firehawk

seems as normal as before now, thankfully. just waiting for any odd things to happen. not even sure what it would trigger to do that if anything. but yeh, i can access the internet now which is where I am writing this response from

see attached RKreport4_S_04142013_02d1748.txt

ok, so when I rebooted - Windows said it couldn't find/launch the application which I can only guess was tdskiller - it gave me a SID/GUID to the application. TDSKiller is not running after the reboot.

FYI just donated to you.

I now enabled the NIC and can browse the internet as normal. Thank you. is this the end of the scans and tools? anything else we can run or use to verify all is good?

ok, re doing the scan tells me no more malware found! attached are the 2 files as requested: mbar-log-2013-04-14 (16-41-34).txt system-log.txt

thanks. it found 4-6 malware threats. I pressed "Clean", it said it removed successfully but did not prompt me to reboot. instead I am manually rebooting it then will run the scan again and see what comes up. once again, I appreciate this. this is the last thing I need as I have LOADS of work to do. I hope after this successful removal and my system becoming functional again, I will donate $100 to your paypal. (deadly serious!)

ok it is now scanning. I am unable to check for updates since the computer cannot access the internet. would this be a problem?

sorry, pressed post accidently:

Thank you. This is a standalone workstation desktop - its not joined to a domain at all. I also did disable the NIC too using the roguekiller, I removed the registry entries as described. When clicked on the files tab - there were no checkboxes but the files mentioned in your response were set to "Removed". I then ran MBAR but now I get a dialog upon startup of MBAR saying "Registry value AppInit_Dlls has been found, which may be caused by a rootkit activity." what should I do? press yes or no?

so running the tool it detected zeroaccess. it also opened a browser to some link on blogspot.com but obviously i cannot access the internet and therefore does not go to the website attached is the log file thank you RKreport1_S_04142013_02d1527.txt

you replied when I posted! thanks. will follow your instructions and post back shortly

hijack this report:

running WS2008 R2 Enterprise + all updates. also running symantec endpoint protection with updates. i just got infected I believe by this trojan. I dont need this as I have alot of work to do how can I remove it? there is no 64bit removal tool from symantec, only 32bit. I cannot access the internet much - can login to skype but cannot browse websites.