Tom717

I ran the avast! antivirus, and it found two infected .dll files, and I used the option "move to chest." Now, neither the avast nor the eset scans report any problems, though those two files have still not been dealt with. In addition, my internet browser has stopped working again - the screen is completely blank when I try to go to a website.

Unfortunately I had a problem getting the log copied and lost it, but I can tell you that it said that there were no threats found. can run it aagain if you think I should.

It appears to be running normally. Is there anything else I should check or do?

Ok, I managed to get the internet working fine again, and I went back and ran the anti-malware. This is the report I got: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5549 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/18/2011 4:36:13 PM mbam-log-2011-01-18 (16-36-13).txt Scan type: Quick scan Objects scanned: 155322 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\myhhysry (Trojan.FakeAlert.Gen) -> Value: myhhysry -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

The computer is connected to the internet, and Skype works, but I cannot use any browsers. In Firefox, I get the error message "server not found."

I have a problem getting the updater to run. Though I can update the anti-malware on this computer, I cannot update it on the infected computer or transfer the updated version to that computer via USB. Is it alright to use the outdated version? (28 days outdated)

I ran the scan, and it said the computer needed to reboot in order to finish deleting files. This appeared on my screen after the reboot: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== FILES ========== C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\SET19C.tmp moved successfully. C:\WINDOWS\System32\SET19E.tmp moved successfully. C:\WINDOWS\System32\SET1A2.tmp moved successfully. C:\WINDOWS\System32\SET1A3.tmp moved successfully. C:\WINDOWS\System32\SET1AA.tmp moved successfully. C:\WINDOWS\002790_.tmp moved successfully. C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\systemFP.$dk moved successfully. C:\WINDOWS\System32\epoPGPsdk.dll.sig moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} folder moved successfully. C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\dlimagecache folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\apps folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 9540090 bytes ->Temporary Internet Files folder emptied: 204952 bytes User: All Users User: Default User ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 45566 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 229430384 bytes User: Tom Krisa ->Temp folder emptied: 1037255010 bytes ->Temporary Internet Files folder emptied: 313614695 bytes ->Java cache emptied: 71997958 bytes ->FireFox cache emptied: 54047266 bytes ->Flash cache emptied: 216345 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 324017711 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 79552072 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,022.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService User: Tom Krisa ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01182011_151831 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found! File\Folder C:\WINDOWS\temp\NSM-{256BE7ED-C0F4-40C8-9319-8C2DC2AB3902}.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9bc.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a40.dat not found! Registry entries deleted on Reboot...

File name: Secure.dll Submission date: 2011-01-18 19:42:28 (UTC) Current status: queued queued analysing finished Result: 0/ 42 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.01.18.00 2011.01.17 - AntiVir 7.11.1.174 2011.01.18 - Antiy-AVL 2.0.3.7 2011.01.18 - Avast 4.8.1351.0 2011.01.18 - Avast5 5.0.677.0 2011.01.18 - AVG 10.0.0.1190 2011.01.18 - BitDefender 7.2 2011.01.18 - CAT-QuickHeal 11.00 2011.01.18 - ClamAV 0.96.4.0 2011.01.18 - Commtouch 5.2.11.5 2011.01.18 - Comodo 7434 2011.01.18 - DrWeb 5.0.2.03300 2011.01.18 - eSafe 7.0.17.0 2011.01.18 - eTrust-Vet 36.1.8106 2011.01.18 - F-Prot 4.6.2.117 2011.01.17 - F-Secure 9.0.16160.0 2011.01.18 - Fortinet 4.2.254.0 2011.01.16 - GData 21 2011.01.18 - Ikarus T3.1.1.97.0 2011.01.18 - Jiangmin 13.0.900 2011.01.18 - K7AntiVirus 9.77.3570 2011.01.18 - Kaspersky 7.0.0.125 2011.01.18 - McAfee 5.400.0.1158 2011.01.18 - McAfee-GW-Edition 2010.1C 2011.01.18 - Microsoft 1.6402 2011.01.18 - NOD32 5798 2011.01.18 - Norman 6.06.12 2011.01.18 - nProtect 2011-01-18.01 2011.01.18 - Panda 10.0.2.7 2011.01.18 - PCTools 7.0.3.5 2011.01.18 - Prevx 3.0 2011.01.18 - Rising 22.83.01.03 2011.01.18 - Sophos 4.61.0 2011.01.18 - SUPERAntiSpyware 4.40.0.1006 2011.01.18 - Symantec 20101.3.0.103 2011.01.18 - TheHacker 6.7.0.1.116 2011.01.18 - TrendMicro 9.120.0.1004 2011.01.18 - TrendMicro-HouseCall 9.120.0.1004 2011.01.18 - VBA32 3.12.14.2 2011.01.18 - VIPRE 8114 2011.01.18 - ViRobot 2011.1.18.4261 2011.01.18 - VirusBuster 13.6.152.1 2011.01.18 - Additional information Show all MD5 : f739b2bc15de2f05150303f012295871 SHA1 : eb07331969b3c851744bcfa9533d52927d4f211a SHA256: 23b3492f4e615abf3d9768dc51fb6021c4e524e16267973749a75dfff7230c6d

I ran rkill again and immediately after was able to run OTL. Here are the logs: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/18/2011 at 7:23:49. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\sylsosihv\ewecpgjusbs.exe Rkill completed on 01/18/2011 at 7:24:08. OTL Extras logfile created on: 1/18/2011 7:27:47 AM - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = E:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.44 Gb Total Space | 51.72 Gb Free Space | 69.47% Space Free | Partition Type: NTFS Drive E: | 1.86 Gb Total Space | 1.84 Gb Free Space | 98.90% Space Free | Partition Type: FAT Computer Name: D56ZXZF1 | User Name: Tom Krisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe" = C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe:*:Enabled:CrossLink 5.0 -- (Cognitas Technologies, Inc.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\WINDOWS\Temp\~os7.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os7.tmp\pmropn.exe:*:Enabled:pmropn.exe "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "c:\program files\premieropinion\pmropn.exe" = c:\program files\premieropinion\pmropn.exe:*:Enabled:pmropn.exe "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation) "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17 "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1 "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series "{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5 "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement "{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

We got out of synch before. Do you still want me to run rkill again?

I tried all the links for OTL but was not able to get anything to run. I got the message again that the file is infected.

OK. I will download RKill on my flash and run it on the computer.

I searched the computer and found 3 results for rkill rkill located at C\ RKILL.COM-07C41B.pf at C:\WINDOWS\Prefetch RKILL.SCR-33A7DCDB.pf at C:\WINDOWS\Prefetch Also, I now find that I cannot open Word or Notepad on that computer.

Rkill is not on the computer as far as I can tell. It is just on my flash, so can I delete it from the flash just by clicking delete while the flash is on the computer I'm using now? I am confused that the instruction to delete my copy of Rkill appears in 2 places. Is Step 1 the instructions for how to do it? Do I delete something twice?

I am having trouble with DSS. THe one I ran before (dds.pif) will not run. I get the same message I've been getting from the fake antivirus all along: "Application cannot be executed. The file dds.pif is infected. Do you want to activate your antivirus software now?" I went back to the links you gave me originally and redownloaded dss.pif. It still didn't work. I tried the other 2 links. The first of the 3 gets a "webpage cannot be found" message and the middle one gets me dss.scr which did nothing when I opened it.