Results 1 to 6 of 6

Thread: Gift.Load

  1. #1
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Question Gift.Load

    I have read and followed all instructions as per “BEFORE You POST.”

    Here's my story...last night I was surfing the internet and randomly there was a warning pop-up from Avast, saying a possible threat was found and blocked. Ever since then I have been experiencing problems with my laptop. Within a couple minutes of this pop-up, my computer randomly shut off. I ran spybot and found one typical tracking cookie, as well as an infection called Gift.Load. It successfully deleted it. I ran spybot one more time and it appeared again, and was "successfully" deleted once more. Since then I have ran spybot 2 more times, both have come up clean. I ran a scan with Avast which came up clean. I also ran a full scan using Malwarebytes and found one infection which was successfully deleted. I ran it once more to be sure and it came up clean.

    HOWEVER, I am still experiencing some weird problems. Some of the time, websites will redirect or completely fail to load. Websites I have been on before and been fine are now sometimes blocked saying it is a malicious URL (this has happened for several sites). Another strange thing is that when I am not even on the internet, I will get Avast pop-ups saying “MALICIOUS URL BLOCKED Infection: URL Mal, Process: C:\WINDOWS\System32\svchost.exe”





    Here is my DDS log





    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Owner at 21:32:30.12 on Wed 04/13/2011
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.310 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UsbBootWatcher.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\f2fqf2e6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-22 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-22 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-22 40384]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-12 54760]
    R2 UsbBootWatcher;Usb Boot Watcher Service;c:\windows\system32\UsbBootWatcher.exe [2010-6-16 119808]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-6-17 113664]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
    S0 cvggvbc;cvggvbc;c:\windows\system32\drivers\dkrjpua.sys --> c:\windows\system32\drivers\dkrjpua.sys [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    .
    =============== Created Last 30 ================
    .
    2011-04-13 16:46:11 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2011-04-13 16:45:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-13 16:45:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-13 16:45:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-13 16:45:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-08 17:06:02 49152 ----a-w- c:\program files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    2011-04-08 17:06:02 135168 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-08 17:06:00 8704 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-04-08 17:06:00 774144 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-04-08 17:06:00 720896 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-04-08 17:06:00 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-04-08 17:06:00 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-04-08 17:06:00 1867776 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-04-08 17:06:00 135168 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-03-19 12:05:34 -------- d-----w- c:\docume~1\owner\applic~1\Dropbox
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600BEVT-60ZCT1 rev.13.01A13 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86524439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8652a7d0]; MOV EAX, [0x8652a84c]; PUSH EBX; PUSH ESI; MOV ESI,
    [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x865A5AB8]
    3 CLASSPNP[0xF75D8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x864A7030]
    \Driver\atapi[0x8655A440] -> IRP_MJ_CREATE -> 0x86524439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV
    CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-60ZCT1___________________13.01A13#5&982e772&0&0.0.0#{53f56307-b6bf-11d0-94f2-
    00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8652427F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 21:34:05.03 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi amr815,

    Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.


    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
    • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


    Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. This kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.


    If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

    • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
      paypal, ebay, etc. You should also change the passwords for any other site you use.
    • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
      credit card information may have been stolen and ask what steps to take with regard to your account.
    • Consider what other private information could possibly have been taken from your computer and take appropriate steps


    Please read the following for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    What Should I Do If I've Become A Victim Of Identity Theft?
    Identity Theft Victims Guide - What to do



    Although the TDSS infection can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that if this type of malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

    When should I re-format? How should I reinstall?
    Where to draw the line? When to recommend a format and reinstall?

    Note: Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help.


    Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post. If you decide you want to try and clean your PC then please continue with the following instructions:


    Please download TDSSKiller from one of the following mirrors and save it in your desktop:

    This is THE Mirror

    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and
      paste the contents of that file here.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  3. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default

    Thank you very much for the help.

    Ideally I would like to wipe everything out to avoid future risk, but with finals at school I simply don't have the time to do that at least for the next couple of weeks. I think my plan will be to repair it for now just so I can access files to study on this laptop, and then wipe it out in a few weeks time. Another idea I had was just avoiding this computer altogether until I can wipe it out (in case it ends up crashing and deleting all of my files or something in the mean time). However I do have files on here that I need to have access to. How can I transfer them to another computer without running the risk of infecting that one as well? Some files are fine since I can simply copy & paste the text into an email and send to myself, however I'm concerned about power point files, photos, etc.




    2011/04/15 15:45:58.0515 0692 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/15 15:45:58.0984 0692 ================================================================================
    2011/04/15 15:45:58.0984 0692 SystemInfo:
    2011/04/15 15:45:58.0984 0692
    2011/04/15 15:45:58.0984 0692 OS Version: 5.1.2600 ServicePack: 3.0
    2011/04/15 15:45:58.0984 0692 Product type: Workstation
    2011/04/15 15:45:58.0984 0692 ComputerName: AMANDASNETBOOK
    2011/04/15 15:45:58.0984 0692 UserName: Owner
    2011/04/15 15:45:58.0984 0692 Windows directory: C:\WINDOWS
    2011/04/15 15:45:58.0984 0692 System windows directory: C:\WINDOWS
    2011/04/15 15:45:58.0984 0692 Processor architecture: Intel x86
    2011/04/15 15:45:58.0984 0692 Number of processors: 2
    2011/04/15 15:45:58.0984 0692 Page size: 0x1000
    2011/04/15 15:45:58.0984 0692 Boot type: Normal boot
    2011/04/15 15:45:58.0984 0692 ================================================================================
    2011/04/15 15:45:59.0703 0692 Initialize success
    2011/04/15 15:46:04.0359 2980 ================================================================================
    2011/04/15 15:46:04.0359 2980 Scan started
    2011/04/15 15:46:04.0359 2980 Mode: Manual;
    2011/04/15 15:46:04.0359 2980 ================================================================================
    2011/04/15 15:46:06.0109 2980 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/04/15 15:46:06.0328 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/15 15:46:06.0375 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/04/15 15:46:06.0468 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/15 15:46:06.0531 2980 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
    2011/04/15 15:46:06.0609 2980 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/15 15:46:06.0953 2980 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/04/15 15:46:07.0000 2980 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/04/15 15:46:07.0062 2980 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/04/15 15:46:07.0093 2980 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/04/15 15:46:07.0140 2980 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/04/15 15:46:07.0218 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/15 15:46:07.0250 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/15 15:46:07.0328 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/15 15:46:07.0406 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/15 15:46:07.0593 2980 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/04/15 15:46:07.0687 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/15 15:46:07.0765 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/15 15:46:07.0812 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/04/15 15:46:07.0937 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/15 15:46:07.0984 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/15 15:46:08.0062 2980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\drivers\Cdrom.sys
    2011/04/15 15:46:08.0203 2980 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/04/15 15:46:08.0281 2980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/04/15 15:46:08.0640 2980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/15 15:46:08.0734 2980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/15 15:46:08.0796 2980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/15 15:46:08.0859 2980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/15 15:46:08.0937 2980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/15 15:46:09.0046 2980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/15 15:46:09.0156 2980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/15 15:46:09.0203 2980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/04/15 15:46:09.0234 2980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/15 15:46:09.0265 2980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/04/15 15:46:09.0343 2980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/04/15 15:46:09.0437 2980 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2011/04/15 15:46:09.0484 2980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/15 15:46:09.0546 2980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/15 15:46:09.0578 2980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/15 15:46:09.0656 2980 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/04/15 15:46:09.0796 2980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/15 15:46:10.0000 2980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/04/15 15:46:10.0312 2980 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/04/15 15:46:10.0656 2980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
    2011/04/15 15:46:10.0843 2980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/04/15 15:46:10.0890 2980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/04/15 15:46:10.0953 2980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/15 15:46:11.0000 2980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/15 15:46:11.0062 2980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/15 15:46:11.0140 2980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/15 15:46:11.0187 2980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/15 15:46:11.0296 2980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/15 15:46:11.0375 2980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/15 15:46:11.0468 2980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/15 15:46:11.0515 2980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/15 15:46:11.0578 2980 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
    2011/04/15 15:46:11.0781 2980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/15 15:46:11.0843 2980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/15 15:46:11.0890 2980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/15 15:46:11.0921 2980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/15 15:46:12.0000 2980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/15 15:46:12.0078 2980 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/15 15:46:12.0156 2980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/15 15:46:12.0234 2980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/15 15:46:12.0296 2980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/15 15:46:12.0328 2980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/15 15:46:12.0421 2980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/15 15:46:12.0500 2980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/04/15 15:46:12.0531 2980 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/15 15:46:12.0578 2980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/04/15 15:46:12.0671 2980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/15 15:46:12.0734 2980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/04/15 15:46:12.0796 2980 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/15 15:46:12.0875 2980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/15 15:46:12.0906 2980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/15 15:46:12.0984 2980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/15 15:46:13.0031 2980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/15 15:46:13.0093 2980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/15 15:46:13.0218 2980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/15 15:46:13.0312 2980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/15 15:46:13.0437 2980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/15 15:46:13.0578 2980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/15 15:46:13.0609 2980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/15 15:46:13.0687 2980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/04/15 15:46:13.0718 2980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/15 15:46:13.0781 2980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/15 15:46:13.0828 2980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/15 15:46:13.0921 2980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/04/15 15:46:14.0015 2980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/04/15 15:46:14.0343 2980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/15 15:46:14.0406 2980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/15 15:46:14.0453 2980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/15 15:46:14.0703 2980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/15 15:46:14.0750 2980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/15 15:46:14.0796 2980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/15 15:46:14.0843 2980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/15 15:46:14.0890 2980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/15 15:46:14.0937 2980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/15 15:46:15.0031 2980 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/15 15:46:15.0140 2980 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2011/04/15 15:46:15.0171 2980 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/04/15 15:46:15.0218 2980 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/04/15 15:46:15.0375 2980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/15 15:46:15.0453 2980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/04/15 15:46:15.0578 2980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/15 15:46:15.0703 2980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/04/15 15:46:15.0796 2980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/15 15:46:15.0875 2980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/15 15:46:15.0953 2980 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/15 15:46:16.0093 2980 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
    2011/04/15 15:46:16.0218 2980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/04/15 15:46:16.0281 2980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/15 15:46:16.0328 2980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/15 15:46:16.0640 2980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/15 15:46:16.0750 2980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/15 15:46:16.0812 2980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/15 15:46:16.0875 2980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/15 15:46:16.0953 2980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/15 15:46:17.0093 2980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/15 15:46:17.0203 2980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/15 15:46:17.0312 2980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/15 15:46:17.0390 2980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/15 15:46:17.0437 2980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/15 15:46:17.0531 2980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/15 15:46:17.0578 2980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/15 15:46:17.0625 2980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/04/15 15:46:17.0656 2980 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/04/15 15:46:17.0718 2980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/15 15:46:17.0781 2980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/15 15:46:17.0859 2980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/15 15:46:17.0968 2980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/15 15:46:18.0093 2980 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/04/15 15:46:18.0187 2980 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
    2011/04/15 15:46:18.0234 2980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/04/15 15:46:18.0375 2980 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/15 15:46:18.0375 2980 ================================================================================
    2011/04/15 15:46:18.0375 2980 Scan finished
    2011/04/15 15:46:18.0375 2980 ================================================================================
    2011/04/15 15:46:18.0406 2568 Detected object count: 1
    2011/04/15 15:46:42.0312 2568 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/15 15:46:42.0312 2568 \HardDisk0 - ok
    2011/04/15 15:46:42.0312 2568 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/15 15:46:48.0609 2256 Deinitialize success

  4. #4
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default

    Just a quick update...I ran spybot one more time after the reboot, and it is still catching Click.GiftLoad (even though TDSS said it would be cured following the reboot).

    What do I do now? Is there any hope for a repair to hold me over til I have time to do a total wipe out, or is there too much damage to repair?

  5. #5
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi amr815,


    The infection is not completely removed yet. I will let you know you when you are ready to go.


    Please visit the following and have a look how you can disable your security software.

    How to disable your security programs

    After disabling your security programs, download Combofix from any of the links below and save it to your desktop.

    Link 1
    Link 2

    --------------------------------------------------------------------

    • Double click on Combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    If you need help, see this link:
    http://www.bleepingcomputer.com/comb...o-use-combofix
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  6. #6
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi amr815,


    Are you still with us?
    Last edited by tashi; 2011-06-17 at 20:15. Reason: Date of archive
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •