Virus and not running in Normal Mode

Gateway / Mt6456
June 3, 2009 at 21:37:58
Specs: Microsoft Windows Vista Home Premium, 1.596 GHz / 893 MB
Hi. my computer will startup in normal mode and lock up after a couple minutes after my desktop had loaded. and the internet wont work (cable) also. When I start it in safe-mode, the internet works fine. I ran Webroot Spysweeper and it found "trojan downloader matcash" and "trojan-agent-tdss". I've tried selective booting in normal mode with all third-party services and startup programs off and it still doesnt work. It wont lock up right away but the internet doesnt work. If i try to open too many programs it will lock up though. Thank you very much for reading this.

See More: Virus and not running in Normal Mode

Report •


#1
June 3, 2009 at 22:03:55
just about the exact same problem here...

Report •

#2
June 4, 2009 at 06:25:02
You both still need help?

-------------------------------------------------


Report •

#3
June 4, 2009 at 09:03:46
yes please. i also tried system restore and it said it was unsuccessful in bringing me back to a restore point because "there was a disk failure during system restore". i tried to run a disk error-check in safe mode and i would press the "check now" button and it wouldnt do anything. please help. dont know what to do

Report •

Related Solutions

#4
June 4, 2009 at 09:10:31
Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Attach Scan log/Summary to your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

---------------------------------------------------------------------------


Report •

#5
June 4, 2009 at 14:17:21
should i download kapersky virus removal tool or the kapersky anti-virus 30 day trial? ive found a few download sites for the removal tool but they are dead links.

Report •

#6
June 4, 2009 at 14:43:12
Sorry i fixed Response Number 4.

-------------------------------------------------


Report •

#7
June 4, 2009 at 20:31:44
im sorry. that link wont work for me. im having a hard time finding that download in other places too. is there another removal tool that works? thank you

Report •

#8
June 4, 2009 at 20:43:01
Try Eset/bitdefender online scanner. If those doesn't work download AVP tool on other computer and burn it to disc.

-------------------------------------------------


Report •

#9
June 5, 2009 at 01:25:05
well i tried the kaspersky removal tool and it said it got rid of 4 trojans but when i rebooted in normal mode, the screen just goes black... i can see and move my cursor around but everything is black... this sucks..

Report •

#10
June 5, 2009 at 04:17:34
Please read Response Number 4 carefully and attach scan summary log.

-------------------------------------------------


Report •

#11
June 6, 2009 at 20:31:18
any anti-virus software i try to download and install, my computer will not let me run it. i have no idea what to do. some programs websites do not even load in my browser and if they do, it wont let me download them. this is nuts

Report •

#12
June 6, 2009 at 20:42:29
Again post Kaspersky AVP Tool scan log...

-------------------------------------------------


Report •

#13
June 6, 2009 at 22:10:31
it wont let me run it. im one of two people with this problem on this post. the other guy was able to run his. i wish i could lol. i tried downloading spybot, kapersky, malwarebytes, trojan remover, etc. i can install them. but i cant run them. i double click on them and nothing happens. i had search in different places just to be able to download these programs. i even tried copying and renaming the files to run them and that doesnt even work.

Report •

#14
June 7, 2009 at 06:46:25
Read your Response Number 9... "well i tried the kaspersky removal tool and it said it got rid of 4 trojans but when i rebooted in normal mode, the screen just goes black... i can see and move my cursor around but everything is black... this sucks.." ... Post that scan log.

-------------------------------------------------


Report •

#15
June 7, 2009 at 09:22:07
response number 9 is not from me. that is someone else. i began this post and it seems the person who wrote response number 9 was having a similar problem. but apparently he can run the antivirus tool. my computer will not allow me to. i cant run malwarebytes or kapersky or spybot, etc.

Report •

#16
June 7, 2009 at 10:58:17
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here

-------------------------------------------------


Report •

#17
June 7, 2009 at 12:50:03
ya im a diff. person with the same prob.. ok so i ran kaspersky again using the deep rootkit search and it scanned and said there was no threats detected...mind you when i did it before it said it got rid of 4 trojans in music files... i saved a copy of this scan but have no clue how to put it on here...

Report •

#18
June 7, 2009 at 12:58:54
Stickman to reduce confusion start your own post with with screen shot of detected tab.

-------------------------------------------------


Report •

#19
June 7, 2009 at 13:06:06
hi i was only able to run trojan remover in normal mode. this is the scan log. my internet works now in normal mode lol. thank you very much. please let me know what else i would have to do

***** THE SYSTEM HAS BEEN RESTARTED *****
6/7/2009 2:32:03 PM: Trojan Remover has been restarted
----------
Cleaning up TDSS keys/files:
C:\Windows\system32\gxvxcrupieqauvrqrvpesvpdvwlsvmvjtuqmg.dll - deleted
C:\Windows\system32\gxvxcodliygxrdmvlmpvaatwtwxkergwdjeiq.dll - deleted
----------
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys - removed
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys - already removed (or did not exist)
=======================================================
6/7/2009 2:32:03 PM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.9.2581. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 2:28:39 PM 07 Jun 2009
Using Database v7339
Operating System: Windows Vista Home Premium [Build: 6.0.6000]
File System: NTFS
User Account Control is Enabled.
UserData directory: C:\Users\user\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\user\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
2:28:39 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: gxvxcserv.sys
Hidden Service: \systemroot\system32\drivers\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys
C:\Windows\system32\drivers\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys
48128 bytes
Modified: 6/1/2009 1:14 AM
Company: [no info]
[File appears to be locked by another process]
File appears to be hidden using rootkit techniques
Entry has been scheduled for deletion when the PC is restarted
C:\Windows\system32\drivers\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys - file backed up to C:\Windows\system32\drivers\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys.vir
C:\Windows\system32\drivers\gxvxcswbdcatphybchmjscgvlbldrkekajynu.sys - file has been erased using RAW erasure
----------

************************************************************
2:28:58 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 11/2/2006 3:47 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 11/2/2006 3:43 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: MSConfig
Value Data: "C:\Windows\system32\msconfig.exe" /auto
C:\Windows\system32\msconfig.exe
222208 bytes
Created: 11/2/2006 3:35 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name:
Value Data:
Blank entry: []
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

************************************************************
2:28:58 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
2:28:58 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
2:28:58 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
2:28:58 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
2:28:59 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
2:28:59 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: asdv
ImagePath: \??\C:\Windows\system32\drivers\asdv.sys
C:\Windows\system32\drivers\asdv.sys
33280 bytes
Created: 6/6/2009 11:13 PM
Modified: 6/6/2009 11:13 PM
Company: [no info]
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
298776 bytes
Created: 5/7/2009 1:20 PM
Modified: 5/7/2009 1:20 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
325896 bytes
Created: 5/7/2009 1:22 PM
Modified: 5/7/2009 1:22 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
27784 bytes
Created: 11/25/2007 9:54 PM
Modified: 5/7/2009 1:22 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\Windows\System32\Drivers\avgtdix.sys
108552 bytes
Created: 5/7/2009 1:22 PM
Modified: 5/7/2009 1:22 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM43XV
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
464384 bytes
Created: 11/2/2006 5:25 AM
Modified: 11/2/2006 2:30 AM
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 11:17 AM
Modified: 12/12/2008 11:17 AM
Company: Apple Inc.
----------
Key: elagopro
ImagePath: system32\DRIVERS\elagopro.sys
C:\Windows\system32\DRIVERS\elagopro.sys
-S- 28672 bytes
Created: 3/22/2007 1:57 PM
Modified: 3/22/2007 1:57 PM
Company: Gteko Ltd.
----------
Key: elaunidr
ImagePath: system32\DRIVERS\elaunidr.sys
C:\Windows\system32\DRIVERS\elaunidr.sys
-S- 5376 bytes
Created: 3/22/2007 1:57 PM
Modified: 3/22/2007 1:57 PM
Company: Gteko Ltd.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 10/22/2004 3:24 AM
Modified: 10/22/2004 3:24 AM
Company: Macrovision Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 11/2/2006 3:51 AM
Modified: 11/2/2006 3:51 AM
Company: Microsoft Corporation
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\Windows\system32\DRIVERS\motmodem.sys - [file not found to scan]
----------
Key: MRVW147
ImagePath: system32\DRIVERS\MRVW147.sys
C:\Windows\system32\DRIVERS\MRVW147.sys
423936 bytes
Created: 3/2/2007 10:23 PM
Modified: 3/2/2007 10:23 PM
Company: Marvell Semiconductor, Inc
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: Nero BackItUp Scheduler 3
ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
877864 bytes
Created: 2/18/2008 5:29 PM
Modified: 2/18/2008 5:29 PM
Company: Nero AG
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
529704 bytes
Created: 2/28/2008 6:07 PM
Modified: 2/28/2008 6:07 PM
Company: Nero AG
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: PCToolsFirewallPlus
ImagePath: C:\Program Files\PC Tools Firewall Plus 2\FWService.exe
C:\Program Files\PC Tools Firewall Plus 2\FWService.exe
146800 bytes
Created: 4/13/2008 3:13 AM
Modified: 12/11/2008 5:58 PM
Company: PC Tools
----------
Key: PLFlash DeviceIoControl Service
ImagePath: C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\IoctlSvc.exe
81920 bytes
Created: 12/19/2006 10:30 AM
Modified: 12/19/2006 10:30 AM
Company: Prolific Technology Inc.
----------
Key: PrismXL
ImagePath: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
65536 bytes
Created: 1/23/2007 5:40 AM
Modified: 1/23/2007 5:41 AM
Company: New Boundary Technologies, Inc.
----------
Key: rootrepeal
ImagePath: \??\C:\Windows\system32\drivers\rootrepeal.sys
C:\Windows\system32\drivers\rootrepeal.sys - [file not found to scan]
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 11/2/2006 3:51 AM
Modified: 11/2/2006 3:51 AM
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 11/2/2006 3:51 AM
Modified: 11/2/2006 3:51 AM
Company: Microsoft Corporation
----------
Key: smserial
ImagePath: system32\DRIVERS\smserial.sys
C:\Windows\system32\DRIVERS\smserial.sys
983936 bytes
Created: 2/26/2007 6:56 AM
Modified: 1/17/2007 1:38 AM
Company: Motorola Inc.
----------
Key: ssfs0bbc
ImagePath: system32\DRIVERS\ssfs0bbc.sys
C:\Windows\system32\DRIVERS\ssfs0bbc.sys
29808 bytes
Created: 2/25/2009 3:24 PM
Modified: 2/25/2009 3:24 PM
Company: Webroot Software, Inc. (www.webroot.com)
----------
Key: SSHRMD
ImagePath: SYSTEM32\Drivers\SSHRMD.SYS
C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS
23152 bytes
Created: 2/25/2009 3:24 PM
Modified: 2/25/2009 3:24 PM
Company: Webroot Software, Inc. (www.webroot.com)
----------
Key: SSIDRV
ImagePath: SYSTEM32\Drivers\SSIDRV.SYS
C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS
176752 bytes
Created: 2/25/2009 3:24 PM
Modified: 2/25/2009 3:24 PM
Company: Webroot Software, Inc. (www.webroot.com)
----------
Key: SSKBFD
ImagePath: System32\Drivers\sskbfd.sys
C:\Windows\System32\Drivers\sskbfd.sys
23920 bytes
Created: 11/25/2007 9:28 PM
Modified: 1/4/2008 8:34 PM
Company: Webroot Software Inc (www.webroot.com)
----------
Key: STacSV
ImagePath: C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
90112 bytes
Created: 11/20/2007 11:27 AM
Modified: 1/2/2007 3:44 AM
Company: SigmaTel, Inc.
----------
Key: STHDA
ImagePath: system32\drivers\stwrt.sys
C:\Windows\system32\drivers\stwrt.sys
649216 bytes
Created: 11/20/2007 11:27 AM
Modified: 1/2/2007 3:44 AM
Company: SigmaTel, Inc.
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\Windows\system32\DRIVERS\SynTP.sys
181176 bytes
Created: 2/26/2007 6:55 AM
Modified: 11/17/2006 1:22 AM
Company: Synaptics, Inc.
----------
Key: tavsvc
ImagePath: C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
251408 bytes
Created: 1/22/2007 12:49 AM
Modified: 1/22/2007 12:49 AM
Company: Trend Micro Inc.
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\Windows\system32\drivers\tifm21.sys
168448 bytes
Created: 7/6/2006 12:44 AM
Modified: 7/6/2006 12:44 AM
Company: Texas Instruments
----------
Key: tmcomm
ImagePath: system32\DRIVERS\tmcomm.sys
C:\Windows\system32\DRIVERS\tmcomm.sys
138384 bytes
Created: 1/22/2007 12:50 AM
Modified: 12/24/2007 5:37 PM
Company: Trend Micro Inc.
----------
Key: tmpreflt
ImagePath: system32\DRIVERS\tmpreflt.sys
C:\Windows\system32\DRIVERS\tmpreflt.sys
36368 bytes
Created: 1/22/2007 12:49 AM
Modified: 5/2/2008 4:21 PM
Company: Trend Micro Inc.
----------
Key: tmproxy
ImagePath: C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
566872 bytes
Created: 1/22/2007 12:49 AM
Modified: 1/22/2007 12:49 AM
Company: Trend Micro Inc.
----------
Key: tmxpflt
ImagePath: system32\DRIVERS\tmxpflt.sys
C:\Windows\system32\DRIVERS\tmxpflt.sys
205328 bytes
Created: 1/22/2007 12:49 AM
Modified: 5/2/2008 4:22 PM
Company: Trend Micro Inc.
----------
Key: trutil
ImagePath: \??\C:\Users\user\AppData\Local\Temp\trutil.sys - this file is a Trojan Remover component
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\Windows\System32\Drivers\usbaapl.sys
30464 bytes
Created: 2/18/2008 12:16 PM
Modified: 2/18/2008 12:16 PM
Company: Apple, Inc.
----------
Key: usb_rndisx
ImagePath: system32\DRIVERS\usb8023x.sys
C:\Windows\system32\DRIVERS\usb8023x.sys
14848 bytes
Created: 11/2/2006 5:25 AM
Modified: 11/2/2006 3:57 AM
Company: Microsoft Corporation
----------
Key: vsapint
ImagePath: system32\DRIVERS\vsapint.sys
C:\Windows\system32\DRIVERS\vsapint.sys
1169240 bytes
Created: 1/22/2007 12:49 AM
Modified: 5/2/2008 4:17 PM
Company: Trend Micro Inc.
----------
Key: WebrootSpySweeperService
ImagePath: "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
4048240 bytes
Created: 2/25/2009 3:24 PM
Modified: 2/25/2009 3:24 PM
Company: Webroot Software, Inc. (www.webroot.com)
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 11/2/2006 5:25 AM
Modified: 11/2/2006 4:04 AM
Company: Microsoft Corporation
----------
Key: WRConsumerService
ImagePath: "C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe"
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
1178728 bytes
Created: 2/8/2009 1:36 AM
Modified: 3/22/2009 1:17 AM
Company: Webroot Software, Inc.
----------
Key: yukonwlh
ImagePath: system32\DRIVERS\yk60x86.sys
C:\Windows\system32\DRIVERS\yk60x86.sys
278528 bytes
Created: 7/31/2007 9:22 AM
Modified: 7/31/2007 9:22 AM
Company: Marvell
----------

************************************************************
2:29:15 PM: Scanning -----VXD ENTRIES-----

************************************************************
2:29:15 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
No Winlogon\Notify DLLs found to scan

************************************************************
2:29:15 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
118040 bytes
Created: 5/7/2009 1:21 PM
Modified: 5/7/2009 1:21 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 2/28/2008 10:53 AM
Modified: 2/28/2008 10:53 AM
Company: Nero AG
----------
Key: OnlineProtectMenu
CLSID: {48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}
File: [CLSID does not appear to reference a file]
----------
Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4}
Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
263464 bytes
Created: 2/18/2008 5:29 PM
Modified: 2/18/2008 5:29 PM
Company: Nero AG
----------

************************************************************
2:29:15 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
2:29:15 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
259696 bytes
Created: 3/12/2009 1:12 AM
Modified: 5/7/2009 1:12 PM
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 4/18/2009 12:03 AM
Modified: 4/18/2009 12:03 AM
Company: Google Inc.
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
470512 bytes
Created: 5/7/2009 1:12 PM
Modified: 5/7/2009 1:12 PM
Company: Google Inc.
----------
Key: {CA6319C0-31B7-401E-A518-A07C3DB8F777}
BHO: c:\windows\system32\BAE.dll
c:\windows\system32\BAE.dll
94208 bytes
Created: 11/20/2007 11:30 AM
Modified: 2/1/2006 5:54 AM
Company: Gateway Inc.
----------

************************************************************
2:29:16 PM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
2:29:16 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
2:29:16 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
2:29:16 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
11952 bytes
Created: 5/7/2009 1:22 PM
Modified: 5/7/2009 1:22 PM
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
2:29:17 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
2:29:17 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/2/2006 7:50 AM
Modified: 12/4/2007 7:00 PM
Company: [no info]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
--------------------

************************************************************
2:29:17 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: James
[C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-RH- 174 bytes
Created: 11/25/2007 4:24 PM
Modified: 11/5/2007 7:11 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Kristen
[C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Kristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-RH- 174 bytes
Created: 11/25/2007 4:26 PM
Modified: 9/9/2007 1:35 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Kristen.user-PC
[C:\Users\Kristen.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Kristen.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/25/2007 9:01 PM
Modified: 12/4/2007 7:01 PM
Company: [no info]
C:\Users\Kristen.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
----------
--------------------
Checking Startup Group for: owner
[C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-RH- 174 bytes
Created: 11/25/2007 4:33 PM
Modified: 9/8/2007 12:15 PM
Company: [no info]
----------
OneNote 2007 Screen Clipper and Launcher.lnk - links to C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
101440 bytes
Created: 12/7/2007 9:44 PM
Modified: 12/7/2007 9:44 PM
Company: Microsoft Corporation
----------
--------------------
Checking Startup Group for: Owner.user-PC
[C:\Users\Owner.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Owner.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/25/2007 8:53 PM
Modified: 11/25/2007 8:53 PM
Company: [no info]
C:\Users\Owner.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
----------
--------------------
Checking Startup Group for: Temp
[C:\Users\Temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 1/16/2008 12:18 AM
Modified: 1/16/2008 12:18 AM
Company: [no info]
C:\Users\Temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
----------
--------------------
Checking Startup Group for: user
[C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-RH- 174 bytes
Created: 11/24/2007 7:30 PM
Modified: 9/8/2007 12:15 PM
Company: [no info]
----------
--------------------

************************************************************
2:29:20 PM: Scanning ----- SCHEDULED TASKS -----
ERROR: EOleException calling Scheduler.Create in procedure ScanForm.ProcessTasks: The Task Scheduler Service is not running

************************************************************
2:29:20 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
No ShellIconOverlayIdentifiers Registry key found to scan

************************************************************
2:29:20 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: i420vfw.dll
C:\Windows\system32\i420vfw.dll
70656 bytes
Created: 7/17/2008 9:59 AM
Modified: 1/25/2004 12:00 AM
Company: www.helixcommunity.org
----------
Value: vidc.xvid
File: xvid.dll
C:\Windows\system32\xvid.dll
495616 bytes
Created: 9/10/2002 10:10 AM
Modified: 9/10/2002 10:10 AM
Company: [no info]
----------
Value: vidc.DIVX
File: DivX.dll
C:\Windows\system32\DivX.dll
684032 bytes
Created: 11/6/2008 11:33 AM
Modified: 11/6/2008 11:33 AM
Company: DivX, Inc.
----------
Value: vidc.yv12
File: DivX.dll
C:\Windows\system32\DivX.dll - file already scanned
----------

************************************************************
2:29:21 PM: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in D:\
D:\autorun.inf
-RHS- 417 bytes
Created: 2/26/2007 6:56 AM
Modified: 6/1/2009 10:25 PM
Company: [no info]
D:\autorun.inf ShellExecute entry: ["RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com d:\"]
D:\RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com
-RHS- 40960 bytes
Created: 6/1/2009 1:14 AM
Modified: 5/31/2009 8:31 AM
Company: [no info]
D:\RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com - process is either not running or could not be terminated
D:\RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com - READ-ONLY, HIDDEN and SYSTEM file attributes removed
D:\RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com - file renamed to: D:\RECYCLER\S-8-8-83-100007212-100007398-100019333-6809.com.vir
D:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
D:\autorun.inf - file renamed to: D:\autorun.inf.vir
----------
--------------------
Desktop Wallpaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
66985 bytes
Created: 5/23/2009 4:13 PM
Modified: 5/23/2009 4:13 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
66985 bytes
Created: 5/23/2009 4:13 PM
Modified: 5/23/2009 4:13 PM
Company: [no info]
----------
DNS Server information:
Interface: Marvell TOPDOG (TM) PCI-Express 802.11n Wireless (EC85)
NameServers: 85.255.112.8,85.255.112.156
Rogue DNS NameServer: 85.255.112.8,85.255.112.156
[85.255.112.8,85.255.112.156] - Rogue DNS Nameserver entry removed
Interface: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
NameServers: 85.255.112.8,85.255.112.156
Rogue DNS NameServer: 85.255.112.8,85.255.112.156
[85.255.112.8,85.255.112.156] - Rogue DNS Nameserver entry removed
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
2:30:02 PM: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
62976 bytes
Created: 11/2/2006 3:33 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
7680 bytes
Created: 11/2/2006 3:33 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\wininit.exe
95744 bytes
Created: 11/2/2006 3:44 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\AVG\AVG8\avgrsx.exe
486680 bytes
Created: 5/7/2009 1:21 PM
Modified: 5/21/2009 12:01 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Windows\system32\winlogon.exe
308224 bytes
Created: 11/2/2006 3:44 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\services.exe
279552 bytes
Created: 11/2/2006 3:35 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
7680 bytes
Created: 11/2/2006 3:43 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
210944 bytes
Created: 11/2/2006 4:02 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
22016 bytes
Created: 11/2/2006 3:35 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SLsvc.exe
2605568 bytes
Created: 11/26/2007 4:12 PM
Modified: 11/26/2007 4:12 PM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
124928 bytes
Created: 11/2/2006 4:15 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
83456 bytes
Created: 11/2/2006 3:39 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskeng.exe
166400 bytes
Created: 11/2/2006 3:41 AM
Modified: 11/2/2006 4:45 AM
Company: Microsoft Corporation
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchIndexer.exe
287744 bytes
Created: 11/2/2006 7:34 AM
Modified: 11/2/2006 7:34 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskeng.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchProtocolHost.exe
204288 bytes
Created: 11/2/2006 7:34 AM
Modified: 11/2/2006 7:34 AM
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
245248 bytes
Created: 11/2/2006 3:41 AM
Modified: 11/2/2006 4:46 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3007352
[This is a Trojan Remover component]
--------------------
C:\Windows\system32\SearchFilterHost.exe
76288 bytes
Created: 11/2/2006 7:34 AM
Modified: 11/2/2006 7:34 AM
Company: Microsoft Corporation
--------------------

************************************************************
2:30:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 2:30:06 PM 07 Jun 2009
Total Scan time: 00:01:27
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
6/7/2009 2:30:09 PM: restart commenced
************************************************************


Report •

#20
June 7, 2009 at 13:11:15
Follow: Response Number 4

-------------------------------------------------


Report •

#21
June 7, 2009 at 13:22:34
okay cool. im gettin ready to do that now. is "trojan remover" not that strong of a program?

Report •

#22
June 7, 2009 at 17:30:56
sorry if its taking a awhile. the scan is at only 30% and its been almost 4 hours. its gonna be a little bit! so far its found:

detected: Trojan program Trojan.Win32.Tdss.afdt File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp.

this is all so far. thank you for your patience


Report •

#23
June 7, 2009 at 18:03:46
Yes scan will take some time trojan remover is not a full blown AV. It has limited scope of detection.

-------------------------------------------------


Report •

#24
June 8, 2009 at 05:51:22
Scan
----
Scanned: 1278910
Detected: 1
Untreated: 0
Start time: 6/7/2009 3:41:25 PM
Duration: 15:29:27
Finish time: 6/8/2009 7:10:52 AM


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Tdss.afdt File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp


Events
------
Time Name Status Reason
---- ---- ------ ------
6/7/2009 5:36:35 PM File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp detected Trojan program 'Trojan.Win32.Tdss.afdt'
6/7/2009 5:36:35 PM File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp not disinfected postponed
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/agntcons.vbs password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/agntlang.vbs password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/comctl.lpk password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/config.ini password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/pbar.vbs password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/UnInsStr.vbs password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/uninst.vbs password protected
6/7/2009 9:17:39 PM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/uninstall.htm password protected
6/7/2009 11:26:01 PM File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp detected Trojan program 'Trojan.Win32.Tdss.afdt'
6/7/2009 11:26:01 PM File: C:\Users\user\AppData\Local\Temp\tmp3BBB.tmp not disinfected postponed
6/8/2009 1:09:55 AM File: C:\Users\user\Desktop\Movies to Watch\Standup\Katt Williams Collection\Katt Williams Collection\klmcodec390.exe//file289 password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/agntcons.vbs password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/agntlang.vbs password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/comctl.lpk password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/config.ini password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/pbar.vbs password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/UnInsStr.vbs password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/uninst.vbs password protected
6/8/2009 3:23:26 AM File: D:\i386\Apps\App000449\Apps\MSC\msclgmis.cab/screm.ui/uninstall.htm password protected
6/8/2009 3:42:26 AM File: c:\users\user\appdata\local\temp\tmp3bbb.tmp detected Trojan program 'Trojan.Win32.Tdss.afdt'
6/8/2009 7:10:52 AM File: c:\users\user\appdata\local\temp\tmp3bbb.tmp deleted


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 1278910 1 0 1 0 12753 2706 580 14
System memory 3262 0 0 0 0 0 0 0 0
Startup objects 796 0 0 0 0 0 65 0 0
Disk boot sectors 5 0 0 0 0 0 0 0 0
Documents 587 0 0 0 0 6 0 0 0
Mail databases 0 0 0 0 0 0 0 0 0
Computer 611184 1 0 1 0 6466 1353 290 7
Local Disk (C:) 579398 0 0 0 0 5217 1143 282 6
Recovery (D:) 83678 0 0 0 0 1064 145 8 1
DVD RW Drive (E:) 0 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search Yes
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Trojan.Win32.Tdss.afdt c:\users\user\appdata\local\temp\tmp3bbb.tmp 26 KB


Report •

#25
June 8, 2009 at 05:53:40
Is your orignal problem fixed?

-------------------------------------------------


Report •

#26
June 8, 2009 at 19:54:17
yes it is. everything seems to be fine now. thank you very much. your awesome. i do have another question:
how do i have certain programs and services stop loading at startup permanently without having to run msconfig?

Report •

#27
June 8, 2009 at 20:03:25
Well msconfig is easiest spybot search and destroy does it aswell. You might also want to run malwarebytes and superantispyware to fix left overs.

-------------------------------------------------


Report •

#28
June 8, 2009 at 20:08:49
good deal. thanks again.

Report •


Ask Question