click.giftload infection

**Quindorian** · 2011-05-19, 19:55

Hello,

I suppose I have a click.giftload rootkit infection. I tried to remove, but it makes my pc restarting once or twice the first time after I restart. I have not found a way to remove it myself.

click.giftload is found by spybot, and it removes it, but comes back after restarting with some trouble.
I did found some other infections and removed them with the following programs: Malwarebytes, Avast, Panda Cloud, Spybot (of course) Threatfire, pctools antivirus, Glary utilities and Ccleaner.
Now running next to each other are avast, panda, threatfire and spybot -teatimer is off-

My pc is hindered but not impossible to use. Avast regularly stops svchost.exe from linking to bad hosts. Every now and then, Threatfire finds something he calls medium dangerous (other things that are, not svchost)

I couldn't find winzip, so I had to attach "attach.txt" normally.

Here's my DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ole at 19:33:42,90 on do 19/05/2011
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3326.1255 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: PC Tools AntiVirus Free *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools AntiVirus Free *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
C:\Windows\RtHDVCpl.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ole\Downloads\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.telenet.be
uDefault_Page_URL = hxxp://www.telenet.be
uWindow Title = Telenet Internet
mStart Page = hxxp://www.telenet.be
mDefault_Page_URL = hxxp://www.telenet.be
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [FujiKeyboard] c:\acer\preload\autorun\drv\fuji keyboard\ABoard.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup 2.0\bin\EuWatch.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
StartupFolder: c:\users\ole\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ole\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ole\appdata\roaming\mozilla\firefox\profiles\0rgkufor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\ole\appdata\roaming\mozilla\firefox\profiles\0rgkufor.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ole\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-4-10 31112]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-4-10 21896]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-10 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-10 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-10 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-5-2 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-5-2 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-20 307928]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-4-10 15240]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-10 233976]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2009-5-20 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-13 42184]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-10 337872]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-4-10 55688]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-20 1153368]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-4-10 188296]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-5-2 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 srv4B8;srv4B8;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [2011-1-6 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [2011-1-6 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [2011-1-6 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [2011-1-6 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [2011-1-6 111232]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-5-20 110576]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-5-10 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-5-10 1117144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-12 06:59:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-10 06:52:35 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-10 06:52:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-10 06:52:33 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-05-10 06:52:33 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-10 06:50:17 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-10 06:50:17 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-10 06:50:15 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-10 06:50:15 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-10 06:50:07 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-10 06:50:07 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-10 06:50:02 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-05-10 06:49:57 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-10 06:49:45 -------- d-----w- c:\program files\PC Tools Security
2011-05-10 06:49:45 -------- d-----w- c:\program files\common files\PC Tools
2011-05-06 22:16:05 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 22:16:04 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 22:16:04 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 22:16:04 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 22:16:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 22:16:03 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 22:16:02 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-02 14:40:57 -------- d-----w- c:\program files\ParetoLogic
2011-05-02 14:40:57 -------- d-----w- c:\program files\common files\ParetoLogic
2011-05-02 13:33:45 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-02 13:33:45 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-02 13:33:45 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-02 13:33:43 -------- d-----w- c:\program files\ThreatFire
2011-05-02 13:33:43 -------- d-----w- c:\progra~2\PC Tools
2011-05-02 08:51:06 -------- d-----w- c:\users\ole\appdata\roaming\Panda Security
2011-05-02 08:35:09 -------- d-----w- c:\users\ole\appdata\roaming\SurfSecret Privacy Suite
2011-05-02 08:34:52 -------- d-----w- c:\users\ole\appdata\local\panda2_0dn
2011-05-02 08:34:46 -------- d-----w- c:\progra~2\Panda Security URL Filtering
2011-05-02 08:33:46 -------- d-----w- c:\program files\Panda Security
2011-05-02 08:33:46 -------- d-----w- c:\progra~2\Panda Security
2011-05-02 08:32:48 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-04-27 17:58:21 -------- d-----w- c:\users\ole\appdata\roaming\Unity
2011-04-22 17:12:10 -------- d-----w- c:\users\ole\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-03-12 15:31:57 17408 ----a-w- c:\windows\START32.EXE
2011-03-12 15:31:55 9728 ----a-w- c:\windows\system32\rnaph.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874555D9]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8745b970]; MOV EAX, [0x8745b9ec]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82493912] -> \Device\Harddisk0\DR0[0x86F81820]
3 CLASSPNP[0x8B5A98B3] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x86E7E240]
5 PCTCore[0x82A1968B] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x86349700]
7 acpi[0x806436BC] -> ntkrnlpa!IofCallDriver[0x82493912] -> [0x85F13B20]
\Driver\nvstor32[0x8743FB78] -> IRP_MJ_CREATE -> 0x874555D9
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:40:30,27 ===============

I'll sure be gratefully if you could solve this.

Q

**ken545** · 2011-05-21, 03:08

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Besides Click. Giftload your infected with a nasty ROOTKIT

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

Then run this scan

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

**Quindorian** · 2011-05-21, 08:03

Thx for the help in advance. Here follows the report

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 07:55:38
-----------------------------
07:55:38.230 OS Version: Windows 6.0.6002 Service Pack 2
07:55:38.230 Number of processors: 2 586 0x6B02
07:55:38.230 ComputerName: PC_OLE UserName: Ole
07:55:41.667 Initialize success
07:55:57.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
07:55:57.999 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
07:55:58.001 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
07:55:58.003 Disk 0 MBR read error 0
07:55:58.006 Disk 0 MBR scan
07:55:58.009 Disk 0 unknown MBR code
07:55:58.011 MBR BIOS signature not found 0
07:55:58.017 Disk 0 scanning sectors +625139712
07:55:58.020 Disk 0 scanning C:\Windows\system32\drivers
07:56:04.450 Service scanning
07:56:05.743 Disk 0 trace - called modules:
07:56:05.747 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
07:56:05.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
07:56:05.754 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
07:56:06.101 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
07:56:06.106 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
07:56:06.113 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
07:56:06.118 Scan finished successfully
07:56:27.963 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
07:56:27.973 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR.txt"

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 08:01:23
-----------------------------
08:01:23.736 OS Version: Windows 6.0.6002 Service Pack 2
08:01:23.736 Number of processors: 2 586 0x6B02
08:01:23.737 ComputerName: PC_OLE UserName: Ole
08:01:24.867 Initialize success
08:01:27.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
08:01:27.078 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
08:01:27.080 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
08:01:27.083 Disk 0 MBR read error 0
08:01:27.086 Disk 0 MBR scan
08:01:27.088 Disk 0 unknown MBR code
08:01:27.092 MBR BIOS signature not found 0
08:01:27.098 Disk 0 scanning sectors +625139712
08:01:27.101 Disk 0 scanning C:\Windows\system32\drivers
08:01:32.822 Service scanning
08:01:34.047 Disk 0 trace - called modules:
08:01:34.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
08:01:34.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
08:01:34.058 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
08:01:34.064 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
08:01:34.069 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
08:01:34.074 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
08:01:34.081 Scan finished successfully
08:01:46.434 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
08:01:46.440 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR.txt"

**ken545** · 2011-05-21, 12:11

Good Morning

Re-Run aswMBR

Click Scan

On completion of the scan

Click Fix

Save the log as before and post in your next reply

**Quindorian** · 2011-05-21, 13:21

Goodmorning, glad to hear from.

I've ran aswMBR again, scanned, and produced the following, but It seems I can't "Fix". The button doesn't light up. FixMBR does light up.

report:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 13:17:53
-----------------------------
13:17:53.442 OS Version: Windows 6.0.6002 Service Pack 2
13:17:53.442 Number of processors: 2 586 0x6B02
13:17:53.443 ComputerName: PC_OLE UserName: Ole
13:17:54.560 Initialize success
13:17:56.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
13:17:56.585 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
13:17:56.587 Device \Device\00000062 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&1e0d9d13&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
13:17:56.589 Disk 0 MBR read error 0
13:17:56.592 Disk 0 MBR scan
13:17:56.595 Disk 0 unknown MBR code
13:17:56.598 MBR BIOS signature not found 0
13:17:56.604 Disk 0 scanning sectors +625139712
13:17:56.608 Disk 0 scanning C:\Windows\system32\drivers
13:18:02.402 Service scanning
13:18:03.577 Disk 0 trace - called modules:
13:18:03.581 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x874105d9]<<
13:18:03.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3c5d8]
13:18:03.589 3 CLASSPNP.SYS[8b5b18b3] -> nt!IofCallDriver -> [0x86f3ce40]
13:18:03.594 5 PCTCore.sys[82a1f68b] -> nt!IofCallDriver -> [0x85f5ee70]
13:18:03.599 7 acpi.sys[806476bc] -> nt!IofCallDriver -> [0x85f0ec90]
13:18:03.605 \Driver\nvstor32[0x873f9a48] -> IRP_MJ_CREATE -> 0x874105d9
13:18:03.610 Scan finished successfully
13:18:21.458 Disk 0 MBR has been saved successfully to "C:\Users\Ole\Desktop\MBR.dat"
13:18:21.464 The log file has been saved successfully to "C:\Users\Ole\Desktop\aswMBR2.txt"

**ken545** · 2011-05-21, 14:07

Run this program instead for the time being

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

**Quindorian** · 2011-05-21, 14:35

That seemed to have worked, must say my pc is starting up much faster, without some of the usual issues.

The report:

2011/05/21 14:28:10.0050 5776 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 14:28:10.0313 5776 ================================================================================
2011/05/21 14:28:10.0313 5776 SystemInfo:
2011/05/21 14:28:10.0313 5776
2011/05/21 14:28:10.0313 5776 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/21 14:28:10.0313 5776 Product type: Workstation
2011/05/21 14:28:10.0313 5776 ComputerName: PC_OLE
2011/05/21 14:28:10.0313 5776 UserName: Ole
2011/05/21 14:28:10.0313 5776 Windows directory: C:\Windows
2011/05/21 14:28:10.0313 5776 System windows directory: C:\Windows
2011/05/21 14:28:10.0314 5776 Processor architecture: Intel x86
2011/05/21 14:28:10.0314 5776 Number of processors: 2
2011/05/21 14:28:10.0314 5776 Page size: 0x1000
2011/05/21 14:28:10.0314 5776 Boot type: Normal boot
2011/05/21 14:28:10.0314 5776 ================================================================================
2011/05/21 14:28:11.0897 5776 Initialize success
2011/05/21 14:28:14.0435 1828 ================================================================================
2011/05/21 14:28:14.0435 1828 Scan started
2011/05/21 14:28:14.0435 1828 Mode: Manual;
2011/05/21 14:28:14.0435 1828 ================================================================================
2011/05/21 14:28:14.0766 1828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/21 14:28:14.0863 1828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/21 14:28:14.0957 1828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/21 14:28:15.0056 1828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/21 14:28:15.0157 1828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/21 14:28:15.0271 1828 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/21 14:28:15.0361 1828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/21 14:28:15.0441 1828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/21 14:28:15.0548 1828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/21 14:28:15.0633 1828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/21 14:28:15.0723 1828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/21 14:28:15.0811 1828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/21 14:28:15.0899 1828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/21 14:28:15.0997 1828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/21 14:28:16.0078 1828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/21 14:28:16.0164 1828 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/21 14:28:16.0213 1828 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/21 14:28:16.0246 1828 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/05/21 14:28:16.0342 1828 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/05/21 14:28:16.0427 1828 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/05/21 14:28:16.0451 1828 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/05/21 14:28:16.0490 1828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/21 14:28:16.0523 1828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/21 14:28:16.0573 1828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/21 14:28:16.0666 1828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/21 14:28:16.0758 1828 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/21 14:28:16.0837 1828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/21 14:28:16.0911 1828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/21 14:28:16.0971 1828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/21 14:28:17.0017 1828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/21 14:28:17.0054 1828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/21 14:28:17.0077 1828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/21 14:28:17.0108 1828 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/21 14:28:17.0141 1828 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/21 14:28:17.0182 1828 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/21 14:28:17.0218 1828 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/21 14:28:17.0266 1828 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/21 14:28:17.0298 1828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/21 14:28:17.0337 1828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/21 14:28:17.0405 1828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/21 14:28:17.0476 1828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/21 14:28:17.0514 1828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/21 14:28:17.0544 1828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/21 14:28:17.0586 1828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/21 14:28:17.0613 1828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/21 14:28:17.0672 1828 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/21 14:28:17.0722 1828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/21 14:28:17.0771 1828 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/21 14:28:17.0802 1828 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/21 14:28:17.0828 1828 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/05/21 14:28:17.0855 1828 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/21 14:28:17.0905 1828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/21 14:28:17.0950 1828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/21 14:28:17.0993 1828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/21 14:28:18.0069 1828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/21 14:28:18.0104 1828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/21 14:28:18.0149 1828 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/21 14:28:18.0204 1828 EUBAKUP (0c7f516415333f854d2ce45c6f2d6420) C:\Windows\system32\drivers\eubakup.sys
2011/05/21 14:28:18.0238 1828 EuDisk (f986ee234b05769c7fbd8def8d20e32f) C:\Windows\system32\DRIVERS\EuDisk.sys
2011/05/21 14:28:18.0286 1828 EUDSKACS (db677f262ddb5de277c8f655ebd114f5) C:\Windows\system32\drivers\eudskacs.sys
2011/05/21 14:28:18.0351 1828 EUFS (42f734e7eb6c05e97df18c0eb16c350a) C:\Windows\system32\drivers\eufs.sys
2011/05/21 14:28:18.0440 1828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/21 14:28:18.0487 1828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/21 14:28:18.0530 1828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/21 14:28:18.0555 1828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/21 14:28:18.0580 1828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/21 14:28:18.0607 1828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/21 14:28:18.0637 1828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/21 14:28:18.0666 1828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/21 14:28:18.0686 1828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/21 14:28:18.0723 1828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/21 14:28:18.0757 1828 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2011/05/21 14:28:18.0803 1828 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/21 14:28:18.0858 1828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/21 14:28:18.0897 1828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/21 14:28:18.0920 1828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/21 14:28:18.0959 1828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/21 14:28:18.0992 1828 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/21 14:28:19.0035 1828 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/21 14:28:19.0087 1828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/21 14:28:19.0125 1828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/21 14:28:19.0170 1828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/21 14:28:19.0215 1828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/21 14:28:19.0308 1828 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/21 14:28:19.0378 1828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/21 14:28:19.0412 1828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/21 14:28:19.0470 1828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/21 14:28:19.0534 1828 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/21 14:28:19.0570 1828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/21 14:28:19.0597 1828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/21 14:28:19.0621 1828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/21 14:28:19.0654 1828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/21 14:28:19.0698 1828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/21 14:28:19.0741 1828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/21 14:28:19.0766 1828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/21 14:28:19.0808 1828 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/21 14:28:19.0859 1828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/21 14:28:19.0915 1828 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
2011/05/21 14:28:19.0932 1828 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
2011/05/21 14:28:19.0974 1828 lgmdbus (54fec13b60914784aa06685f352aed70) C:\Windows\system32\DRIVERS\lgmdbus.sys
2011/05/21 14:28:20.0006 1828 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\Windows\system32\DRIVERS\lgmdmdfl.sys
2011/05/21 14:28:20.0028 1828 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\Windows\system32\DRIVERS\lgmdmdm.sys
2011/05/21 14:28:20.0074 1828 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\Windows\system32\DRIVERS\lgmdmgmt.sys
2011/05/21 14:28:20.0132 1828 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\Windows\system32\DRIVERS\lgmdobex.sys
2011/05/21 14:28:20.0173 1828 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
2011/05/21 14:28:20.0204 1828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/21 14:28:20.0276 1828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/21 14:28:20.0327 1828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/21 14:28:20.0348 1828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/21 14:28:20.0385 1828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/21 14:28:20.0409 1828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/21 14:28:20.0449 1828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/21 14:28:20.0500 1828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/21 14:28:20.0537 1828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/21 14:28:20.0610 1828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/21 14:28:20.0645 1828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/21 14:28:20.0664 1828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/21 14:28:20.0685 1828 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/21 14:28:20.0706 1828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/21 14:28:20.0755 1828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/21 14:28:20.0808 1828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/21 14:28:20.0830 1828 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/21 14:28:20.0857 1828 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/21 14:28:20.0880 1828 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/21 14:28:20.0920 1828 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/21 14:28:20.0947 1828 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/21 14:28:20.0986 1828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/21 14:28:21.0010 1828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/21 14:28:21.0045 1828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/21 14:28:21.0069 1828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/21 14:28:21.0092 1828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/21 14:28:21.0124 1828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/21 14:28:21.0148 1828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/21 14:28:21.0173 1828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/21 14:28:21.0206 1828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/21 14:28:21.0255 1828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/21 14:28:21.0295 1828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/21 14:28:21.0339 1828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/21 14:28:21.0366 1828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/21 14:28:21.0400 1828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/21 14:28:21.0424 1828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/21 14:28:21.0460 1828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/21 14:28:21.0495 1828 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/21 14:28:21.0547 1828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/21 14:28:21.0598 1828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/21 14:28:21.0625 1828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/21 14:28:21.0678 1828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/21 14:28:21.0712 1828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/21 14:28:21.0740 1828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/21 14:28:21.0879 1828 nvlddmkm (ca76b9adb89f60c512f8ee1ea3c85668) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/21 14:28:22.0049 1828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/21 14:28:22.0076 1828 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/21 14:28:22.0102 1828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/21 14:28:22.0142 1828 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/21 14:28:22.0175 1828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/21 14:28:22.0248 1828 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/21 14:28:22.0300 1828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/21 14:28:22.0333 1828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/21 14:28:22.0364 1828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/21 14:28:22.0404 1828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/21 14:28:22.0426 1828 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/21 14:28:22.0468 1828 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/21 14:28:22.0529 1828 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\Windows\system32\drivers\PCTCore.sys
2011/05/21 14:28:22.0557 1828 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/21 14:28:22.0594 1828 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/05/21 14:28:22.0643 1828 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/05/21 14:28:22.0688 1828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/21 14:28:22.0778 1828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/21 14:28:22.0821 1828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/21 14:28:22.0882 1828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/21 14:28:22.0918 1828 PSINAflt (a282f4150ab719dc3b88f1083cebdeec) C:\Windows\system32\DRIVERS\PSINAflt.sys
2011/05/21 14:28:22.0946 1828 PSINFile (1d81f2d1ccf0b8e079615ab99ec1c150) C:\Windows\system32\DRIVERS\PSINFile.sys
2011/05/21 14:28:22.0980 1828 PSINKNC (a7d7566d9a4af4372d10769da1035fb8) C:\Windows\system32\DRIVERS\psinknc.sys
2011/05/21 14:28:23.0007 1828 PSINProc (9871222e40a3bc5a5af81ba931422af4) C:\Windows\system32\DRIVERS\PSINProc.sys
2011/05/21 14:28:23.0033 1828 PSINProt (a92f30f5af037831982be26f979edddc) C:\Windows\system32\DRIVERS\PSINProt.sys
2011/05/21 14:28:23.0067 1828 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/21 14:28:23.0107 1828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/21 14:28:23.0225 1828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/21 14:28:23.0271 1828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/21 14:28:23.0295 1828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/21 14:28:23.0333 1828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/21 14:28:23.0370 1828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/21 14:28:23.0405 1828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/21 14:28:23.0445 1828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/21 14:28:23.0483 1828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/21 14:28:23.0515 1828 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/21 14:28:23.0533 1828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/21 14:28:23.0583 1828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/21 14:28:23.0640 1828 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/21 14:28:23.0684 1828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/21 14:28:23.0720 1828 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/21 14:28:23.0765 1828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/21 14:28:23.0833 1828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/21 14:28:23.0869 1828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/21 14:28:23.0894 1828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/21 14:28:23.0920 1828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/21 14:28:23.0969 1828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/21 14:28:24.0008 1828 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/21 14:28:24.0026 1828 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/21 14:28:24.0054 1828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/21 14:28:24.0109 1828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/21 14:28:24.0160 1828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/21 14:28:24.0191 1828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/21 14:28:24.0255 1828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/21 14:28:24.0295 1828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/21 14:28:24.0348 1828 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/05/21 14:28:24.0385 1828 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/21 14:28:24.0425 1828 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/21 14:28:24.0476 1828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/21 14:28:24.0524 1828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/21 14:28:24.0563 1828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/21 14:28:24.0600 1828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/21 14:28:24.0680 1828 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/21 14:28:24.0727 1828 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/21 14:28:24.0760 1828 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/21 14:28:24.0807 1828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/21 14:28:24.0833 1828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/21 14:28:24.0868 1828 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/21 14:28:24.0907 1828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/21 14:28:24.0946 1828 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/21 14:28:24.0966 1828 TfNetMon (917ef522563f6047685486efa486fb3c) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/21 14:28:24.0986 1828 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/21 14:28:25.0056 1828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/21 14:28:25.0082 1828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/21 14:28:25.0113 1828 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/21 14:28:25.0139 1828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/21 14:28:25.0187 1828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/21 14:28:25.0230 1828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/21 14:28:25.0265 1828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/21 14:28:25.0300 1828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/21 14:28:25.0339 1828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/21 14:28:25.0383 1828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/21 14:28:25.0414 1828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/21 14:28:25.0449 1828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/21 14:28:25.0490 1828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/21 14:28:25.0530 1828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/21 14:28:25.0562 1828 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/21 14:28:25.0589 1828 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/21 14:28:25.0614 1828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/21 14:28:25.0634 1828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/21 14:28:25.0663 1828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/21 14:28:25.0688 1828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/21 14:28:25.0728 1828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/21 14:28:25.0760 1828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/21 14:28:25.0799 1828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/21 14:28:25.0819 1828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/21 14:28:25.0853 1828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/21 14:28:25.0885 1828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/21 14:28:25.0917 1828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/21 14:28:25.0958 1828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/21 14:28:25.0982 1828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 14:28:25.0995 1828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 14:28:26.0046 1828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/21 14:28:26.0086 1828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/21 14:28:26.0201 1828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/21 14:28:26.0261 1828 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/21 14:28:26.0291 1828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/21 14:28:26.0334 1828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/21 14:28:26.0404 1828 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PlayMovie\000.fcl
2011/05/21 14:28:26.0442 1828 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/21 14:28:26.0447 1828 ================================================================================
2011/05/21 14:28:26.0447 1828 Scan finished
2011/05/21 14:28:26.0447 1828 ================================================================================
2011/05/21 14:28:26.0462 2448 Detected object count: 1
2011/05/21 14:28:35.0511 2448 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/21 14:28:35.0511 2448 \HardDisk0 - ok
2011/05/21 14:28:35.0512 2448 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/21 14:28:38.0135 5544 Deinitialize success

**ken545** · 2011-05-21, 15:46

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**Quindorian** · 2011-05-21, 16:53

no infections found, here follows the report: (language is dutch, srr if thats a problem, I can translate if needed.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6634

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

21/05/2011 16:50:34
mbam-log-2011-05-21 (16-50-34).txt

Scantype: Snelle scan
Objecten gescand: 183802
Verstreken tijd: 9 minuut/minuten, 29 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

**ken545** · 2011-05-21, 17:27

Lets make sure we got it all

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Thread: click.giftload infection

Thread Tools

Display

click.giftload infection

Posting Permissions