Jump to content

Tom717

Honorary Members
 View Profile  See their activity

  • Posts

    27

  • Joined

  • Last visited

 Content Type 

Everything posted by Tom717

  1. Tom717
    I ran the avast! antivirus, and it found two infected .dll files, and I used the option "move to chest." Now, neither the avast nor the eset scans report any problems, though those two files have still not been dealt with. In addition, my internet browser has stopped working again - the screen is completely blank when I try to go to a website.
  2. Tom717
    Unfortunately I had a problem getting the log copied and lost it, but I can tell you that it said that there were no threats found. can run it aagain if you think I should.
  3. Tom717
    It appears to be running normally. Is there anything else I should check or do?
  4. Tom717
    Ok, I managed to get the internet working fine again, and I went back and ran the anti-malware. This is the report I got: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5549 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/18/2011 4:36:13 PM mbam-log-2011-01-18 (16-36-13).txt Scan type: Quick scan Objects scanned: 155322 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\myhhysry (Trojan.FakeAlert.Gen) -> Value: myhhysry -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Tom717
    The computer is connected to the internet, and Skype works, but I cannot use any browsers. In Firefox, I get the error message "server not found."
  6. Tom717
    I have a problem getting the updater to run. Though I can update the anti-malware on this computer, I cannot update it on the infected computer or transfer the updated version to that computer via USB. Is it alright to use the outdated version? (28 days outdated)
  7. Tom717
    I ran the scan, and it said the computer needed to reboot in order to finish deleting files. This appeared on my screen after the reboot: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== FILES ========== C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\SET19C.tmp moved successfully. C:\WINDOWS\System32\SET19E.tmp moved successfully. C:\WINDOWS\System32\SET1A2.tmp moved successfully. C:\WINDOWS\System32\SET1A3.tmp moved successfully. C:\WINDOWS\System32\SET1AA.tmp moved successfully. C:\WINDOWS\002790_.tmp moved successfully. C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\systemFP.$dk moved successfully. C:\WINDOWS\System32\epoPGPsdk.dll.sig moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} folder moved successfully. C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\dlimagecache folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\apps folder moved successfully. C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 9540090 bytes ->Temporary Internet Files folder emptied: 204952 bytes User: All Users User: Default User ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 45566 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 229430384 bytes User: Tom Krisa ->Temp folder emptied: 1037255010 bytes ->Temporary Internet Files folder emptied: 313614695 bytes ->Java cache emptied: 71997958 bytes ->FireFox cache emptied: 54047266 bytes ->Flash cache emptied: 216345 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 324017711 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 79552072 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,022.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService User: Tom Krisa ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01182011_151831 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found! File\Folder C:\WINDOWS\temp\NSM-{256BE7ED-C0F4-40C8-9319-8C2DC2AB3902}.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9bc.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a40.dat not found! Registry entries deleted on Reboot...
  8. Tom717
    File name: Secure.dll Submission date: 2011-01-18 19:42:28 (UTC) Current status: queued queued analysing finished Result: 0/ 42 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.01.18.00 2011.01.17 - AntiVir 7.11.1.174 2011.01.18 - Antiy-AVL 2.0.3.7 2011.01.18 - Avast 4.8.1351.0 2011.01.18 - Avast5 5.0.677.0 2011.01.18 - AVG 10.0.0.1190 2011.01.18 - BitDefender 7.2 2011.01.18 - CAT-QuickHeal 11.00 2011.01.18 - ClamAV 0.96.4.0 2011.01.18 - Commtouch 5.2.11.5 2011.01.18 - Comodo 7434 2011.01.18 - DrWeb 5.0.2.03300 2011.01.18 - eSafe 7.0.17.0 2011.01.18 - eTrust-Vet 36.1.8106 2011.01.18 - F-Prot 4.6.2.117 2011.01.17 - F-Secure 9.0.16160.0 2011.01.18 - Fortinet 4.2.254.0 2011.01.16 - GData 21 2011.01.18 - Ikarus T3.1.1.97.0 2011.01.18 - Jiangmin 13.0.900 2011.01.18 - K7AntiVirus 9.77.3570 2011.01.18 - Kaspersky 7.0.0.125 2011.01.18 - McAfee 5.400.0.1158 2011.01.18 - McAfee-GW-Edition 2010.1C 2011.01.18 - Microsoft 1.6402 2011.01.18 - NOD32 5798 2011.01.18 - Norman 6.06.12 2011.01.18 - nProtect 2011-01-18.01 2011.01.18 - Panda 10.0.2.7 2011.01.18 - PCTools 7.0.3.5 2011.01.18 - Prevx 3.0 2011.01.18 - Rising 22.83.01.03 2011.01.18 - Sophos 4.61.0 2011.01.18 - SUPERAntiSpyware 4.40.0.1006 2011.01.18 - Symantec 20101.3.0.103 2011.01.18 - TheHacker 6.7.0.1.116 2011.01.18 - TrendMicro 9.120.0.1004 2011.01.18 - TrendMicro-HouseCall 9.120.0.1004 2011.01.18 - VBA32 3.12.14.2 2011.01.18 - VIPRE 8114 2011.01.18 - ViRobot 2011.1.18.4261 2011.01.18 - VirusBuster 13.6.152.1 2011.01.18 - Additional information Show all MD5 : f739b2bc15de2f05150303f012295871 SHA1 : eb07331969b3c851744bcfa9533d52927d4f211a SHA256: 23b3492f4e615abf3d9768dc51fb6021c4e524e16267973749a75dfff7230c6d
  9. Tom717
    I ran rkill again and immediately after was able to run OTL. Here are the logs: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/18/2011 at 7:23:49. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\sylsosihv\ewecpgjusbs.exe Rkill completed on 01/18/2011 at 7:24:08. OTL Extras logfile created on: 1/18/2011 7:27:47 AM - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = E:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.44 Gb Total Space | 51.72 Gb Free Space | 69.47% Space Free | Partition Type: NTFS Drive E: | 1.86 Gb Total Space | 1.84 Gb Free Space | 98.90% Space Free | Partition Type: FAT Computer Name: D56ZXZF1 | User Name: Tom Krisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe" = C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe:*:Enabled:CrossLink 5.0 -- (Cognitas Technologies, Inc.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\WINDOWS\Temp\~os7.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os7.tmp\pmropn.exe:*:Enabled:pmropn.exe "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "c:\program files\premieropinion\pmropn.exe" = c:\program files\premieropinion\pmropn.exe:*:Enabled:pmropn.exe "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation) "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17 "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1 "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series "{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5 "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement "{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype
  10. Tom717
    We got out of synch before. Do you still want me to run rkill again?
  11. Tom717
    I tried all the links for OTL but was not able to get anything to run. I got the message again that the file is infected.
  12. Tom717
    OK. I will download RKill on my flash and run it on the computer.
  13. Tom717
    I searched the computer and found 3 results for rkill rkill located at C\ RKILL.COM-07C41B.pf at C:\WINDOWS\Prefetch RKILL.SCR-33A7DCDB.pf at C:\WINDOWS\Prefetch Also, I now find that I cannot open Word or Notepad on that computer.
  14. Tom717
    Rkill is not on the computer as far as I can tell. It is just on my flash, so can I delete it from the flash just by clicking delete while the flash is on the computer I'm using now? I am confused that the instruction to delete my copy of Rkill appears in 2 places. Is Step 1 the instructions for how to do it? Do I delete something twice?
  15. Tom717
    I am having trouble with DSS. THe one I ran before (dds.pif) will not run. I get the same message I've been getting from the fake antivirus all along: "Application cannot be executed. The file dds.pif is infected. Do you want to activate your antivirus software now?" I went back to the links you gave me originally and redownloaded dss.pif. It still didn't work. I tried the other 2 links. The first of the 3 gets a "webpage cannot be found" message and the middle one gets me dss.scr which did nothing when I opened it.
  16. Tom717
    Here is a DSSKiller report. Do you want me to run DDS agail and post the DDS.txt file? 2011/01/17 15:38:48.0953 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/17 15:38:48.0953 ================================================================================ 2011/01/17 15:38:48.0953 SystemInfo: 2011/01/17 15:38:48.0953 2011/01/17 15:38:48.0953 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/17 15:38:48.0953 Product type: Workstation 2011/01/17 15:38:48.0953 ComputerName: D56ZXZF1 2011/01/17 15:38:48.0953 UserName: Tom Krisa 2011/01/17 15:38:48.0953 Windows directory: C:\WINDOWS 2011/01/17 15:38:48.0953 System windows directory: C:\WINDOWS 2011/01/17 15:38:48.0953 Processor architecture: Intel x86 2011/01/17 15:38:48.0953 Number of processors: 2 2011/01/17 15:38:48.0953 Page size: 0x1000 2011/01/17 15:38:48.0953 Boot type: Normal boot 2011/01/17 15:38:48.0953 ================================================================================ 2011/01/17 15:38:49.0765 Initialize success 2011/01/17 15:39:07.0953 ================================================================================ 2011/01/17 15:39:07.0953 Scan started 2011/01/17 15:39:07.0953 Mode: Manual; 2011/01/17 15:39:07.0953 ================================================================================ 2011/01/17 15:39:08.0453 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/17 15:39:08.0515 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/17 15:39:08.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/17 15:39:08.0640 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/17 15:39:08.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/17 15:39:08.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/17 15:39:08.0843 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/17 15:39:08.0890 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/17 15:39:08.0937 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/17 15:39:08.0984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/17 15:39:09.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/17 15:39:09.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/17 15:39:09.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/17 15:39:09.0250 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/17 15:39:09.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/17 15:39:09.0359 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/01/17 15:39:09.0421 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/01/17 15:39:09.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/17 15:39:09.0578 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/17 15:39:09.0625 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/17 15:39:09.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/17 15:39:09.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/17 15:39:09.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/17 15:39:09.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/17 15:39:10.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/17 15:39:10.0093 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/01/17 15:39:10.0218 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/01/17 15:39:10.0328 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/01/17 15:39:10.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/17 15:39:10.0765 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys 2011/01/17 15:39:10.0875 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/17 15:39:10.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/17 15:39:10.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/01/17 15:39:11.0093 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys 2011/01/17 15:39:11.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/17 15:39:11.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/17 15:39:11.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/17 15:39:11.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/17 15:39:11.0500 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/17 15:39:11.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/17 15:39:11.0593 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/17 15:39:11.0671 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/17 15:39:11.0875 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/17 15:39:11.0921 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/17 15:39:11.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/17 15:39:12.0031 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 2011/01/17 15:39:12.0078 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 2011/01/17 15:39:12.0125 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/01/17 15:39:12.0156 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 2011/01/17 15:39:12.0203 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 2011/01/17 15:39:12.0234 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 2011/01/17 15:39:12.0281 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 2011/01/17 15:39:12.0328 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/01/17 15:39:12.0390 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 2011/01/17 15:39:12.0453 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 2011/01/17 15:39:12.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/17 15:39:12.0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/17 15:39:12.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/17 15:39:12.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/17 15:39:12.0843 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/17 15:39:12.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/17 15:39:12.0937 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/01/17 15:39:13.0015 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/01/17 15:39:13.0109 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/01/17 15:39:13.0171 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/17 15:39:13.0343 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/01/17 15:39:13.0390 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/01/17 15:39:13.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/17 15:39:13.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/17 15:39:13.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/17 15:39:13.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/17 15:39:13.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/17 15:39:13.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/17 15:39:13.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/17 15:39:14.0078 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\SXT123.tmp 2011/01/17 15:39:14.0671 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/01/17 15:39:14.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/17 15:39:14.0890 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 2011/01/17 15:39:14.0968 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/01/17 15:39:15.0031 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/17 15:39:15.0093 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/17 15:39:15.0171 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/17 15:39:15.0265 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/17 15:39:15.0343 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/17 15:39:15.0406 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/17 15:39:15.0515 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/01/17 15:39:15.0609 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/01/17 15:39:15.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/17 15:39:15.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/17 15:39:15.0828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/17 15:39:15.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/17 15:39:16.0125 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110104.001\IDSxpx86.sys 2011/01/17 15:39:16.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/17 15:39:16.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/17 15:39:16.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/17 15:39:16.0421 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/17 15:39:16.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/17 15:39:16.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/17 15:39:16.0593 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/17 15:39:16.0656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/17 15:39:16.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/17 15:39:16.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/17 15:39:16.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/17 15:39:16.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/17 15:39:17.0000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/01/17 15:39:17.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/17 15:39:17.0109 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/17 15:39:17.0265 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 2011/01/17 15:39:17.0343 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/01/17 15:39:17.0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/17 15:39:17.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/17 15:39:17.0593 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/17 15:39:17.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/17 15:39:17.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/17 15:39:17.0734 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/17 15:39:17.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/17 15:39:17.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/17 15:39:17.0984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/17 15:39:18.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/17 15:39:18.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/17 15:39:18.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/17 15:39:18.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/17 15:39:18.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/01/17 15:39:18.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/17 15:39:18.0375 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/01/17 15:39:18.0640 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110105.039\NAVENG.SYS 2011/01/17 15:39:18.0750 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110105.039\NAVEX15.SYS 2011/01/17 15:39:18.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/17 15:39:19.0000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/01/17 15:39:19.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/17 15:39:19.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/17 15:39:19.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/17 15:39:19.0187 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/17 15:39:19.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/17 15:39:19.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/17 15:39:19.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/17 15:39:19.0531 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/01/17 15:39:19.0578 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/01/17 15:39:19.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/17 15:39:19.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/17 15:39:19.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/17 15:39:20.0343 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/17 15:39:20.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/17 15:39:20.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/17 15:39:20.0796 ohci1394 (1422aa0a31380be87d8fb59a30640f1b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/17 15:39:20.0796 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 1422aa0a31380be87d8fb59a30640f1b, Fake md5: ca33832df41afb202ee7aeb05145922f 2011/01/17 15:39:20.0812 ohci1394 - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/01/17 15:39:20.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/17 15:39:20.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/17 15:39:20.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/17 15:39:21.0000 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/01/17 15:39:21.0046 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/01/17 15:39:21.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/17 15:39:21.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/17 15:39:21.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/17 15:39:21.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/17 15:39:21.0437 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/17 15:39:21.0546 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys 2011/01/17 15:39:21.0625 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS 2011/01/17 15:39:21.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/17 15:39:21.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/17 15:39:21.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/17 15:39:21.0953 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/17 15:39:22.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/17 15:39:22.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/17 15:39:22.0093 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/17 15:39:22.0140 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/17 15:39:22.0187 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/17 15:39:22.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/17 15:39:22.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/17 15:39:22.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/17 15:39:22.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/17 15:39:22.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/17 15:39:22.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/17 15:39:22.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/17 15:39:22.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/17 15:39:22.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/17 15:39:22.0890 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/01/17 15:39:22.0921 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 2011/01/17 15:39:23.0000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 2011/01/17 15:39:23.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/17 15:39:23.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/17 15:39:23.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/17 15:39:23.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/17 15:39:23.0531 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/17 15:39:23.0593 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/01/17 15:39:23.0656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/17 15:39:23.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/17 15:39:23.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/17 15:39:23.0859 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS 2011/01/17 15:39:23.0984 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS 2011/01/17 15:39:24.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/17 15:39:24.0187 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/01/17 15:39:24.0343 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/01/17 15:39:24.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/17 15:39:24.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/17 15:39:24.0546 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/17 15:39:24.0640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/17 15:39:24.0734 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS 2011/01/17 15:39:24.0796 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS 2011/01/17 15:39:24.0875 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/01/17 15:39:24.0968 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS 2011/01/17 15:39:25.0062 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (2018079ece532e34dbf8969f150d343e) C:\WINDOWS\System32\Drivers\NSM\0201000.025\SymRdr.SYS 2011/01/17 15:39:25.0140 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS 2011/01/17 15:39:25.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/17 15:39:25.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/17 15:39:25.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/17 15:39:25.0484 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys 2011/01/17 15:39:25.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/17 15:39:25.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/17 15:39:25.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/17 15:39:25.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/17 15:39:25.0890 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/17 15:39:25.0968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/17 15:39:26.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/17 15:39:26.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/17 15:39:26.0218 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/01/17 15:39:26.0312 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/01/17 15:39:26.0437 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/17 15:39:26.0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/17 15:39:26.0531 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/17 15:39:26.0609 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/17 15:39:26.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/17 15:39:26.0703 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 2011/01/17 15:39:26.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/17 15:39:26.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/17 15:39:26.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/17 15:39:26.0953 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/17 15:39:27.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/17 15:39:27.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/17 15:39:27.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/17 15:39:27.0281 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/01/17 15:39:27.0375 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/01/17 15:39:27.0468 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/01/17 15:39:27.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/17 15:39:27.0687 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/01/17 15:39:27.0968 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/01/17 15:39:28.0109 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/01/17 15:39:28.0203 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/17 15:39:28.0250 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/17 15:39:28.0703 ================================================================================ 2011/01/17 15:39:28.0703 Scan finished 2011/01/17 15:39:28.0703 ================================================================================ 2011/01/17 15:39:28.0734 Detected object count: 1 2011/01/17 15:39:42.0546 ohci1394 (1422aa0a31380be87d8fb59a30640f1b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/17 15:39:42.0546 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 1422aa0a31380be87d8fb59a30640f1b, Fake md5: ca33832df41afb202ee7aeb05145922f 2011/01/17 15:39:43.0359 Backup copy found, using it.. 2011/01/17 15:39:43.0562 C:\WINDOWS\system32\DRIVERS\ohci1394.sys - will be cured after reboot 2011/01/17 15:39:43.0562 Rootkit.Win32.TDSS.tdl3(ohci1394) - User select action: Cure 2011/01/17 15:39:54.0546 Deinitialize success
  17. Tom717
    Should I be able to access the internet off the infected computer at this point? (I couldn't when I checked a minute ago.) Whether its on a flash or my desktop, I'm not sure what you mean by "extract its contents". Can you give me instructions assuming I will do it on one computer and transfer it to the other? Is there any reason not to uninstall BitTorrent right now?
  18. Tom717
    Here are the 2 files, first Attach.txt then DDS.txt. Sorry I couldn't zip for you. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 7/27/2008 12:44:00 PM System Uptime: 1/17/2011 12:15:50 PM (2 hours ago) Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 777/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 74 GiB total, 51.621 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Photosmart Premium C309g-m Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart Premium C309g-m PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet 6500 E709n Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia N72 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N72 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd ==== System Restore Points =================== RP613: 10/16/2010 12:14:48 PM - System Checkpoint RP614: 10/17/2010 1:09:32 PM - System Checkpoint RP615: 10/18/2010 2:09:32 PM - System Checkpoint RP616: 10/19/2010 2:37:23 PM - System Checkpoint RP617: 10/20/2010 3:08:07 PM - System Checkpoint RP618: 10/21/2010 3:52:39 PM - System Checkpoint RP619: 10/22/2010 4:12:44 PM - System Checkpoint RP620: 10/23/2010 4:46:25 PM - System Checkpoint RP621: 10/24/2010 5:33:34 PM - System Checkpoint RP622: 10/25/2010 1:59:17 AM - Software Distribution Service 3.0 RP623: 10/26/2010 2:06:03 AM - Software Distribution Service 3.0 RP624: 10/27/2010 4:53:22 PM - System Checkpoint RP625: 10/28/2010 5:18:54 PM - System Checkpoint RP626: 10/29/2010 6:23:40 PM - System Checkpoint RP627: 10/30/2010 6:57:51 PM - System Checkpoint RP628: 11/1/2010 4:05:01 PM - System Checkpoint RP629: 11/2/2010 4:10:19 PM - System Checkpoint RP630: 11/3/2010 4:26:27 PM - System Checkpoint RP631: 11/4/2010 4:29:30 PM - System Checkpoint RP632: 11/5/2010 6:48:12 PM - System Checkpoint RP633: 11/6/2010 8:08:01 PM - System Checkpoint RP634: 11/7/2010 8:08:33 PM - System Checkpoint RP635: 11/8/2010 11:20:30 PM - System Checkpoint RP636: 11/9/2010 8:20:17 PM - Software Distribution Service 3.0 RP637: 11/10/2010 8:42:03 PM - System Checkpoint RP638: 11/11/2010 9:09:31 PM - System Checkpoint RP639: 11/12/2010 10:13:53 PM - System Checkpoint RP640: 11/13/2010 11:13:41 PM - System Checkpoint RP641: 11/14/2010 11:23:19 PM - System Checkpoint RP642: 11/16/2010 12:33:51 AM - System Checkpoint RP643: 11/17/2010 1:43:38 PM - System Checkpoint RP644: 11/18/2010 3:12:01 PM - System Checkpoint RP645: 11/19/2010 4:42:30 PM - System Checkpoint RP646: 11/20/2010 4:51:47 PM - System Checkpoint RP647: 11/21/2010 5:33:38 PM - System Checkpoint RP648: 11/22/2010 6:33:34 PM - System Checkpoint RP649: 11/23/2010 7:25:29 PM - System Checkpoint RP650: 11/24/2010 9:10:15 PM - System Checkpoint RP651: 11/25/2010 9:12:53 PM - System Checkpoint RP652: 11/26/2010 9:21:02 PM - System Checkpoint RP653: 11/27/2010 9:54:59 PM - System Checkpoint RP654: 11/29/2010 3:30:24 PM - System Checkpoint RP655: 11/30/2010 3:43:51 PM - System Checkpoint RP656: 12/1/2010 6:42:40 PM - System Checkpoint RP657: 12/2/2010 7:18:23 PM - System Checkpoint RP658: 12/3/2010 8:05:40 PM - System Checkpoint RP659: 12/5/2010 11:29:03 AM - System Checkpoint RP660: 12/6/2010 3:47:38 PM - System Checkpoint RP661: 12/7/2010 4:56:56 PM - System Checkpoint RP662: 12/8/2010 7:22:43 PM - System Checkpoint RP663: 12/9/2010 7:26:03 PM - System Checkpoint RP664: 12/10/2010 7:31:21 PM - System Checkpoint RP665: 12/11/2010 10:13:51 PM - System Checkpoint RP666: 12/13/2010 5:25:59 PM - System Checkpoint RP667: 12/14/2010 7:46:09 PM - System Checkpoint RP668: 12/15/2010 8:20:03 AM - Software Distribution Service 3.0 RP669: 12/16/2010 6:11:57 PM - System Checkpoint RP670: 12/17/2010 6:13:44 PM - Installed AxCrypt 1.7.2126.0 RP671: 12/18/2010 1:33:20 PM - Installed WinZip 15.0 RP672: 12/18/2010 1:57:59 PM - Removed WinZip 15.0 RP673: 12/19/2010 2:46:06 PM - System Checkpoint RP674: 12/20/2010 6:32:38 PM - System Checkpoint RP675: 12/21/2010 6:36:22 PM - System Checkpoint RP676: 12/22/2010 8:50:59 PM - System Checkpoint RP677: 12/23/2010 9:11:36 PM - System Checkpoint RP678: 12/24/2010 9:41:55 PM - System Checkpoint RP679: 12/25/2010 10:14:55 PM - System Checkpoint RP680: 12/27/2010 11:50:42 AM - System Checkpoint RP681: 12/28/2010 1:15:08 PM - System Checkpoint RP682: 12/29/2010 3:19:04 PM - System Checkpoint RP683: 12/30/2010 5:15:46 PM - System Checkpoint RP684: 12/31/2010 7:17:43 PM - System Checkpoint RP685: 1/1/2011 2:17:13 AM - Software Distribution Service 3.0 RP686: 1/2/2011 12:49:31 PM - System Checkpoint RP687: 1/3/2011 2:35:00 PM - System Checkpoint RP688: 1/4/2011 8:22:03 PM - System Checkpoint RP689: 1/5/2011 1:29:12 AM - Software Distribution Service 3.0 RP690: 1/6/2011 5:51:50 AM - System Checkpoint RP691: 1/6/2011 6:24:18 AM - Software Distribution Service 3.0 RP692: 1/7/2011 2:48:33 PM - System Checkpoint RP693: 1/8/2011 3:38:59 PM - System Checkpoint RP694: 1/10/2011 3:46:38 PM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 6000E609_eDocs 6000E609_Help 6000E609a ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoImpression 5 Audacity 1.2.6 AuthenTec Fingerprint Sensor Minimum Install AxCrypt 1.7.2126.0 biolsp patch BitTorrent Bonjour BPDSoftware BPDSoftware_Ini Broadcom ASF Management Applications Broadcom Management Programs Browser Address Error Redirector BufferChm Chinese Simplified Fonts Support For Adobe Reader 9 Conexant HDA D330 MDC V.92 Modem Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Touchpad Dell Wireless WLAN Card DeviceDiscovery Digital Line Detect Document Manager Lite Download Updater (AOL LLC) Driver Detective EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems ESC Home Page Plugin Garena GearDrvs Gemalto GemSafe Standard Edition 5.1 GPBaseService2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Imaging Device Functions 12.0 HP Officejet 6000 E609 Series HP Smart Web Printing HP Solution Center 12.0 HP Update HPProductAssistant IntelliSonic Speech Enhancement iTunes J2SE Runtime Environment 5.0 Update 6 Java 6 Update 17 Java 6 Update 7 LAME v3.98.3 for Audacity Logitech Vid Logitech Webcam Software Logitech Webcam Software Driver Package Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Premium Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Modem Diagnostic Tool Mozilla Firefox (3.6.13) MSRedist MSVC80_x86_v2 MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) NetWaiting Network Nokia Connectivity Cable Driver Nokia PC Suite Norton Internet Security Norton Online Norton Safety Minder NTRU TCG Software Stack NVIDIA Drivers OpenOffice.org Installer 1.0 PC Connectivity Solution Perf3490P_3590P User's Guide PowerDVD Preboot Manager Private Information Manager ProductContext QuickSet QuickTime Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 SearchAssist Secure Update Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Security Wizards Segoe UI Skype Toolbars Skype
  19. Tom717
    How do I zip the Attach.txt file?
  20. Tom717
    The program is taking longer to run than it says it should. I saw somewhere else about disabling script blockers. How do I tell if I have one that is interfering with the scan?
  21. Tom717
    I ran rkill and got the following log: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/17/2011 at 13:59:11. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\sylsosihv\ewecpgjusbs.exe Rkill completed on 01/17/2011 at 14:00:34. I installed mbab-setup off a flash drive. It appeard to run normally, but when I clicked OK an the screen that said Check for Updates, I got the message: PROGRAM_ERROR_UPDATING (1007, 0, WinHttpSendRequest)
  22. Tom717
    I am trying to follow the procedure on the I'm Infected - What do I do Now? post. Malwarebytes could not update and did not remove the fake anti-virus virus. I ran Defogger and clicked OK ofter getting the finished message. Then the window came back up with the choice to disable or re-enable. There was no prompt to reboot like was listed in the instructions. There was no errer message. The defogger_disable log was: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:07 on 16/01/2011 (Tom Krisa) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... What is my next step?
  23. Tom717
    Tried running Defogger again and got the following defogger_disable log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:07 on 16/01/2011 (Tom Krisa) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers...
  24. Tom717
    Meant to add that Defogger did not give an error message after running, just did not proceed to the prompt to reboot.
  25. Tom717
    I followed the instructions and got as far as running Defogger. After it finished, I clicked OK but instead of it asking me to reboot, it went back to the same screen giving the choice to disable or re-enable. Should I click Disable again?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.