I then I ran another scan with ComboFix and it's still showing them as infected. My first thought was that maybe, just maybe combofix is detecting false positives because the "Modified" date of the files is too recent?
But I'm regularly getting winlogon crashes, I run my system anywhere from 20 minutes to an hour before it crashes with "NTAuthority fatal error: the system is shutting down". The window that looks like legitimate windows error, and even counts down the seconds until the system shuts down.
OK, so now it seems like the virus has regenerated itself. Does this mean after I replaced the files, the virus is smart enough to replace them again?!?
the Combofix log is attached, as well as a HJT log
Edited by TechShui, 25 January 2012 - 11:40 PM.