Posted 26 January 2011 - 01:50 PM
My father in law's Toshiba Satellite 2.5 ghz with Windows XP Home has been causing him problems. He had Norton complaining that he has a Trojan. He ran a flurry of antivirus/malware software without apparent success (he uninstalled all antivirus/malware software since, including the logs). I've ran the Norton removal tool, turned off every startup program in msconfig, installed Microsoft Security Essentials, ran it only finding cookies, disabled cd emulation software with defogger (didn't need to restart after so I guess none was installed). The internet is disconnected (pulled out usb wifi adapter).
Microsoft Security essentials real-time protection disabled during all scans.
DDS gets 51 colons in and freezed, I left it alone for 20 mins without any more progress, mouse still moves with busy cursor but nothing is clickable and there is no hard drive activity, had to hard reset.
Ran rkill which closed my explorer windows and the resulting log shows nothing was terminated, ran DDS again and the same thing, get far then no more progress, no hdd activity and I had to manually power off/on again.
Ran GMER and it freezes after I click scan showing Sections: C:/WINDOWS/system32/drivers/ftdisk.sys.
Rebooted into safe mode, logged in as the normal user.
DDS did the same thing again, looks like its complete then hangs the computer.
Ran GMER from safemode again and this time it get stuck after I hit scan showing Sections: C:/WINDOWS/system32/ntoskrnl.exe.
I tried re-enabling Microsoft Security Essentials real-time protection but it timed out unable to start, I ran rkill which killed no prosesses according to the log, after explorer reloaded Security Essentials claimed the real-time protection was enabled. I ran DDS again, same thing, only mouse movement and no reaction after it seems to be done scanning.
I was able to backup all outlook data fine (most programs seem to run, albeit very slowly) and rebooted into a Ubuntu live cd and backed up all pics/media to a usb stick.
Sorry no logs to post, I wasn't sure which forum to post this in.