Jump to content

'Conspiracy Theory' correct this time! I'm invaded...

Recommended Posts


Thanks are first in order along with another plu$ too I figure... This is fairly recent and my post in 'General' describes the symptoms - email (Thunderbird) stops, the screen goes pale and 'not responding' shows for a lengthy period of time. Also Firefox does the same... Clicking on a zip file will attempt to open far too many IE windows.... Must shut down and reboot!

Anyhow I ran the DDS and here are those findings files:


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_16

Run by William A. Clemins at 12:19:28 on 2011-12-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1983 [GMT -5:00]


AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup


C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe


C:\Windows\system32\svchost.exe -k NetworkService





C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork


C:\Program Files\Google\Update\\GoogleCrashHandler.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe


C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe



C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup



C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe


C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe


C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe


C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe



============== Pseudo HJT Report ===============


uStart Page = hxxp://ww2.cox.com/myconnection/hamptonroads/home.cox

uWindow Title = Microsoft Internet Explorer

mStart Page = about:blank

mDefault_Page_URL =

mDefault_Search_URL =

mSearch Page =

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - Ask Search Assistant BHO

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513012602.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: NoRealMode = 0 (0x0)

uPolicies-explorer: NoFolderOptions = 00000000

uPolicies-explorer: RestrictRun = 0 (0x0)

uPolicies-system: NoSecCPL = 0 (0x0)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: NoConfigPage = 0 (0x0)

uPolicies-system: NoVirtMemPage = 0 (0x0)

uPolicies-system: NoFileSysPage = 0 (0x0)

uPolicies-system: NoNetSetup = 0 (0x0)

uPolicies-system: NoNetSetupIDPage = 0 (0x0)

uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)

uPolicies-system: NoWorkgroupContents = 0 (0x0)

uPolicies-system: NoEntireNetwork = 0 (0x0)

uPolicies-system: NoFileSharingControl = 0 (0x0)

mPolicies-explorer: NoFolderOptions = 00000000

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer =

TCP: Interfaces\{176AA2CC-1C1A-41BD-8334-0DEA79F5EB0B} : DhcpNameServer =

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"


================= FIREFOX ===================


FF - ProfilePath - c:\users\william a. clemins\appdata\roaming\mozilla\firefox\profiles\scdge6v0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/hamptonroads/home.cox

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll



FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============


R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-19 387480]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-19 64584]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-19 165032]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-26 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-19 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-19 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-19 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-19 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-19 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-19 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-19 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-19 56064]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-3-19 391168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-26 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-19 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-19 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-19 314088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2009-11-12 25528]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\JRService.exe [2010-12-26 379400]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-19 84488]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-18 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-18 251904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]


=============== Created Last 30 ================


2011-12-04 16:32:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f30441b3-d38e-4713-96f4-bd41564be229}\offreg.dll

2011-12-04 14:23:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-12-04 14:23:40 6144 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-12-04 14:23:37 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-12-04 14:20:02 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f30441b3-d38e-4713-96f4-bd41564be229}\mpengine.dll

2011-12-04 13:43:49 -------- d-----w- c:\users\william a. clemins\appdata\local\Microsoft Corporation

2011-12-02 23:43:05 28600 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\cxaadji.dll

2011-12-02 23:43:05 23616 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\mnhjrel.dll

2011-12-02 23:43:05 12784 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\wqaadjj.dll

2011-12-02 23:43:04 15840 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\vqaadjh.dll

2011-12-02 23:43:04 151032 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\ncaadjg.dll

2011-12-02 23:43:03 25152 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\khaadjf.dll

2011-12-02 23:42:54 116736 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\engine_vx.dll

2011-12-02 23:42:52 93240 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\~DFK3e9473.tmp

2011-12-02 23:42:52 18724 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\bass.dll

2011-12-02 23:20:34 16952 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\1eaadjc.dll

2011-12-02 23:20:34 14904 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\rsaadjd.dll

2011-12-02 23:20:34 12976 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\mjcriu.dll

2011-12-02 23:20:34 10808 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\kfgresk.dll

2011-12-02 23:20:34 10296 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\peaadje.dll

2011-12-02 23:20:33 28248 ----atw- c:\users\william a. clemins\appdata\roaming\microsoft\qwadjb.dll

2011-12-02 22:45:13 -------- d-----w- C:\DAK_Temp

2011-12-02 22:36:48 -------- d-----w- c:\program files\DAK

2011-12-02 21:49:56 -------- d-----w- c:\windows\Downloaded Installations

2011-11-26 23:01:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-26 23:01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-20 20:08:54 -------- d-----w- c:\program files\iPod

2011-11-10 21:17:25 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 21:17:22 707584 ----a-w- c:\program files\common files\system\wab32.dll


==================== Find3M ====================


2011-11-13 12:24:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec

2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys


============= FINISH: 12:20:13.29 ===============



Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:


  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites


Please do not keep bumping your topic. That pushes you to the bottom of my reply pile each time.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites


Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever)

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update if any available

Back to other tab and click Start Object Scan.

(It took 3 hours to scan my 47G)

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.