Goo
2009-07-04 13:58 <DIR> --d----- c:\program files\bfgclient
2009-07-04 13:57 <DIR> --d----- C:\BigFishGamesCache
2009-07-04 13:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-03 20:42 1,060,864 a------- c:\windows\MFC71.dll
2009-07-03 20:42 499,712 a------- c:\windows\msvcp71.dll
2009-07-03 20:42 348,160 a------- c:\windows\msvcr71.dll
2009-07-03 20:42 1,622,016 a------- c:\windows\NVBenchMarks.dll
2009-07-03 20:42 421,888 a------- c:\windows\nvsulib.dll
2009-07-03 20:42 380,928 a------- c:\windows\ntuneoem.dll
2009-07-03 20:42 217,088 a------- c:\windows\NVGfxOgl.dll
2009-07-03 20:42 53,248 a------- c:\windows\Nvgpio.dll
2009-07-03 20:42 45,056 a------- c:\windows\NTuneGpu.dll
2009-07-03 20:42 28,672 a------- c:\windows\AutoTuneScript.dll
2009-07-03 20:42 18,216 a------- c:\windows\nvoclk64.sys
2009-07-03 20:42 6,912 a------- c:\windows\nvoclock.sys
2009-07-03 20:40 <DIR> --d----- c:\program files\Setup Files
2009-07-03 20:39 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-03 20:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-03 20:39 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 20:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-03 20:39 <DIR> --d----- c:\programdata\avg8
2009-07-03 20:39 <DIR> --d----- c:\program files\AVG
2009-07-03 20:39 <DIR> --d----- c:\progra~2\avg8
2009-07-03 20:35 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-03 20:35 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-03 20:35 623,616 a------- c:\windows\system32\localspl.dll
2009-07-03 20:32 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-03 20:31 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-03 20:31 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-03 20:31 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-03 20:27 238,072 a------- c:\windows\system32\drivers\WUSB54GSCV2_X86.sys
2009-07-03 17:35 684,032 a------- c:\windows\system32\tmp5599.tmp
2009-07-03 17:35 421,888 a------- c:\windows\system32\tmp55AA.tmp
2009-07-03 17:34 <DIR> --d----- c:\program files\Lexmark Z500-Z600 Series
2009-07-03 17:25 <DIR> --d----- c:\program files\MSI
2009-07-03 17:25 327,168 a------- c:\windows\IsUninst.exe
2009-07-03 16:31 <DIR> --d----- c:\programdata\ATI
2009-07-03 16:31 0 a------- c:\windows\ativpsrm.bin
2009-07-03 16:28 <DIR> --dsh--- c:\windows\Installer
2009-07-03 16:28 <DIR> --d----- c:\program files\ATI
2009-07-03 16:27 <DIR> --d----- c:\program files\ATI Technologies
2009-07-03 16:27 <DIR> --d----- C:\ATI
2009-07-03 14:57 220,912,995 a------- c:\windows\MEMORY.DMP
2009-07-03 14:47 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-03 14:47 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-03 14:47 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-03 14:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-03 14:45 <DIR> --d----- c:\windows\system32\SPReview
2009-07-03 14:39 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-07-03 14:00 <DIR> --d----- C:\PerfLogs
2009-07-03 13:43 193,024 a------- c:\windows\system32\recdisc.exe
2009-07-03 13:43 6,656 a------- c:\windows\system32\sdspres.dll
2009-07-03 13:41 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-07-03 13:40 6,656 a------- c:\windows\system32\kbd106n.dll
2009-07-03 13:39 196,608 a------- c:\windows\SPInstall.etl
2009-07-03 12:40 <DIR> --d----- c:\windows\pss
2009-07-02 20:46 <DIR> --d----- c:\windows\Panther
2009-07-02 20:45 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-07-02 20:45 333,257 a--shr-- C:\bootmgr
2009-07-02 20:45 <DIR> --dsh--- C:\Boot
2009-07-02 20:45 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-07-02 20:45 <DIR> --d----- c:\windows\system32\OEM
2009-07-02 20:27 25,896 a------- c:\windows\system32\drivers\RtlProt.sys
2009-07-02 20:17 553 -----r-- c:\windows\USetup.iss
2009-07-02 20:17 98,304 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-07-02 20:17 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-02 20:17 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-02 20:16 <DIR> --d----- c:\program files\Realtek
2009-07-02 20:14 <DIR> --d----- C:\Intel
2009-07-02 20:03 <DIR> --d----- c:\users\Cierra

==================== Find3M ====================

2009-07-05 14:14 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-05 14:14 86,016 a------- c:\windows\inf\infstor.dat
2009-07-05 14:14 51,200 a------- c:\windows\inf\infpub.dat
2009-07-03 14:47 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-03 14:05 174 a--sh--- c:\program files\desktop.ini
2009-07-03 13:52 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-07-03 13:52 82,432 a------- c:\windows\system32\axaltocm.dll
2009-07-02 20:16 315,392 a------- c:\windows\HideWin.exe
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-15 21:01 4,933,632 a------- c:\windows\system32\drivers\atikmdag.sys
2009-05-15 20:24 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 20:24 335,872 a------- c:\windows\system32\atieclxx.exe
2009-05-15 20:23 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-05-15 20:22 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-05-15 20:22 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 20:22 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 20:22 11,776 a------- c:\windows\system32\atimuixx.dll
2009-05-15 20:22 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 20:19 2,411,008 a------- c:\windows\system32\atidxx32.dll
2009-05-15 20:08 3,064,832 a------- c:\windows\system32\atiumdag.dll
2009-05-15 19:53 2,847,744 a------- c:\windows\system32\atiumdva.dll
2009-05-15 19:42 51,712 a------- c:\windows\system32\atimpc32.dll
2009-05-15 19:42 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 19:41 172,032 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 19:40 11,376,640 a------- c:\windows\system32\atioglxx.dll
2009-05-15 19:27 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-05-15 19:00 53,248 a------- c:\windows\system32\aticalrt.dll
2009-05-15 19:00 53,248 a------- c:\windows\system32\aticalcl.dll
2009-05-15 18:59 3,174,400 a------- c:\windows\system32\aticaldd.dll
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-05 12:33 118,784 a------- c:\windows\system32\atibtmon.exe
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 12:04 189,051 a------- c:\windows\system32\atiicdxx.dat
2009-04-10 23:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-10 23:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-10 23:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-10 23:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-10 23:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-10 23:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-10 23:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-10 23:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-10 23:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-10 23:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-10 23:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-10 23:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-10 23:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-10 23:27 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2009-04-10 23:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-10 23:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-10 22:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 22:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 21:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 21:55 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 21:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 21:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 21:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 21:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 18:59 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-04-10 18:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:52:33.60 ===============

Attached Files

Attach.zip (3.6 KB, 4 views)

chemist

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you. Please run this special version of gmer.

Download GMER Rootkit Scanner from here and Save it to your Desktop.

• Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

------------------------------------------------------

chemist

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------