gatorargo

Win32/Sirefef.AH and Win32/Sirefef.AC recalcitrant infection

8 posts in this topic

Hello,

My computer has been infected with Win32/Sirefef.AH and Win32/Sirefef.AC. I've run full system scans using Malwarebytes and Microsoft Security Essentials (both scans in Safe Mode). Both scans removed multiple items, but the Win32/Sirefef.AH and Win32/Sirefef.AC keep coming back within minutes of being cleaned. My system is being slowed down significantly by this infection, and Lord knows what other damage is happening. I would appreciate any help/advice. Thanks.

I ran DDS and got the following logs:

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Keith at 22:01:21 on 2012-04-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.69 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\tsnpstd3.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.earthlink.net/AL/Search

uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web

printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll

BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll

TB: EarthLink Toolbar: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll

uRun: [spySweeper]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [snpstd3] c:\windows\vsnpstd3.exe

mRun: [tsnpstd3] c:\windows\tsnpstd3.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRunServices: [PlayerHelper] c:\docume~1\keith\locals~1\temp\0.695665537217456.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

mPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_05\bin\ssv.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web

printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web

printing\hpswp_extensions.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft

money\system\mnyviewer.dll

LSP: mswsock.dll

Trusted Zone: supc.com\wi

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128987082921

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37907.3833217593

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab

DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab

DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DCC9570C-BC6A-4AC5-99BF-911743C9E7BA} : DhcpNameServer = 192.168.2.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2004-3-30 72784]

R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-9-24 52800]

R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2004-3-30 73296]

R3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]

S0 yhhblm;yhhblm;c:\windows\system32\drivers\efaknshm.sys --> c:\windows\system32\drivers\efaknshm.sys [?]

S0 yoljf;yoljf;c:\windows\system32\drivers\lvloul.sys --> c:\windows\system32\drivers\lvloul.sys [?]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan

enterprise\mferkdk.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]

S3 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe

[2012-3-16 8192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-8 40776]

.

=============== Created Last 30 ================

.

2012-04-09 02:41:46 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{b87b06cc-e35f-4d92-ba0b-c3da3facaa6f}\offreg.dll

2012-04-08 20:27:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-08 13:13:19 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{b87b06cc-e35f-4d92-ba0b-c3da3facaa6f}\mpengine.dll

2012-04-07 01:42:02 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys

2012-04-06 23:36:50 98816 ----a-w- c:\windows\sed.exe

2012-04-06 23:36:50 518144 ----a-w- c:\windows\SWREG.exe

2012-04-06 23:36:50 256000 ----a-w- c:\windows\PEV.exe

2012-04-06 23:36:50 208896 ----a-w- c:\windows\MBR.exe

2012-04-06 23:35:12 -------- d-s---w- C:\FixComputer

2012-04-02 00:28:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-18 23:24:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-03-18 23:21:52 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple

2012-03-18 23:21:24 -------- d-----w- c:\documents and settings\keith\local settings\application data\Apple

Computer

2012-03-18 22:53:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-03-18 22:53:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-03-16 17:22:34 -------- dc-h--w- c:\documents and settings\all users\application

data\{93906220-8503-45CF-87CB-5A54C8DE1AB2}

2012-03-16 17:22:00 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx2.dll

2012-03-16 17:22:00 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx1.dll

2012-03-16 17:21:59 372736 ----a-w- c:\windows\system32\vbwExtender.ocx

2012-03-16 17:21:59 205848 ----a-w- c:\windows\system32\THREED32.OCX

2012-03-16 17:21:58 159744 ----a-w- c:\windows\system32\rsp_ogg_vorbis_ocx_320reg.ocx

2012-03-16 17:21:58 1328824 ----a-w- c:\windows\system32\SPR32X60.ocx

2012-03-16 17:21:57 557328 ----a-w- c:\windows\system32\DAO360.DLL

2012-03-16 17:21:35 -------- d-----w- c:\program files\Hawkes Learning Systems

2012-03-16 17:20:22 -------- d--h--w- c:\documents and settings\all users\application

data\{0E02F526-DF19-494D-803B-84EABFED2875}

2012-03-16 17:15:41 -------- d-----w- c:\documents and settings\keith\local settings\application

data\PackageAware

.

==================== Find3M ====================

.

2012-04-09 02:31:09 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-07 02:09:50 206464 ------w- c:\windows\system32\drivers\bdclndrv

2012-04-02 00:28:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

.

============= FINISH: 22:05:32.50 ===============

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/4/2003 6:57:01 PM

System Uptime: 4/8/2012 9:30:38 PM (1 hours ago)

.

Motherboard: Dell Computer Corp. | |

Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor |

2593/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 56 GiB total, 23.645 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\002E60050C5

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\002E60050C5

Service: NIC1394

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Parallel Device

Device ID: ROOT\LEGACY_HPFECP13\0000

Manufacturer:

Name: Parallel Device

PNP Device ID: ROOT\LEGACY_HPFECP13\0000

Service: HPFECP13

.

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}

Description: Communications Port

Device ID: ROOT\*PNP0501\1_0_17_0_0_0

Manufacturer: (Standard port types)

Name: Communications Port (COM1)

PNP Device ID: ROOT\*PNP0501\1_0_17_0_0_0

Service: Serial

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4th Grade

Adobe Acrobat 4.0

Adobe Flash Player 11 ActiveX

Adobe Reader 7.0

AIO_Scan

Alchemy and Bejeweled Pack

America Online

AOL Coach Version 1.0(Build:20020823.1)

Apple Application Support

Apple Software Update

ArcSoft Software Suite

Arthur's Birthday

Backyard Basketball 2004

Banctec Service Agreement

BCM V.92 56K Modem

Brownstone Equation Editor 5

BufferChm

Casper Activity Center

Citrix ICA Web Client

ClickArt® Christian Value

Compatibility Pack for the 2007 Office system

Copier V1.2

Copy

Critical Update for Windows Media Player 11 (KB959772)

Curious George Comes Home

Curious George Demo v1.0

CustomerResearchQFolder

DAO

Data Desk/XL

Deal Info

Dell Picture Studio - Dell Image Expert

Dell ResourceCD

Dell Solution Center

DellSupport

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Diploma 6

Dirt Track Racing

DocProc

DocProcQFolder

Dr. Seuss Preschool

DVDSentry

EarthLink 5.0

EarthLink Accelerator

EarthLink Common

EarthLink FastLane

EarthLink Free Trial

EarthLink IM

Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present

EarthLink MailBox

EarthLink MDAC

EarthLink Redistributed

EarthLink Setup

EarthLink Software

EarthLink Spyware Blocker

EarthLink TaskPanel

EarthLink Toolbar

EarthLink Update Manager

EarthLink Webspace

Easy CD Creator 5 Basic

ELNBonus

ELNKInst

eSupportQFolder

Fax

FlashPath

GameSpy Arcade

GE MiniCam Pro

Google Toolbar for Internet Explorer

GRE POWERPREP

GS Chess

Hawkes Update Service Manager

Help and Support Customization

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Hoyle Kids Games 2 OEM

HP Customer Participation Program 9.0

HP DeskJet 710C Series (Remove only)

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

ImageMixer VCD/DVD2 for OLYMPUS

Intel® PRO Network Adapters and Drivers

Intel® PROSet

InterActual Player

IORTutorial

Java 2 Runtime Environment Standard Edition v1.3.1_02

Java 2 Runtime Environment, SE v1.4.1_01

Java 6 Update 3

Java 6 Update 5

JumpStart Animal Adventures

JumpStart First Grade v2.3b

JumpStart PreSchool v1.4

JumpStart Spelling

Kid's College CFA

LEGO Island

Lernout & Hauspie TruVoice for Microsoft Agent

LINGO 9.0

Little People® Discovery Airport

Malwarebytes Anti-Malware version 1.60.1.1000

Marble Blaster

MarketResearch

Metafile Companion 1.10

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Interactive Training

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2002

Microsoft Money 2002 System Pack

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Media Content

Microsoft Office XP Small Business

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 6.0 Docs

Microsoft Visual C++ 6.0 Introductory Edition

Microsoft XML Parser

Miracle C Shareware Package

MiraScan V3.20

Modem Helper

Moraff's Maximum MahJongg 1.0

Move Networks Media Player for Internet Explorer

MSSoap

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Windows 2000/XP Display Drivers

OLYMPUS Master

OpenMG Secure Module 4.6.01

Paint Shop Pro 7

PanoStandAlone

PDF Editor 2

pdfsam

PowerDVD

Precalculus (Fall 2011 Student)

PrimoPDF -- brought to you by Nitro PDF Software

PrintMaster Gold 4.00

PrintMusic! 2004

PS_AIO_02_Software

PS_AIO_02_Software_min

PSSWCORE

Publix Preschool Pals

QuickTime

Rapture's King Sol

Reader Rabbit Preschool® Sparkle Star Rescue!

RealOne Player

Red Baron - Ace of the Sky

Roller Coaster Factory 3

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SolutionCenter

SonicStage 4.2

Sound Blaster Live!

Spelling Dictionaries For Adobe Reader Package

Status

SureThing CD Labeler - Stomper Edition 32 bit

Thomas & Friends - Railway Adventures

TI Connect 1.6

Tonka Raceway

Toolbox

TrayApp

Ultrasoft MoneyLink

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoToolkit01

Viewpoint Media Player (Remove Only)

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

4/7/2012 9:47:31 PM, error: Service Control Manager [7023] - The Thkeys service

terminated with the following error: Access is denied.

4/7/2012 9:32:19 PM, error: Service Control Manager [7023] - The Rimmptsk service

terminated with the following error: Access is denied.

4/7/2012 9:17:18 PM, error: Service Control Manager [7023] - The Delldmi service

terminated with the following error: Access is denied.

4/7/2012 9:02:15 PM, error: Service Control Manager [7023] - The Phc600 service

terminated with the following error: Access is denied.

4/7/2012 8:47:09 PM, error: Service Control Manager [7023] - The Si3114r service

terminated with the following error: Access is denied.

4/7/2012 8:32:45 PM, error: Service Control Manager [7023] - The Network Location

Awareness (NLA) service terminated with the following error: The specified procedure

could not be found.

4/7/2012 8:32:02 PM, error: Service Control Manager [7023] - The Teefer service

terminated with the following error: Access is denied.

4/7/2012 8:16:53 PM, error: Service Control Manager [7023] - The Sgeclient service

terminated with the following error: Access is denied.

4/7/2012 8:01:53 PM, error: Service Control Manager [7023] - The S217mgmt service

terminated with the following error: Access is denied.

4/7/2012 7:46:53 PM, error: Service Control Manager [7023] - The Ageresoftmodem service

terminated with the following error: Access is denied.

4/7/2012 7:31:53 PM, error: Service Control Manager [7023] - The Bcm43xx service

terminated with the following error: Access is denied.

4/7/2012 7:16:51 PM, error: Service Control Manager [7023] - The Acprfmgrsvc service

terminated with the following error: Access is denied.

4/7/2012 7:03:12 PM, error: Service Control Manager [7023] - The Picturetaker service

terminated with the following error: Access is denied.

4/7/2012 6:47:14 PM, error: Service Control Manager [7023] - The BsHelpCS service

terminated with the following error: Access is denied.

4/7/2012 6:32:17 PM, error: Service Control Manager [7023] - The Cvslock service

terminated with the following error: Access is denied.

4/7/2012 6:17:13 PM, error: Service Control Manager [7023] - The Sndsrvc service

terminated with the following error: Access is denied.

4/7/2012 6:02:12 PM, error: Service Control Manager [7023] - The Ipssvc service

terminated with the following error: Access is denied.

4/7/2012 5:47:12 PM, error: Service Control Manager [7023] - The Gemserv service

terminated with the following error: Access is denied.

4/7/2012 5:32:37 PM, error: Service Control Manager [7023] - The Npkcrypt service

terminated with the following error: Access is denied.

4/7/2012 5:16:47 PM, error: Service Control Manager [7023] - The Ds1 service terminated

with the following error: Access is denied.

4/7/2012 5:01:46 PM, error: Service Control Manager [7023] - The Ccalib8 service

terminated with the following error: Access is denied.

4/7/2012 4:47:13 PM, error: Service Control Manager [7023] - The Ftsata2 service

terminated with the following error: Access is denied.

4/7/2012 4:31:26 PM, error: Service Control Manager [7023] - The VideX32 service

terminated with the following error: Access is denied.

4/7/2012 4:16:21 PM, error: Service Control Manager [7023] - The Fsdfwd service

terminated with the following error: Access is denied.

4/7/2012 4:01:18 PM, error: Service Control Manager [7023] - The Se26nd5 service

terminated with the following error: Access is denied.

4/7/2012 3:46:20 PM, error: Service Control Manager [7023] - The Sk9920nt service

terminated with the following error: Access is denied.

4/7/2012 3:31:17 PM, error: Service Control Manager [7023] - The Pnmsrv service

terminated with the following error: Access is denied.

4/7/2012 10:27:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has

encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1294.0 Update Source: Microsoft Update Server

Update Stage: Search Source Path: Default URL Signature Type: AntiVirus

Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This

service cannot be started in Safe Mode

4/7/2012 10:26:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has

encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.123.1294.0 Update Source: Microsoft Update Server

Update Stage: Search Source Path: Default URL Signature Type: AntiVirus

Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This

service cannot be started in Safe Mode

4/7/2012 10:26:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/7/2012 10:25:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service netman with arguments "" in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/7/2012 10:24:14 PM, error: Service Control Manager [7034] - The System Restore

Service service terminated unexpectedly. It has done this 1 time(s).

4/7/2012 10:24:14 PM, error: Service Control Manager [7034] - The CryptSvc service

terminated unexpectedly. It has done this 1 time(s).

4/7/2012 10:24:14 PM, error: Service Control Manager [7032] - The Service Control

Manager tried to take a corrective action (Restart the service) after the unexpected

termination of the Windows Management Instrumentation service, but this action failed

with the following error: An instance of the service is already running.

4/7/2012 10:24:14 PM, error: Service Control Manager [7031] - The Windows Management

Instrumentation service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.

4/7/2012 10:24:14 PM, error: Service Control Manager [7031] - The Help and Support

service terminated unexpectedly. It has done this 1 time(s). The following corrective

action will be taken in 100 milliseconds: Restart the service.

4/7/2012 10:24:14 PM, error: Service Control Manager [7026] - The following boot-start

or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb

NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper

service depends on the AFD Networking Support Environment service which failed to start

because of the following error: A device attached to the system is not functioning.

4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The IPSEC Services

service depends on the IPSEC driver service which failed to start because of the

following error: A device attached to the system is not functioning.

4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The DNS Client service

depends on the TCP/IP Protocol Driver service which failed to start because of the

following error: A device attached to the system is not functioning.

4/7/2012 10:24:14 PM, error: Service Control Manager [7001] - The DHCP Client service

depends on the NetBios over Tcpip service which failed to start because of the following

error: A device attached to the system is not functioning.

4/7/2012 10:24:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

4/7/2012 10:17:21 PM, error: Service Control Manager [7023] - The Lxct_device service

terminated with the following error: Access is denied.

4/7/2012 10:02:29 PM, error: Service Control Manager [7023] - The Servicemgr service

terminated with the following error: Access is denied.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Hi MrC,

I ran RogueKiller and received the following report:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Keith [Admin rights]

Mode: Scan -- Date: 04/28/2003 00:06:21

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKLM\[...]\RunServices : PlayerHelper (C:\DOCUME~1\Keith\LOCALS~1\Temp\0.695665537217456.exe) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC35L060AVV207-0 +++++

--- User ---

[MBR] f3a72eaaf96e2a04b62740aadf128ef6

[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 57184 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

  • There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  • There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  • I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

----------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

also....

Please back up the registry as outlined in the link below using ERUNT:

http://www.geekstogo.com/forum/topic/208859-backing-up-the-registry-using-erunt/

------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Hi MrC,

Sorry I haven't posted back sooner - - - I've been swamped at work.

Thanks for all the helpful information. I've decided that I'm going to reinstall my OS, since it's the only way to be sure for an infection this nasty.

Thanks again,

gatorargo

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.