Tom717 Posted January 17, 2011 ID:375287 Share Posted January 17, 2011 I am trying to follow the procedure on the I'm Infected - What do I do Now? post. Malwarebytes could not update and did not remove the fake anti-virus virus. I ran Defogger and clicked OK ofter getting the finished message. Then the window came back up with the choice to disable or re-enable. There was no prompt to reboot like was listed in the instructions. There was no errer message. The defogger_disable log was:defogger_disable by jpshortstuff (23.02.10.1)Log created at 16:07 on 16/01/2011 (Tom Krisa)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...What is my next step? Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375347 Share Posted January 17, 2011 Hello Tom! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Step 1Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them.rkill.exerkill.comrkill.scrWiNlOgOn.exeuSeRiNiT.exeiExplore.exePlease post the log in your next reply.Note: The log can be found at the root of your installed hard drive entitled rkill.logStep 2Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s):RKill logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375374 Share Posted January 17, 2011 I ran rkill and got the following log:This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/17/2011 at 13:59:11. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\sylsosihv\ewecpgjusbs.exeRkill completed on 01/17/2011 at 14:00:34. I installed mbab-setup off a flash drive. It appeard to run normally, but when I clicked OK an the screen that said Check for Updates, I got the message:PROGRAM_ERROR_UPDATING (1007, 0, WinHttpSendRequest) Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375377 Share Posted January 17, 2011 Download DDS and save it to your desktop from here or here or here.Double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txtAttach.txt[*]Save both reports to your desktop. Post them back to your topic. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375389 Share Posted January 17, 2011 The program is taking longer to run than it says it should. I saw somewhere else about disabling script blockers. How do I tell if I have one that is interfering with the scan? Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375392 Share Posted January 17, 2011 Disable your antivirus and firewall if they work on right now. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375397 Share Posted January 17, 2011 How do I zip the Attach.txt file? Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375402 Share Posted January 17, 2011 Don't, just post it in your next reply. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375408 Share Posted January 17, 2011 Here are the 2 files, first Attach.txt then DDS.txt. Sorry I couldn't zip for you.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-12-12.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 7/27/2008 12:44:00 PMSystem Uptime: 1/17/2011 12:15:50 PM (2 hours ago)Motherboard: Dell Inc. | | Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 777/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 74 GiB total, 51.621 GiB free.D: is CDROM ()E: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}Description: Photosmart Premium C309g-mDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart Premium C309g-mPNP Device ID: ROOT\MULTIFUNCTION\0000Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}Description: Officejet 6500 E709nDevice ID: ROOT\MULTIFUNCTION\0001Manufacturer: HPName: Officejet 6500 E709nPNP Device ID: ROOT\MULTIFUNCTION\0001Service: Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}Description: Nokia N72Device ID: ROOT\WPD\0000Manufacturer: NokiaName: Nokia N72PNP Device ID: ROOT\WPD\0000Service: WUDFRd==== System Restore Points ===================RP613: 10/16/2010 12:14:48 PM - System CheckpointRP614: 10/17/2010 1:09:32 PM - System CheckpointRP615: 10/18/2010 2:09:32 PM - System CheckpointRP616: 10/19/2010 2:37:23 PM - System CheckpointRP617: 10/20/2010 3:08:07 PM - System CheckpointRP618: 10/21/2010 3:52:39 PM - System CheckpointRP619: 10/22/2010 4:12:44 PM - System CheckpointRP620: 10/23/2010 4:46:25 PM - System CheckpointRP621: 10/24/2010 5:33:34 PM - System CheckpointRP622: 10/25/2010 1:59:17 AM - Software Distribution Service 3.0RP623: 10/26/2010 2:06:03 AM - Software Distribution Service 3.0RP624: 10/27/2010 4:53:22 PM - System CheckpointRP625: 10/28/2010 5:18:54 PM - System CheckpointRP626: 10/29/2010 6:23:40 PM - System CheckpointRP627: 10/30/2010 6:57:51 PM - System CheckpointRP628: 11/1/2010 4:05:01 PM - System CheckpointRP629: 11/2/2010 4:10:19 PM - System CheckpointRP630: 11/3/2010 4:26:27 PM - System CheckpointRP631: 11/4/2010 4:29:30 PM - System CheckpointRP632: 11/5/2010 6:48:12 PM - System CheckpointRP633: 11/6/2010 8:08:01 PM - System CheckpointRP634: 11/7/2010 8:08:33 PM - System CheckpointRP635: 11/8/2010 11:20:30 PM - System CheckpointRP636: 11/9/2010 8:20:17 PM - Software Distribution Service 3.0RP637: 11/10/2010 8:42:03 PM - System CheckpointRP638: 11/11/2010 9:09:31 PM - System CheckpointRP639: 11/12/2010 10:13:53 PM - System CheckpointRP640: 11/13/2010 11:13:41 PM - System CheckpointRP641: 11/14/2010 11:23:19 PM - System CheckpointRP642: 11/16/2010 12:33:51 AM - System CheckpointRP643: 11/17/2010 1:43:38 PM - System CheckpointRP644: 11/18/2010 3:12:01 PM - System CheckpointRP645: 11/19/2010 4:42:30 PM - System CheckpointRP646: 11/20/2010 4:51:47 PM - System CheckpointRP647: 11/21/2010 5:33:38 PM - System CheckpointRP648: 11/22/2010 6:33:34 PM - System CheckpointRP649: 11/23/2010 7:25:29 PM - System CheckpointRP650: 11/24/2010 9:10:15 PM - System CheckpointRP651: 11/25/2010 9:12:53 PM - System CheckpointRP652: 11/26/2010 9:21:02 PM - System CheckpointRP653: 11/27/2010 9:54:59 PM - System CheckpointRP654: 11/29/2010 3:30:24 PM - System CheckpointRP655: 11/30/2010 3:43:51 PM - System CheckpointRP656: 12/1/2010 6:42:40 PM - System CheckpointRP657: 12/2/2010 7:18:23 PM - System CheckpointRP658: 12/3/2010 8:05:40 PM - System CheckpointRP659: 12/5/2010 11:29:03 AM - System CheckpointRP660: 12/6/2010 3:47:38 PM - System CheckpointRP661: 12/7/2010 4:56:56 PM - System CheckpointRP662: 12/8/2010 7:22:43 PM - System CheckpointRP663: 12/9/2010 7:26:03 PM - System CheckpointRP664: 12/10/2010 7:31:21 PM - System CheckpointRP665: 12/11/2010 10:13:51 PM - System CheckpointRP666: 12/13/2010 5:25:59 PM - System CheckpointRP667: 12/14/2010 7:46:09 PM - System CheckpointRP668: 12/15/2010 8:20:03 AM - Software Distribution Service 3.0RP669: 12/16/2010 6:11:57 PM - System CheckpointRP670: 12/17/2010 6:13:44 PM - Installed AxCrypt 1.7.2126.0RP671: 12/18/2010 1:33:20 PM - Installed WinZip 15.0RP672: 12/18/2010 1:57:59 PM - Removed WinZip 15.0RP673: 12/19/2010 2:46:06 PM - System CheckpointRP674: 12/20/2010 6:32:38 PM - System CheckpointRP675: 12/21/2010 6:36:22 PM - System CheckpointRP676: 12/22/2010 8:50:59 PM - System CheckpointRP677: 12/23/2010 9:11:36 PM - System CheckpointRP678: 12/24/2010 9:41:55 PM - System CheckpointRP679: 12/25/2010 10:14:55 PM - System CheckpointRP680: 12/27/2010 11:50:42 AM - System CheckpointRP681: 12/28/2010 1:15:08 PM - System CheckpointRP682: 12/29/2010 3:19:04 PM - System CheckpointRP683: 12/30/2010 5:15:46 PM - System CheckpointRP684: 12/31/2010 7:17:43 PM - System CheckpointRP685: 1/1/2011 2:17:13 AM - Software Distribution Service 3.0RP686: 1/2/2011 12:49:31 PM - System CheckpointRP687: 1/3/2011 2:35:00 PM - System CheckpointRP688: 1/4/2011 8:22:03 PM - System CheckpointRP689: 1/5/2011 1:29:12 AM - Software Distribution Service 3.0RP690: 1/6/2011 5:51:50 AM - System CheckpointRP691: 1/6/2011 6:24:18 AM - Software Distribution Service 3.0RP692: 1/7/2011 2:48:33 PM - System CheckpointRP693: 1/8/2011 3:38:59 PM - System CheckpointRP694: 1/10/2011 3:46:38 PM - System Checkpoint==== Installed Programs ======================32 Bit HP CIO Components Installer6000E609_eDocs6000E609_Help6000E609aABBYY FineReader 6.0 SprintAcrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.3.3Apple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft PhotoImpression 5Audacity 1.2.6AuthenTec Fingerprint Sensor Minimum InstallAxCrypt 1.7.2126.0biolsp patchBitTorrentBonjourBPDSoftwareBPDSoftware_IniBroadcom ASF Management ApplicationsBroadcom Management ProgramsBrowser Address Error RedirectorBufferChmChinese Simplified Fonts Support For Adobe Reader 9Conexant HDA D330 MDC V.92 ModemDell Drivers MSIDell Embassy Trust Suite by Wave SystemsDell TouchpadDell Wireless WLAN CardDeviceDiscoveryDigital Line DetectDocument Manager LiteDownload Updater (AOL LLC)Driver DetectiveEMBASSY Security CenterEMBASSY Security SetupEMBASSY Trust Suite by Wave SystemsESC Home Page PluginGarenaGearDrvsGemaltoGemSafe Standard Edition 5.1GPBaseService2High Definition Audio Driver Package - KB835221Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Imaging Device Functions 12.0HP Officejet 6000 E609 SeriesHP Smart Web PrintingHP Solution Center 12.0HP UpdateHPProductAssistantIntelliSonic Speech EnhancementiTunesJ2SE Runtime Environment 5.0 Update 6Java 6 Update 17Java 6 Update 7LAME v3.98.3 for AudacityLogitech VidLogitech Webcam SoftwareLogitech Webcam Software Driver PackageMalwarebytes' Anti-MalwareMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office 2000 SR-1 PremiumMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.9Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableModem Diagnostic ToolMozilla Firefox (3.6.13)MSRedistMSVC80_x86_v2MSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 6.0 Parser (KB933579)NetWaitingNetworkNokia Connectivity Cable DriverNokia PC SuiteNorton Internet SecurityNorton OnlineNorton Safety MinderNTRU TCG Software StackNVIDIA DriversOpenOffice.org Installer 1.0PC Connectivity SolutionPerf3490P_3590P User's GuidePowerDVDPreboot ManagerPrivate Information ManagerProductContextQuickSetQuickTimeRoxio Activation ModuleRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express Labeler 3SearchAssistSecure UpdateSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Security WizardsSegoe UISkype ToolbarsSkype Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375415 Share Posted January 17, 2011 Step 1Going over your logs I noticed that you have BitTorrent installed.Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.Step 2Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on on it.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory.In your next reply, please include these log(s):TDSSKiller loga new fresh DDS log only Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375419 Share Posted January 17, 2011 Should I be able to access the internet off the infected computer at this point? (I couldn't when I checked a minute ago.)Whether its on a flash or my desktop, I'm not sure what you mean by "extract its contents". Can you give me instructions assuming I will do it on one computer and transfer it to the other?Is there any reason not to uninstall BitTorrent right now? Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375422 Share Posted January 17, 2011 Should I be able to access the internet off the infected computer at this point? (I couldn't when I checked a minute ago.)Rather, there is no reason for it.Whether its on a flash or my desktop, I'm not sure what you mean by "extract its contents". Can you give me instructions assuming I will do it on one computer and transfer it to the other?Extract is mean that you should unzip the archive file (tdsskiller.zip).Is there any reason not to uninstall BitTorrent right now?Our suggestion is to uninstall it as soon as possible, but it's your choice. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375437 Share Posted January 17, 2011 Here is a DSSKiller report. Do you want me to run DDS agail and post the DDS.txt file?2011/01/17 15:38:48.0953 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:112011/01/17 15:38:48.0953 ================================================================================2011/01/17 15:38:48.0953 SystemInfo:2011/01/17 15:38:48.0953 2011/01/17 15:38:48.0953 OS Version: 5.1.2600 ServicePack: 3.02011/01/17 15:38:48.0953 Product type: Workstation2011/01/17 15:38:48.0953 ComputerName: D56ZXZF12011/01/17 15:38:48.0953 UserName: Tom Krisa2011/01/17 15:38:48.0953 Windows directory: C:\WINDOWS2011/01/17 15:38:48.0953 System windows directory: C:\WINDOWS2011/01/17 15:38:48.0953 Processor architecture: Intel x862011/01/17 15:38:48.0953 Number of processors: 22011/01/17 15:38:48.0953 Page size: 0x10002011/01/17 15:38:48.0953 Boot type: Normal boot2011/01/17 15:38:48.0953 ================================================================================2011/01/17 15:38:49.0765 Initialize success2011/01/17 15:39:07.0953 ================================================================================2011/01/17 15:39:07.0953 Scan started2011/01/17 15:39:07.0953 Mode: Manual; 2011/01/17 15:39:07.0953 ================================================================================2011/01/17 15:39:08.0453 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2011/01/17 15:39:08.0515 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/01/17 15:39:08.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2011/01/17 15:39:08.0640 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2011/01/17 15:39:08.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/01/17 15:39:08.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2011/01/17 15:39:08.0843 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2011/01/17 15:39:08.0890 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2011/01/17 15:39:08.0937 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2011/01/17 15:39:08.0984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2011/01/17 15:39:09.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2011/01/17 15:39:09.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2011/01/17 15:39:09.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2011/01/17 15:39:09.0250 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2011/01/17 15:39:09.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2011/01/17 15:39:09.0359 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys2011/01/17 15:39:09.0421 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS2011/01/17 15:39:09.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2011/01/17 15:39:09.0578 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2011/01/17 15:39:09.0625 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2011/01/17 15:39:09.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2011/01/17 15:39:09.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/01/17 15:39:09.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/01/17 15:39:09.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/01/17 15:39:10.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/01/17 15:39:10.0093 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys2011/01/17 15:39:10.0218 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys2011/01/17 15:39:10.0328 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys2011/01/17 15:39:10.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/01/17 15:39:10.0765 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys2011/01/17 15:39:10.0875 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2011/01/17 15:39:10.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/01/17 15:39:10.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2011/01/17 15:39:11.0093 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys2011/01/17 15:39:11.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2011/01/17 15:39:11.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/01/17 15:39:11.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/01/17 15:39:11.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/01/17 15:39:11.0500 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys2011/01/17 15:39:11.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2011/01/17 15:39:11.0593 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys2011/01/17 15:39:11.0671 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2011/01/17 15:39:11.0875 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2011/01/17 15:39:11.0921 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2011/01/17 15:39:11.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/01/17 15:39:12.0031 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS2011/01/17 15:39:12.0078 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS2011/01/17 15:39:12.0125 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS2011/01/17 15:39:12.0156 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS2011/01/17 15:39:12.0203 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS2011/01/17 15:39:12.0234 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS2011/01/17 15:39:12.0281 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS2011/01/17 15:39:12.0328 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS2011/01/17 15:39:12.0390 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS2011/01/17 15:39:12.0453 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS2011/01/17 15:39:12.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2011/01/17 15:39:12.0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2011/01/17 15:39:12.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/01/17 15:39:12.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/01/17 15:39:12.0843 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2011/01/17 15:39:12.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/01/17 15:39:12.0937 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS2011/01/17 15:39:13.0015 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS2011/01/17 15:39:13.0109 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys2011/01/17 15:39:13.0171 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys2011/01/17 15:39:13.0343 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys2011/01/17 15:39:13.0390 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys2011/01/17 15:39:13.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/01/17 15:39:13.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2011/01/17 15:39:13.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2011/01/17 15:39:13.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2011/01/17 15:39:13.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2011/01/17 15:39:13.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/01/17 15:39:13.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/01/17 15:39:14.0078 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\SXT123.tmp2011/01/17 15:39:14.0671 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys2011/01/17 15:39:14.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/01/17 15:39:14.0890 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys2011/01/17 15:39:14.0968 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys2011/01/17 15:39:15.0031 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2011/01/17 15:39:15.0093 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/01/17 15:39:15.0171 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2011/01/17 15:39:15.0265 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/01/17 15:39:15.0343 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/01/17 15:39:15.0406 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/01/17 15:39:15.0515 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys2011/01/17 15:39:15.0609 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys2011/01/17 15:39:15.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/01/17 15:39:15.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2011/01/17 15:39:15.0828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2011/01/17 15:39:15.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/01/17 15:39:16.0125 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110104.001\IDSxpx86.sys2011/01/17 15:39:16.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/01/17 15:39:16.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2011/01/17 15:39:16.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2011/01/17 15:39:16.0421 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2011/01/17 15:39:16.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2011/01/17 15:39:16.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/01/17 15:39:16.0593 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/01/17 15:39:16.0656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/01/17 15:39:16.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/01/17 15:39:16.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/01/17 15:39:16.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/01/17 15:39:16.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/01/17 15:39:17.0000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2011/01/17 15:39:17.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/01/17 15:39:17.0109 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/01/17 15:39:17.0265 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys2011/01/17 15:39:17.0343 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2011/01/17 15:39:17.0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/01/17 15:39:17.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2011/01/17 15:39:17.0593 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/01/17 15:39:17.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/01/17 15:39:17.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/01/17 15:39:17.0734 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2011/01/17 15:39:17.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/01/17 15:39:17.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/01/17 15:39:17.0984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/01/17 15:39:18.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/01/17 15:39:18.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/01/17 15:39:18.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/01/17 15:39:18.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/01/17 15:39:18.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys2011/01/17 15:39:18.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/01/17 15:39:18.0375 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2011/01/17 15:39:18.0640 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110105.039\NAVENG.SYS2011/01/17 15:39:18.0750 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110105.039\NAVEX15.SYS2011/01/17 15:39:18.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/01/17 15:39:19.0000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2011/01/17 15:39:19.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/01/17 15:39:19.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/01/17 15:39:19.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/01/17 15:39:19.0187 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/01/17 15:39:19.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/01/17 15:39:19.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/01/17 15:39:19.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2011/01/17 15:39:19.0531 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys2011/01/17 15:39:19.0578 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys2011/01/17 15:39:19.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/01/17 15:39:19.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/01/17 15:39:19.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/01/17 15:39:20.0343 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2011/01/17 15:39:20.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/01/17 15:39:20.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/01/17 15:39:20.0796 ohci1394 (1422aa0a31380be87d8fb59a30640f1b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/01/17 15:39:20.0796 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 1422aa0a31380be87d8fb59a30640f1b, Fake md5: ca33832df41afb202ee7aeb05145922f2011/01/17 15:39:20.0812 ohci1394 - detected Rootkit.Win32.TDSS.tdl3 (0)2011/01/17 15:39:20.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2011/01/17 15:39:20.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/01/17 15:39:20.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/01/17 15:39:21.0000 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys2011/01/17 15:39:21.0046 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys2011/01/17 15:39:21.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2011/01/17 15:39:21.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/01/17 15:39:21.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys2011/01/17 15:39:21.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2011/01/17 15:39:21.0437 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2011/01/17 15:39:21.0546 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys2011/01/17 15:39:21.0625 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS2011/01/17 15:39:21.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/01/17 15:39:21.0843 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/01/17 15:39:21.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/01/17 15:39:21.0953 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/01/17 15:39:22.0015 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2011/01/17 15:39:22.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2011/01/17 15:39:22.0093 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2011/01/17 15:39:22.0140 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2011/01/17 15:39:22.0187 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2011/01/17 15:39:22.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/01/17 15:39:22.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/01/17 15:39:22.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/01/17 15:39:22.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/01/17 15:39:22.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/01/17 15:39:22.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/01/17 15:39:22.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2011/01/17 15:39:22.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/01/17 15:39:22.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/01/17 15:39:22.0890 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2011/01/17 15:39:22.0921 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS2011/01/17 15:39:23.0000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys2011/01/17 15:39:23.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/01/17 15:39:23.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2011/01/17 15:39:23.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2011/01/17 15:39:23.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/01/17 15:39:23.0531 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2011/01/17 15:39:23.0593 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys2011/01/17 15:39:23.0656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2011/01/17 15:39:23.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/01/17 15:39:23.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2011/01/17 15:39:23.0859 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS2011/01/17 15:39:23.0984 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS2011/01/17 15:39:24.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys2011/01/17 15:39:24.0187 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys2011/01/17 15:39:24.0343 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2011/01/17 15:39:24.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/01/17 15:39:24.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/01/17 15:39:24.0546 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2011/01/17 15:39:24.0640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2011/01/17 15:39:24.0734 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS2011/01/17 15:39:24.0796 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS2011/01/17 15:39:24.0875 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS2011/01/17 15:39:24.0968 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS2011/01/17 15:39:25.0062 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} (2018079ece532e34dbf8969f150d343e) C:\WINDOWS\System32\Drivers\NSM\0201000.025\SymRdr.SYS2011/01/17 15:39:25.0140 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS2011/01/17 15:39:25.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2011/01/17 15:39:25.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2011/01/17 15:39:25.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/01/17 15:39:25.0484 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys2011/01/17 15:39:25.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/01/17 15:39:25.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/01/17 15:39:25.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/01/17 15:39:25.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/01/17 15:39:25.0890 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2011/01/17 15:39:25.0968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/01/17 15:39:26.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2011/01/17 15:39:26.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/01/17 15:39:26.0218 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys2011/01/17 15:39:26.0312 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys2011/01/17 15:39:26.0437 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/01/17 15:39:26.0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/01/17 15:39:26.0531 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/01/17 15:39:26.0609 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/01/17 15:39:26.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/01/17 15:39:26.0703 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys2011/01/17 15:39:26.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/01/17 15:39:26.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/01/17 15:39:26.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/01/17 15:39:26.0953 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2011/01/17 15:39:27.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/01/17 15:39:27.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2011/01/17 15:39:27.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/01/17 15:39:27.0281 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys2011/01/17 15:39:27.0375 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys2011/01/17 15:39:27.0468 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys2011/01/17 15:39:27.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/01/17 15:39:27.0687 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2011/01/17 15:39:27.0968 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys2011/01/17 15:39:28.0109 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2011/01/17 15:39:28.0203 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2011/01/17 15:39:28.0250 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2011/01/17 15:39:28.0703 ================================================================================2011/01/17 15:39:28.0703 Scan finished2011/01/17 15:39:28.0703 ================================================================================2011/01/17 15:39:28.0734 Detected object count: 12011/01/17 15:39:42.0546 ohci1394 (1422aa0a31380be87d8fb59a30640f1b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/01/17 15:39:42.0546 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ohci1394.sys. Real md5: 1422aa0a31380be87d8fb59a30640f1b, Fake md5: ca33832df41afb202ee7aeb05145922f2011/01/17 15:39:43.0359 Backup copy found, using it..2011/01/17 15:39:43.0562 C:\WINDOWS\system32\DRIVERS\ohci1394.sys - will be cured after reboot2011/01/17 15:39:43.0562 Rootkit.Win32.TDSS.tdl3(ohci1394) - User select action: Cure 2011/01/17 15:39:54.0546 Deinitialize success Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375441 Share Posted January 17, 2011 Yes, please post a new fresh DDS log file. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375459 Share Posted January 17, 2011 I am having trouble with DSS. THe one I ran before (dds.pif) will not run. I get the same message I've been getting from the fake antivirus all along: "Application cannot be executed. The file dds.pif is infected. Do you want to activate your antivirus software now?" I went back to the links you gave me originally and redownloaded dss.pif. It still didn't work. I tried the other 2 links. The first of the 3 gets a "webpage cannot be found" message and the middle one gets me dss.scr which did nothing when I opened it. Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375461 Share Posted January 17, 2011 Okay, please delete your copy of RKill.Step 1Open Notepad and copy and paste next in it:REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: Doubleclick on it and when it asks you, click Yes and then OK button.Then reboot your computer to apply the changes.Okay, please delete your copy of RKill.Step 2Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them.rkill.exerkill.comrkill.scrWiNlOgOn.exeuSeRiNiT.exeiExplore.exePlease post the log in your next reply.Note: The log can be found at the root of your installed hard drive entitled rkill.logStep 3Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s):RKill logMalwarebytes' Anti-Malware loga new fresh DDS log only Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375474 Share Posted January 17, 2011 Rkill is not on the computer as far as I can tell. It is just on my flash, so can I delete it from the flash just by clicking delete while the flash is on the computer I'm using now? I am confused that the instruction to delete my copy of Rkill appears in 2 places. Is Step 1 the instructions for how to do it? Do I delete something twice? Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375479 Share Posted January 17, 2011 Sorry, it's my mistake. Please download it again and let's fix this. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375482 Share Posted January 17, 2011 I searched the computer and found 3 results for rkillrkill located at C\RKILL.COM-07C41B.pf at C:\WINDOWS\PrefetchRKILL.SCR-33A7DCDB.pf at C:\WINDOWS\PrefetchAlso, I now find that I cannot open Word or Notepad on that computer. Link to post Share on other sites More sharing options...
Maniac Posted January 17, 2011 ID:375483 Share Posted January 17, 2011 Download OTL to your desktop. Otherwise, try OTL.com or OTL.scrAFs-/color] .Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry[-/b] box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.A copy of an OTL fix log is saved in a text file at :\_OTL\Moved Filesin most cases this will be C:\_OTL\Moved Files Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375484 Share Posted January 17, 2011 OK. I will download RKill on my flash and run it on the computer. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375494 Share Posted January 17, 2011 I tried all the links for OTL but was not able to get anything to run. I got the message again that the file is infected. Link to post Share on other sites More sharing options...
Tom717 Posted January 17, 2011 Author ID:375496 Share Posted January 17, 2011 We got out of synch before. Do you still want me to run rkill again? Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:375722 Share Posted January 18, 2011 You use all three extensions of OTL and again did not get? Yes, run it and try again with OTL. Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:375797 Share Posted January 18, 2011 I ran rkill again and immediately after was able to run OTL. Here are the logs:This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/18/2011 at 7:23:49. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\DOCUME~1\TOMKRI~1\LOCALS~1\Temp\sylsosihv\ewecpgjusbs.exeRkill completed on 01/18/2011 at 7:24:08. OTL Extras logfile created on: 1/18/2011 7:27:47 AM - Run 1OTL by OldTimer - Version 3.2.20.2 Folder = E:\Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.44 Gb Total Space | 51.72 Gb Free Space | 69.47% Space Free | Partition Type: NTFSDrive E: | 1.86 Gb Total Space | 1.84 Gb Free Space | 98.90% Space Free | Partition Type: FATComputer Name: D56ZXZF1 | User Name: Tom Krisa | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)"C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe" = C:\Documents and Settings\Tom Krisa\Cognitas\CrossLinkWE.exe:*:Enabled:CrossLink 5.0 -- (Cognitas Technologies, Inc.)"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)"C:\WINDOWS\Temp\~os7.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os7.tmp\pmropn.exe:*:Enabled:pmropn.exe"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"c:\program files\premieropinion\pmropn.exe" = c:\program files\premieropinion\pmropn.exe:*:Enabled:pmropn.exe"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data"{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0"{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp"{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup"{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series"{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype Link to post Share on other sites More sharing options...
Recommended Posts