BleepingComputer.com: Boot.Tidserv Norton Cannot Remove

B-boy/StyLe/, on 24 May 2011 - 10:00 AM, said:

Okay here is the information for this.


SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: aspnet_state
DISPLAY_NAME: ASP.NET State Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: astcc
DISPLAY_NAME: AST Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CertPropSvc
DISPLAY_NAME: Certificate Propagation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: clr_optimization_v2.0.50727_32
DISPLAY_NAME: Microsoft .NET Framework NGEN v2.0.50727_X86
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: clr_optimization_v4.0.30319_32
DISPLAY_NAME: Microsoft .NET Framework NGEN v4.0.30319_X86
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: COMSysApp
DISPLAY_NAME: COM+ System Application
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DFSR
DISPLAY_NAME: DFS Replication
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dot3svc
DISPLAY_NAME: Wired AutoConfig
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EapHost
DISPLAY_NAME: Extensible Authentication Protocol
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ehRecvr
DISPLAY_NAME: Windows Media Center Receiver Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ehSched
DISPLAY_NAME: Windows Media Center Scheduler Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ehstart
DISPLAY_NAME: Windows Media Center Service Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: hkmsvc
DISPLAY_NAME: Health Key and Certificate Management
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: IDriverT
DISPLAY_NAME: InstallDriver Table Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: idsvc
DISPLAY_NAME: Windows CardSpace
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: IPBusEnum
DISPLAY_NAME: PnP-X IP Bus Enumerator
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: KeyIso
DISPLAY_NAME: CNG Key Isolation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lltdsvc
DISPLAY_NAME: Link-Layer Topology Discovery Mapper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Mcx2Svc
DISPLAY_NAME: Windows Media Center Extender Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MSDTC
DISPLAY_NAME: Distributed Transaction Coordinator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MSiSCSI
DISPLAY_NAME: Microsoft iSCSI Initiator Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: msiserver
DISPLAY_NAME: Windows Installer
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: napagent
DISPLAY_NAME: Network Access Protection Agent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netlogon
DISPLAY_NAME: Netlogon
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: NetTcpPortSharing
DISPLAY_NAME: Net.Tcp Port Sharing Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: odserv
DISPLAY_NAME: Microsoft Office Diagnostics Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ose
DISPLAY_NAME: Office Source Engine
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: p2pimsvc
DISPLAY_NAME: Peer Networking Identity Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: p2psvc
DISPLAY_NAME: Peer Networking Grouping
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: pla
DISPLAY_NAME: Performance Logs & Alerts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PNRPAutoReg
DISPLAY_NAME: PNRP Machine Name Publication Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PNRPsvc
DISPLAY_NAME: Peer Name Resolution Protocol
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: QWAVE
DISPLAY_NAME: Quality Windows Audio Video Experience
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasAuto
DISPLAY_NAME: Remote Access Auto Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteAccess
DISPLAY_NAME: Routing and Remote Access
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcLocator
DISPLAY_NAME: Remote Procedure Call (RPC) Locator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SCardSvr
DISPLAY_NAME: Smart Card
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SCPolicySvc
DISPLAY_NAME: Smart Card Removal Policy
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SDRSVC
DISPLAY_NAME: Windows Backup
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ServiceLayer
DISPLAY_NAME: ServiceLayer
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SessionEnv
DISPLAY_NAME: Terminal Services Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SLUINotify
DISPLAY_NAME: SL UI Notification Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SNMPTRAP
DISPLAY_NAME: SNMP Trap
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: swprv
DISPLAY_NAME: Microsoft Software Shadow Copy Provider
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TBS
DISPLAY_NAME: TPM Base Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: THREADORDER
DISPLAY_NAME: Thread Ordering Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: UI0Detect
DISPLAY_NAME: Interactive Services Detection
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: vds
DISPLAY_NAME: Virtual Disk
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: VSS
DISPLAY_NAME: Volume Shadow Copy
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wcncsvc
DISPLAY_NAME: Windows Connect Now - Config Registrar
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WcsPlugInService
DISPLAY_NAME: Windows Color System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WdiServiceHost
DISPLAY_NAME: Diagnostic Service Host
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Wecsvc
DISPLAY_NAME: Windows Event Collector
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wercplsupport
DISPLAY_NAME: Problem Reports and Solutions Control Panel Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WinDefend
DISPLAY_NAME: Windows Defender
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WinRM
DISPLAY_NAME: Windows Remote Management (WS-Management)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Wlansvc
DISPLAY_NAME: WLAN AutoConfig
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wmiApSrv
DISPLAY_NAME: WMI Performance Adapter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WPCSvc
DISPLAY_NAME: Parental Controls
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WPFFontCache_v0400
DISPLAY_NAME: Windows Presentation Foundation Font Cache 4.0.0.0
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

The Kaspersky Log will be posted shortly.

B-boy/StyLe/, on 24 May 2011 - 10:00 AM, said:

Okay, this has lessened my worries. My main worries were just my emails such as Facebook, Hotmail etc becoming comprimised. Can this type of virus let something like a keylogger into my system, and if it does, would my Norton 360 still notify me of a virus attack, or would this bootkit prevent it from knowing?

And if I do decide to do a 100% clean wipe, can I still take the things (videos, music, etc) from this computer to my new one, or is everything on the computer unsafe now?

Hi alza6991,



It seems that the Event Log service is working.


However I noticed that some dependencies service are stopped.
Ok please do this:

Hit the Windows key + r on your keyboard -> type services.msc in the open line. Scroll down to SNMP Trap -> Double click on the service -> Change Startup type to Manual.

Now scroll down to Windows Event Collector -> Double click on the service -> Change Startup type to Manual.

Next please hit the Windows key + r on your keyboard and type:

eventvwr.msc

Event Viewer will open. Click on Custom Views > Administrative Events. Look at Errors only and post them in your next reply. To to this please doubleclick on the Event, click on the General tab and click on "Copy" and paste the information into a new document (if more than one error) and then post it here.

alza6991, on 25 May 2011 - 01:31 AM, said:

Ok, I will wait for it.

alza6991, on 25 May 2011 - 01:37 AM, said:

I can't be sure if they could be compromised and that's why I recommended you to change all of your passwords (just in case). Since I don't use Norton I don't know how strong is it against keyloggers.
The newest version of PrivateFirewall or Online Armor provide a good protection against them. However it can be a bit complicated if you are newbie in firewall configuration...Mamutu can detect keylogggers as well and it's easier to use. Keep in mind that you can receive pop-ups from legitimate applications too because sometimes even legitimate software may look malicious. It's up to you to determine if the application is a good one (if you know it it's probably a good one).

Remember - don't install both of them. They do have similar characteristics.


And yes you can move all of your data from your old PC to your new one, but let me see the Kaspersky report first.
Also it's a good idea to use Flash_Desinfector to protect your clean computer.

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Keep in mind that some antiviruses recognize it as a malware but it is false positive.



Regards,
Georgi

B-boy/StyLe/, on 25 May 2011 - 03:55 AM, said:

Hello, both those services are already on manual.
And how far back do you want me to go for the errors? Since the beggining of 2011, there are over 1000 error logs.

B-boy/StyLe/, on 25 May 2011 - 03:55 AM, said:

Okay thankyou. But what I was trying to ask (maybe my wording wasn't the best) was that does this keylogger prevent my antivirus (Norton 360) from knowing If a new virus enters my system through a back door (Not specifically a keylogger, but just a virus in general, or the types of viruses that usually get sent through back doors).

Regards,
Alza6991

alza6991, on 25 May 2011 - 04:43 AM, said:

Since the service is working, there is no need to post these logs for me. You can take a look on one of these error logs with different Event ID number for the last few days to see what is going on with the system. You can skip the rest with equal ID number as they should be the same. But don't worry, it's normal to have a such amount of errors in it, so nothing to worry about. This is happening with every computer.

alza6991, on 25 May 2011 - 04:43 AM, said:

Well, the rootkit can employ one or more methods to cover its presence. Once a rootkit is installed on a computer it often disables major anti-malware programs making them unusable, it can try to download a new piece of malware and also other viruses can use it to stay undetected. Since the rootkit is gone, Norton may possibly be able to pick up the most of the infections in the wild. No antivirus software offers 100% protection. To be honest an antivirus is not enough nowadays. That's why I highly recommend you to use a behavior blocker software like the freeware PC Tools ThreatFire or the shareware Emsisoft Mamutu. They don't rely on signature technology and don't require updating every time when a new threat occurs. They are designed to protect your computer against unknown malware by intelligently detecting and blocking possible malware like activity using behavior analysis. They are fully compatible with your AV solution, adding additional layer of security for your PC. They are very light and simple to use. Keep in mind that If you install programs often, then you can receive annoying pop-ups from these applications because sometimes even legitimate software may look malicious as I already said above.
However it can be a bit complicated if you are aren't skilled in this kind of software usage. If you encounter any troubles with PC Tools ThreatFire or Emsisoft Mamutu, please uninstall them.
Remember - don't install both of them. They do have similar characteristics.



Regards,
Georgi

Hello, I am having a bit of trouble uploading the Kaspersky Log. It is a 130 MB file and seems to crash my browser whenever I try to paste the contents.

What do you recommend?

Also, I am still a student at school and unable to pay for the programs, so which ones do you recommend that are free (and also compatible with my Norton 360)?

Threatfire? Online Armour FREE? Private Firewall? Or some other one?

Please recommend what you think is best, and I know my general way around a computer, so it doesn't have to be the most user friendly program, if there is a better one that is a little bit more complicated.

Regards, alza6991

Hi alza6991,

Quote

Lol...what a huge log. Does the scan detected anything ? If so could you please post ONLY the detected items ?
If you are unable to open it, we can try a different scanner that should be a little lighter and faster.

Quote

I forgot that you use Norton 360. Norton 360 is not only antivirus software, but also includes firewall protection, Insight, SONAR technology etc. This application offer many pro-active features so you can skip this step.



Regards,
Georgi

The Log did not detect anything, all files were posted as OK, except for some files because they were either:

Password Protected
Packed: ASPack
Packed: ASProtect
Packed: Com100
Packed: Com2Exe
Packed: ExePack
Packed: JSPack
Packed: MIME.Broken
Packed: Molebox
Packed: PECompact
Packed: PE_Patch
Packed: PE_Patch.PECompact
Packed: PE_Patch.RLPack
Packed: PE_Patch.Stolen
Packed: PecBundle
Packed: PkLite
Packed: Swf2Swc
Packed: Yoda
Packed: WiseSFXDropper
Packed: UPX

Not Processed (Access Denied) - C:\System Volume Information
Not Proccessed (Locked) - C:\pagefile.sys

Archive: arch
Archive: ZIP
Archive: WiseSFX
Archive: Tar
Archive: Rsrc-Package
Archive: RAR
Archive: PDF
Archive: NSIS
Archive: MacBinary
Archive: MSExpand
Archive: LZMA
Archive: InstallShield
Archive: Inno
Archive: ISOimage
Archive: ISC
Archive: GZIP
Archive: EmbeddedHTML
Archive: EmbeddedEXE
Archive: EmbeddedBase64
Archive: Embedded
Archive: CabSfx
Archive: CabSFX
Archive: CHM
Archive: CAB
Archive: BZIP2
Archive: 7-Zip

Advise where to go from here.

Regards,
alza1996

Hi alza6991,


Ok, let's try a different scanner instead. The below scan can take up to an hour or longer, please be patient.



I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology


• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

Regards,
Georgi

Here is the results from the ESET Online Scanner

C:\Users\Alen\Documents\Downloaded Files\Gaming\PC\Games\Cracked\Bulletstorm.iso a variant of Win32/Packed.VMProtect.AAD trojan
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\FLVSetupProgram.exe Win32/Adware.FlvDirect.AB.Gen application
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\sv.moviestudio.pe.10.0.179.exe Win32/AdClicker.NAL trojan
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\Keygen\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.AR application
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeAudioCDtoMP3Converter.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeAudioDub.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeDiscBurner.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeDVDDecrypter.exe Win32/Adware.ADON application
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeDVDVideoBurner.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeDVDVideoConverter.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeStudio.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeVideoDub.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeVideoToDVDConverter.exe multiple threats
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Other\DVD Video Soft\FreeYouTubeToMp3Converter.exe multiple threats

Please advise where to go from here.

Regards,
alza6991

Hi alza6991,



The logs looks good to me.


I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection:

C:\Users\Alen\Documents\Downloaded Files\Gaming\PC\Games\Cracked\Bulletstorm.iso a variant of Win32/Packed.VMProtect.AAD trojan
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\FLVSetupProgram.exe Win32/Adware.FlvDirect.AB.Gen application
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\sv.moviestudio.pe.10.0.179.exe Win32/AdClicker.NAL trojan
C:\Users\Alen\Documents\Downloaded Files\Software and Hardware\Full Suite Programs\Sony Vegas Movie Studio HD Platinum v10.0.179\Keygen\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.AR application

I have some final words for you.



All Clean



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean



STEP 1 CLEANUP



1. To remove all of the tools we used and the files and folders they created, please do the following:



Please reopen on your desktop.

In the upper right click CleanUp



This will delete OTL and will clean up after it.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.



2. Clean the temp folders:



Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.





STEP 2 SECURITY ADVICES



I suggest you to uninstall uTorrent as well !

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software





Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
  
• Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
  
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  
• Click on Continue.
  
• Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 22)
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")

Keep your antivirus software turned on and up-to-date

• Make sure your antivirus software is turned on and up-to-date.
  
• New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note:
  
• You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
• You should scan your computer with an AntiSpyware program (Malwarebytes' Anti-Malware) on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan.

Visit Microsoft's Windows Update Site Frequently



It is important that you visit Windows Update regularly.

This will ensure your computer has always the latest security updates available installed on your computer.

If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.

Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.

You can check these by scanning with Secunia Software Inspector.





Practice Safe Internet



One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  
  
  
• If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  
  
  
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  
  
  
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
  
  Foistware, And how to avoid it.
  
  There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  
  
  
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  
  
  
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  
  
  
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  
  
  
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  
  
  
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  
  
  
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Don't use pirated software !!!



Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!





Create an image of your system



It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://www.macrium.com/tutorial.asp

Be sure to read the tutorial first.



Follow this list and your potential for being infected again will reduce dramatically.



STEP 3 IMPROVE YOUR PC PERFORMANCE



Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.



Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.





You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster



Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.





Use MSConfig to disable any processes that you do not want running in the background of the computer.



Please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.



Safe Surfing !



Regards,
Georgi

B-boy/StyLe/, on 28 May 2011 - 01:41 PM, said:

Yes I will remove those immediately. Norton 360 did not say that they were infected, but I am not going to take the chance.
For the record, I did not use those above programs on this computer anyway. The only reason I have them on here is that this hard drive is 1TB. I have another hardrive (which I hot-swap between slide-out hard drive racks) which has Windows 7 and is never connected to the internet, for the use of those programs.

So is it safe just to click on the entire folder and press 'delete' key?

B-boy/StyLe/, on 28 May 2011 - 01:41 PM, said:

Just to be clear:
1. Can the program (uTorrent) itself give you a virus if it is open, but there are no active torrents?
2. Can you get a virus WHILE the torrent is downloading, or just from the finished downloaded item itself?
3. Can you get a virus from the finished downloaded item just by having it, or only if you open it?
4. Can you get a virus while uploading?

B-boy/StyLe/, on 28 May 2011 - 01:41 PM, said:

I'm on Windows Vista, still good?

B-boy/StyLe/, on 28 May 2011 - 01:41 PM, said:

So is it safe to create an image of this PC now? If there are remnants of the virus, won't they be saved in the image as well? Or have those new results changed your mind, and now you are sure that the virus is 100% gone?

B-boy/StyLe/, on 25 May 2011 - 03:55 AM, said:

So now that you've seen all the reports, is it safe to use this?
And can this utility be used more than once? (e.g I reformat my USB)?

And if I do accidentally delete the file that it places, what should I do?

B-boy/StyLe/, on 28 May 2011 - 01:41 PM, said:

Thankyou so much for this Georgi, I am really grateful for you service. This is an excellent website that I will recommend to everyone. I hope I do not have to come back, but if I do, at least I know that there is great service and I will always get the help that I need here

The final question: Is it 100% gone, or is your opinion that there are still remnants of it on the system?

Also, which ones out of the files should I delete and what should I keep:

Malwarebytes' Anti-Malware
mbam-setup
OTL
aswMBR
esetsmartinstaller_enu
SPTDinst-v178-x86
MBR.dat
setup_9.0.0.722_24.05.2011_00-18
TDSSKiller

Can I re-install Daemon Tools Lite, and SPTD for Windows 2000/XP/2003/Vista/Windows 7 (32 bit), do I reinstall it or leave it uninstalled.

Regards,
alza6991

Hello alza6991,

Yes I will remove those immediately. Norton 360 did not say that they were infected, but I am not going to take the chance.
For the record, I did not use those above programs on this computer anyway. The only reason I have them on here is that this hard drive is 1TB. I have another hardrive (which I hot-swap between slide-out hard drive racks) which has Windows 7 and is never connected to the internet, for the use of those programs.

Using a cracks is playing with fire though and it involves violating copyright law BC doesn't support it and I can't comment on that if that is the case.

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems, so my advice is;

Stay away from them!

So is it safe just to click on the entire folder and press 'delete' key?

Yes, and then empty the Recycle Bin.

Just to be clear:
1. Can the program (uTorrent) itself give you a virus if it is open, but there are no active torrents?

-No.

2. Can you get a virus WHILE the torrent is downloading, or just from the finished downloaded item itself?
3. Can you get a virus from the finished downloaded item just by having it, or only if you open it?
4. Can you get a virus while uploading?

-In the most cases the malware shouldn't be able to infect you, unless you actually install it yourself.
That's why scan any downloads using an updated antivirus software or virustotal to detect possible infections before you're able to execute them.

I'm on Windows Vista, still good?

My fault - I apologize - Please use Disk Cleanup as I mentioned above instead.

So is it safe to create an image of this PC now? If there are remnants of the virus, won't they be saved in the image as well? Or have those new results changed your mind, and now you are sure that the virus is 100% gone?

Sorry - I needed to clarify that. What I meant is to keep in mind to use Macrium to create an image the next time you rebuild your system from scratch (not now).

So now that you've seen all the reports, is it safe to use this?

Yes, it's perfectly safe to use it. Flash_Desinfector is a program designed and developed by sUBs (author of combofix) to clean autorun.inf trojans that are running on the system.

And can this utility be used more than once? (e.g I reformat my USB)?

Yes, Insert the next flash drive and repeat the procedure...

And if I do accidentally delete the file that it places, what should I do?

I really doubt that you will be able to delete the created folder...but if so, simple re-run the tool.

The final question: Is it 100% gone, or is your opinion that there are still remnants of it on the system?

That's why I said:

Quote

Also, which ones out of the files should I delete and what should I keep:

Malwarebytes' Anti-Malware => keep it (You should scan your computer with an AntiSpyware program (Malwarebytes' Anti-Malware) on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan).

mbam-setup => this is the Malwarebytes' Installer, so I suggest you to keep it be able to re-install it when needed.

OTL => this should be gone when you uninstall it.

aswMBR => delete this

MBR.dat => this is the mbr backup created by the tool above => delete it

esetsmartinstaller_enu => delete it and Uninstall ESET online scanner from Add/Remove Programs via the Control Panel.

SPTDinst-v178-x86 => delete this

setup_9.0.0.722_24.05.2011_00-18 => delete it

TDSSKiller => delete it

Can I re-install Daemon Tools Lite, and SPTD for Windows 2000/XP/2003/Vista/Windows 7 (32 bit), do I reinstall it or leave it uninstalled.

Yes, you can.



Regards,
Georgi

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.



Everyone else please start a new topic!