7 replies to this topic

[gatorargo]

Hello,
My computer has been infected with Win32/Sirefef.AH and Win32/Sirefef.AC. I've run full system scans using Malwarebytes and Microsoft Security Essentials (both scans in Safe Mode). Both scans removed multiple items, but the Win32/Sirefef.AH and Win32/Sirefef.AC keep coming back within minutes of being cleaned. My system is being slowed down significantly by this infection, and Lord knows what other damage is happening. I would appreciate any help/advice. Thanks.

I ran DDS and got the following logs:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Keith at 22:01:21 on 2012-04-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.69 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web
printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat
7.0\activex\AcroIEHelper.dll
BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program
files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: EarthLink Toolbar: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [SpySweeper]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunServices: [PlayerHelper] c:\docume~1\keith\locals~1\temp\0.695665537217456.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program
files\java\jre1.6.0_05\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web
printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web
printing\hpswp_extensions.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft
money\system\mnyviewer.dll
LSP: mswsock.dll
Trusted Zone: supc.com\wi
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128987082921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.3833217593
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DCC9570C-BC6A-4AC5-99BF-911743C9E7BA} : DhcpNameServer = 192.168.2.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2004-3-30 72784]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-9-24 52800]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2004-3-30 73296]
R3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S0 yhhblm;yhhblm;c:\windows\system32\drivers\efaknshm.sys --> c:\windows\system32\drivers\efaknshm.sys [?]
S0 yoljf;yoljf;c:\windows\system32\drivers\lvloul.sys --> c:\windows\system32\drivers\lvloul.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan
enterprise\mferkdk.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update
Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe
[2012-3-16 8192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-8 40776]
.
=============== Created Last 30 ================
.
2012-04-09 02:41:46 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft
antimalware\definition updates\{b87b06cc-e35f-4d92-ba0b-c3da3facaa6f}\offreg.dll
2012-04-08 20:27:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-08 13:13:19 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft
antimalware\definition updates\{b87b06cc-e35f-4d92-ba0b-c3da3facaa6f}\mpengine.dll
2012-04-07 01:42:02 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-06 23:36:50 98816 ----a-w- c:\windows\sed.exe
2012-04-06 23:36:50 518144 ----a-w- c:\windows\SWREG.exe
2012-04-06 23:36:50 256000 ----a-w- c:\windows\PEV.exe
2012-04-06 23:36:50 208896 ----a-w- c:\windows\MBR.exe
2012-04-06 23:35:12 -------- d-s---w- C:\FixComputer
2012-04-02 00:28:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 23:24:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-18 23:21:52 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple
2012-03-18 23:21:24 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple
Computer
2012-03-18 22:53:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-18 22:53:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-16 17:22:34 -------- dc-h--w- c:\documents and settings\all users\application
data\{93906220-8503-45CF-87CB-5A54C8DE1AB2}
2012-03-16 17:22:00 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx2.dll
2012-03-16 17:22:00 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx1.dll
2012-03-16 17:21:59 372736 ----a-w- c:\windows\system32\vbwExtender.ocx
2012-03-16 17:21:59 205848 ----a-w- c:\windows\system32\THREED32.OCX
2012-03-16 17:21:58 159744 ----a-w- c:\windows\system32\rsp_ogg_vorbis_ocx_320reg.ocx
2012-03-16 17:21:58 1328824 ----a-w- c:\windows\system32\SPR32X60.ocx
2012-03-16 17:21:57 557328 ----a-w- c:\windows\system32\DAO360.DLL
2012-03-16 17:21:35 -------- d-----w- c:\program files\Hawkes Learning Systems
2012-03-16 17:20:22 -------- d--h--w- c:\documents and settings\all users\application
data\{0E02F526-DF19-494D-803B-84EABFED2875}
2012-03-16 17:15:41 -------- d-----w- c:\documents and settings\keith\local settings\application
data\PackageAware
.
==================== Find3M ====================
.
2012-04-09 02:31:09 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-07 02:09:50 206464 ------w- c:\windows\system32\drivers\bdclndrv
2012-04-02 00:28:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 22:05:32.50 ===============

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2003 6:57:01 PM
System Uptime: 4/8/2012 9:30:38 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor |
2593/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 23.645 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\002E60050C5
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\002E60050C5
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP13\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP13\0000
Service: HPFECP13
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ROOT\*PNP0501\1_0_17_0_0_0
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ROOT\*PNP0501\1_0_17_0_0_0
Service: Serial
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4th Grade
Adobe Acrobat 4.0
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
AIO_Scan
Alchemy and Bejeweled Pack
America Online
AOL Coach Version 1.0(Build:20020823.1)
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Arthur's Birthday
Backyard Basketball 2004
Banctec Service Agreement
BCM V.92 56K Modem
Brownstone Equation Editor 5
BufferChm
Casper Activity Center
Citrix ICA Web Client
ClickArt® Christian Value
Compatibility Pack for the 2007 Office system
Copier V1.2
Copy
Critical Update for Windows Media Player 11 (KB959772)
Curious George Comes Home
Curious George Demo v1.0
CustomerResearchQFolder
DAO
Data Desk/XL
Deal Info
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diploma 6
Dirt Track Racing
DocProc
DocProcQFolder
Dr. Seuss Preschool
DVDSentry
EarthLink 5.0
EarthLink Accelerator
EarthLink Common
EarthLink FastLane
EarthLink Free Trial
EarthLink IM
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
EarthLink MailBox
EarthLink MDAC
EarthLink Redistributed
EarthLink Setup
EarthLink Software
EarthLink Spyware Blocker
EarthLink TaskPanel
EarthLink Toolbar
EarthLink Update Manager
EarthLink Webspace
Easy CD Creator 5 Basic
ELNBonus
ELNKInst
eSupportQFolder
Fax
FlashPath
GameSpy Arcade
GE MiniCam Pro
Google Toolbar for Internet Explorer
GRE POWERPREP
GS Chess
Hawkes Update Service Manager
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Kids Games 2 OEM
HP Customer Participation Program 9.0
HP DeskJet 710C Series (Remove only)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
ImageMixer VCD/DVD2 for OLYMPUS
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterActual Player
IORTutorial
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.1_01
Java™ 6 Update 3
Java™ 6 Update 5
JumpStart Animal Adventures
JumpStart First Grade v2.3b
JumpStart PreSchool v1.4
JumpStart Spelling
Kid's College CFA
LEGO Island
Lernout & Hauspie TruVoice for Microsoft Agent
LINGO 9.0
Little People® Discovery Airport
Malwarebytes Anti-Malware version 1.60.1.1000
Marble Blaster
MarketResearch
Metafile Companion 1.10
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 6.0 Docs
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft XML Parser
Miracle C Shareware Package
MiraScan V3.20
Modem Helper
Moraff's Maximum MahJongg 1.0
Move Networks Media Player for Internet Explorer
MSSoap
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS Master
OpenMG Secure Module 4.6.01
Paint Shop Pro 7
PanoStandAlone
PDF Editor 2
pdfsam
PowerDVD
Precalculus (Fall 2011 Student)
PrimoPDF -- brought to you by Nitro PDF Software
PrintMaster Gold 4.00
PrintMusic! 2004
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Publix Preschool Pals
QuickTime
Rapture's King Sol
Reader Rabbit Preschool® Sparkle Star Rescue!™
RealOne Player
Red Baron - Ace of the Sky
Roller Coaster Factory 3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SolutionCenter
SonicStage 4.2
Sound Blaster Live!
Spelling Dictionaries For Adobe Reader Package
Status
SureThing CD Labeler - Stomper Edition 32 bit
Thomas & Friends - Railway Adventures
TI Connect 1.6
Tonka Raceway
Toolbox
TrayApp
Ultrasoft MoneyLink
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Viewpoint Media Player (Remove Only)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/7/2012 9:47:31 PM, error: Service Control Manager [7023] - The Thkeys service
terminated with the following error: Access is denied.
4/7/2012 9:32:19 PM, error: Service Control Manager [7023] - The Rimmptsk service
terminated with the following error: Access is denied.
4/7/2012 9:17:18 PM, error: Service Control Manager [7023] - The Delldmi service
terminated with the following error: Access is denied.
4/7/2012 9:02:15 PM, error: Service Control Manager [7023] - The Phc600 service
terminated with the following error: Access is denied.
4/7/2012 8:47:09 PM, error: Service Control Manager [7023] - The Si3114r service
terminated with the following error: Access is denied.
4/7/2012 8:32:45 PM, error: Service Control Manager [7023] - The Network Location
Awareness (NLA) service terminated with the following error: The specified procedure
could not be found.
4/7/2012 8:32:02 PM, error: Service Control Manager [7023] - The Teefer service
terminated with the following error: Access is denied.
4/7/2012 8:16:53 PM, error: Service Control Manager [7023] - The Sgeclient service
terminated with the following error: Access is denied.
4/7/2012 8:01:53 PM, error: Service Control Manager [7023] - The S217mgmt service
terminated with the following error: Access is denied.
4/7/2012 7:46:53 PM, error: Service Control Manager [7023] - The Ageresoftmodem service
terminated with the following error: Access is denied.
4/7/2012 7:31:53 PM, error: Service Control Manager [7023] - The Bcm43xx service
terminated with the following error: Access is denied.
4/7/2012 7:16:51 PM, error: Service Control Manager [7023] - The Acprfmgrsvc service
terminated with the following error: Access is denied.
4/7/2012 7:03:12 PM, error: Service Control Manager [7023] - The Picturetaker service
terminated with the following error: Access is denied.
4/7/2012 6:47:14 PM, error: Service Control Manager [7023] - The BsHelpCS service
terminated with the following error: Access is denied.
4/7/2012 6:32:17 PM, error: Service Control Manager [7023] - The Cvslock service
terminated with the following error: Access is denied.
4/7/2012 6:17:13 PM, error: Service Control Manager [7023] - The Sndsrvc service
terminated with the following error: Access is denied.
4/7/2012 6:02:12 PM, error: Service Control Manager [7023] - The Ipssvc service
terminated with the following error: Access is denied.
4/7/2012 5:47:12 PM, error: Service Control Manager [7023] - The Gemserv service
terminated with the following error: Access is denied.
4/7/2012 5:32:37 PM, error: Service Control Manager [7023] - The Npkcrypt service
terminated with the following error: Access is denied.
4/7/2012 5:16:47 PM, error: Service Control Manager [7023] - The Ds1 service terminated
with the following error: Access is denied.
4/7/2012 5:01:46 PM, error: Service Control Manager [7023] - The Ccalib8 service
terminated with the following error: Access is denied.
4/7/2012 4:47:13 PM, error: Service Control Manager [7023] - The Ftsata2 service
terminated with the following error: Access is denied.
4/7/2012 4:31:26 PM, error: Service Control Manager [7023] - The VideX32 service
terminated with the following error: Access is denied.
4/7/2012 4:16:21 PM, error: Service Control Manager [7023] - The Fsdfwd service
terminated with the following error: Access is denied.
4/7/2012 4:01:18 PM, error: Service Control Manager [7023] - The Se26nd5 service
terminated with the following error: Access is denied.
4/7/2012 3:46:20 PM, error: Service Control Manager [7023] - The Sk9920nt service
terminated with the following error: Access is denied.
4/7/2012 3:31:17 PM, error: Service Control Manager [7023] - The Pnmsrv service
terminated with the following error: Access is denied.
4/7/2012 10:27:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has
encountered an error trying to update signatures. New Signature Version:
Previous Signature Version: 1.123.1294.0 Update Source: Microsoft Update Server
Update Stage: Search Source Path: Default URL Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This
service cannot be started in Safe Mode
4/7/2012 10:26:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has
encountered an error trying to update signatures. New Signature Version:
Previous Signature Version: 1.123.1294.0 Update Source: Microsoft Update Server
Update Stage: Search Source Path: Default URL Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This
service cannot be started in Safe Mode
4/7/2012 10:26:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start
the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/7/2012 10:25:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start
the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/7/2012 10:24:14 PM, error: Service Control Manager [7034] - The System Restore
Service service terminated unexpectedly. It has done this 1 time(s).
4/7/2012 10:24:14 PM, error: Service Control Manager [7034] - The CryptSvc service
terminated unexpectedly. It has done this 1 time(s).
4/7/2012 10:24:14 PM, error: Service Control Manager [7032] - The Service Control
Manager tried to take a corrective action (Restart the service) after the unexpected
termination of the Windows Management Instrumentation service, but this action failed
with the following error: An instance of the service is already running.
4/7/2012 10:24:14 PM, error: Service Control Manager [7031] - The Windows Management
Instrumentation service terminated unexpectedly. It has done this 1 time(s). The
following corrective action will be taken in 60000 milliseconds: Restart the service.
4/7/2012 10:24:14 PM, error: Service Control Manager [7031] - The Help and Support
service terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 100 milliseconds: Restart the service.
4/7/2012 10:24:14 PM, error: Service Control Manager [7026] - The following boot-start
or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb
NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper
service depends on the AFD Networking Support Environment service which failed to start
because of the following error: A device attached to the system is not functioning.
4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The IPSEC Services
service depends on the IPSEC driver service which failed to start because of the
following error: A device attached to the system is not functioning.
4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The DNS Client service
depends on the TCP/IP Protocol Driver service which failed to start because of the
following error: A device attached to the system is not functioning.
4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The DHCP Client service
depends on the NetBios over Tcpip service which failed to start because of the following
error: A device attached to the system is not functioning.
4/7/2012 10:24:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start
the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
4/7/2012 10:17:21 PM, error: Service Control Manager [7023] - The Lxct_device service
terminated with the following error: Access is denied.
4/7/2012 10:02:29 PM, error: Service Control Manager [7023] - The Servicemgr service
terminated with the following error: Access is denied.
.
==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

[gatorargo]

Hi MrC,

I ran RogueKiller and received the following report:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Keith [Admin rights]
Mode: Scan -- Date: 04/28/2003 00:06:21
¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]
¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\RunServices : PlayerHelper (C:\DOCUME~1\Keith\LOCALS~1\Temp\0.695665537217456.exe) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: IC35L060AVV207-0 +++++
--- User ---
[MBR] f3a72eaaf96e2a04b62740aadf128ef6
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 57184 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!


Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

----------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

also....

Please back up the registry as outlined in the link below using ERUNT:

http://www.geekstogo...ry-using-erunt/

------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[gatorargo]

Hi MrC,

Sorry I haven't posted back sooner - - - I've been swamped at work.

Thanks for all the helpful information. I've decided that I'm going to reinstall my OS, since it's the only way to be sure for an infection this nasty.

Thanks again,
gatorargo

[MrCharlie]

Good choice.


Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!