Hello,
I have recently discovered an issue on my computer with Click.GiftLoad. I noticed the effects of it after I restored my computer to the factory settings due to what I believe was a virus. After I realized what the problem was, I downloaded Spybot and attempted to use that to fix it. When it kept coming back, I restored my computer again. Obviously, that didn't work either...:sad: So, I've come here for help. I read the post about what to do prior to creating a thread and need to mention some of those thing as well. First, I attempted to turn Spybot's TeaTimer off, but I never got any prompts to OK. I rebooted the computer anyway and, when I checked the TeaTimer, it was turned back on. Also, I downloaded, installed, and ran ERUNT, but, after my computer rebooted, I got a message saying that the save failed and any restores would have to be done using the OS boot disk. I have no idea what's going on with my computer and would really appreciate any help that can be given. :)

DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rain at 0:06:51.05 on Wed 03/30/2011
Internet Explorer: 7.0.6000.16473
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.225 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Rain\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\ALaunch\ALaunch.exe
C:\Windows\ery.exe
C:\Windows\ery.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Temp\bye166C.tmp\Disk1\CheckD2DSystem.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rain\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [Acer Tour] c:\acer\acertour\AcerTour.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SetPanel] c:\acer\apanel\APanel.cmd
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [eRecoveryService]
StartupFolder: c:\users\rain\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: Free YouTube to MP3 Converter - c:\users\rain\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rain\appdata\roaming\mozilla\firefox\profiles\mqgmut40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-25 64512]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20110322.001\IDSvix86.sys [2011-3-25 287792]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-9-3 50688]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-22 1405384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-3 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-9-3 102760]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2011-3-25 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-22 15232]
.
=============== Created Last 30 ================
.
2011-03-29 22:13:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-27 00:58:28 -------- d-----w- c:\program files\CCleaner
2011-03-26 07:06:26 -------- d-----w- c:\users\rain\appdata\local\Adobe
2011-03-26 03:38:20 -------- d-----w- c:\users\rain\appdata\roaming\DVDVideoSoftIEHelpers
2011-03-26 03:36:52 -------- d-----w- c:\program files\DVDVideoSoft
2011-03-26 03:36:52 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-03-26 02:44:04 -------- d-----w- c:\program files\FreeTime
2011-03-26 02:17:35 -------- d-----w- C:\My Zip Files
2011-03-26 02:17:23 -------- d-----w- c:\program files\CoffeeCup Software
2011-03-26 02:12:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-26 00:25:14 3 ----a-w- c:\windows\AFirst.cmd
2011-03-26 00:25:13 16437832 ----a-w- c:\windows\eRy.exe
2011-03-26 00:25:07 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-03-26 00:25:07 100358 ----a-w- c:\windows\system32\Vxdif.dll
2011-03-26 00:25:06 154624 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-03-26 00:24:56 336 ----a-w- c:\windows\ACERTOURREMINDERRUN.REG
2011-03-26 00:24:53 55808 ----a-w- c:\windows\devcon.exe
2011-03-26 00:24:53 23 ----a-w- c:\windows\system32\$Acer$.cmd
2011-03-26 00:24:53 23 ----a-w- c:\progra~2\microsoft\crypto\rsa\machinekeys\$Acer$.cmd
2011-03-26 00:24:53 1550 ----a-w- c:\windows\CLEANUP.CMD
2011-03-25 23:30:44 -------- d-----w- c:\users\rain\appdata\local\Mozilla
2011-03-25 21:47:37 -------- d--h--w- c:\windows\PIF
2011-03-25 21:07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 21:07:14 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-25 20:57:40 -------- d-----w- c:\users\rain\appdata\roaming\Acer
2011-03-25 20:52:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 20:51:29 -------- dc-h--w- c:\progra~2\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-25 20:50:51 -------- d-----w- c:\program files\Lavasoft
2011-03-25 20:49:50 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-25 20:49:49 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-25 20:47:23 -------- d-----w- c:\program files\Apoint2K
2011-03-25 20:46:05 -------- d-----w- c:\program files\Acer Assist
2011-03-25 20:46:04 -------- d-----w- c:\program files\Acer Registration
2011-03-25 20:43:50 -------- d-----w- c:\program files\Launch Manager
2011-03-25 20:43:07 -------- d--h--w- c:\users\rain\appdata\local\acer eNM
2011-03-25 20:42:12 -------- d-----w- c:\users\rain\appdata\local\Acer Arcade
2011-03-25 20:41:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-25 20:41:21 -------- d-----w- c:\users\rain\appdata\local\VirtualStore
2011-03-25 20:41:09 83554304 ----a-w- c:\windows\system32\acer.scr
2011-03-25 20:41:03 40368034 ----a-w- c:\windows\system32\acer.exe
2011-03-25 20:41:00 -------- d-----w- c:\program files\Acer Inc
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC70P -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B64439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85b6a7d0]; MOV EAX, [0x85b6a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x81C67C65] -> \Device\Harddisk0\DR0[0x854C5180]
3 nt[0x81CA811D] -> nt!IofCallDriver[0x81C67C65] -> [0x84FCE968]
5 acpi[0x8047B32A] -> nt!IofCallDriver[0x81C67C65] -> [0x85008BB0]
\Driver\atapi[0x85B49E38] -> IRP_MJ_CREATE -> 0x85B64439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC70P#5&33632e6b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 0:08:10.78 ===============


Spybot Log:

Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

hi,

Based on the log you shouldn't be using the computer until its clean. It shouldnt have any connectivity, if your not sure how to do this then I would power it off.

You have a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

To manually clean up the machine with current utilities proceed as follows:



Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click as "run as admin.." After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

Please post the log report

Thank you so much for helping. ^-^

Here are the TDSSKiller results:

2011/03/31 22:42:31.0414 2024 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 22:42:33.0418 2024 ================================================================================
2011/03/31 22:42:33.0418 2024 SystemInfo:
2011/03/31 22:42:33.0418 2024
2011/03/31 22:42:33.0418 2024 OS Version: 6.0.6000 ServicePack: 0.0
2011/03/31 22:42:33.0418 2024 Product type: Workstation
2011/03/31 22:42:33.0418 2024 ComputerName: RAIN-PC
2011/03/31 22:42:33.0419 2024 UserName: Rain
2011/03/31 22:42:33.0419 2024 Windows directory: C:\Windows
2011/03/31 22:42:33.0419 2024 System windows directory: C:\Windows
2011/03/31 22:42:33.0419 2024 Processor architecture: Intel x86
2011/03/31 22:42:33.0419 2024 Number of processors: 1
2011/03/31 22:42:33.0419 2024 Page size: 0x1000
2011/03/31 22:42:33.0419 2024 Boot type: Normal boot
2011/03/31 22:42:33.0419 2024 ================================================================================
2011/03/31 22:42:48.0780 2024 Initialize success
2011/03/31 22:42:57.0366 0660 ================================================================================
2011/03/31 22:42:57.0366 0660 Scan started
2011/03/31 22:42:57.0366 0660 Mode: Manual;
2011/03/31 22:42:57.0366 0660 ================================================================================
2011/03/31 22:43:39.0871 0660 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/03/31 22:43:55.0869 0660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/31 22:44:06.0341 0660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/31 22:44:17.0100 0660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/31 22:44:34.0463 0660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/31 22:44:52.0544 0660 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/03/31 22:45:09.0090 0660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/31 22:45:20.0669 0660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/31 22:45:33.0036 0660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/31 22:45:43.0405 0660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/31 22:45:55.0170 0660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/31 22:46:06.0583 0660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/31 22:46:15.0817 0660 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/31 22:46:24.0434 0660 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/31 22:46:31.0423 0660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/31 22:46:38.0701 0660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/31 22:46:46.0657 0660 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/31 22:46:53.0958 0660 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/03/31 22:47:00.0630 0660 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
2011/03/31 22:47:07.0395 0660 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/31 22:47:14.0005 0660 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/03/31 22:47:25.0707 0660 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/31 22:47:31.0818 0660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/31 22:47:38.0296 0660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/31 22:47:47.0613 0660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/31 22:47:54.0126 0660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/31 22:47:59.0715 0660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/31 22:48:07.0571 0660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/31 22:48:15.0728 0660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/31 22:48:22.0941 0660 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/31 22:48:29.0865 0660 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/31 22:48:37.0711 0660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/31 22:48:44.0112 0660 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/03/31 22:48:51.0547 0660 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/31 22:48:59.0148 0660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/31 22:49:06.0193 0660 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/31 22:49:13.0474 0660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/31 22:49:20.0331 0660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/31 22:49:27.0670 0660 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/03/31 22:49:34.0579 0660 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/03/31 22:49:40.0551 0660 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/03/31 22:49:44.0352 0660 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/03/31 22:49:51.0206 0660 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/03/31 22:49:57.0727 0660 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/31 22:50:05.0616 0660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/31 22:50:12.0617 0660 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/03/31 22:50:14.0646 0660 eeCtrl (fb069d8270853023f6e315745b5bbad4) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/31 22:50:24.0528 0660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/31 22:50:25.0468 0660 EraserUtilRebootDrv (c2b7492eaea689e812bbbd01ebc9418a) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/31 22:50:32.0147 0660 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/03/31 22:50:38.0414 0660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/31 22:50:46.0927 0660 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/03/31 22:50:53.0251 0660 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/03/31 22:50:59.0519 0660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/31 22:51:05.0957 0660 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/03/31 22:51:12.0234 0660 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/31 22:51:18.0471 0660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/31 22:51:25.0956 0660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/31 22:51:34.0062 0660 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/31 22:51:40.0745 0660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/31 22:51:49.0703 0660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/31 22:51:58.0881 0660 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/31 22:52:04.0903 0660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/31 22:52:10.0032 0660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/31 22:52:17.0577 0660 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/31 22:52:24.0181 0660 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/31 22:52:31.0329 0660 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/03/31 22:52:38.0004 0660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/31 22:52:43.0600 0660 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/31 22:52:49.0949 0660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/31 22:52:51.0792 0660 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110322.001\IDSvix86.sys
2011/03/31 22:53:00.0203 0660 igfx (f93a6b133a2fa961cd49ddbcc16449bb) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/31 22:53:08.0555 0660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/31 22:53:19.0947 0660 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
2011/03/31 22:53:52.0630 0660 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/31 22:54:10.0783 0660 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/03/31 22:54:21.0317 0660 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/31 22:54:34.0874 0660 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/31 22:54:50.0610 0660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/31 22:54:59.0357 0660 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/31 22:55:11.0093 0660 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/03/31 22:55:19.0594 0660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/31 22:55:31.0078 0660 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/31 22:55:41.0130 0660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/31 22:55:48.0943 0660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/31 22:55:57.0155 0660 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/31 22:56:13.0790 0660 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/03/31 22:56:33.0927 0660 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/31 22:56:38.0649 0660 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/31 22:56:56.0108 0660 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/31 22:57:08.0772 0660 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/31 22:57:19.0763 0660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/31 22:57:24.0964 0660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/31 22:57:31.0511 0660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/31 22:57:40.0168 0660 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/03/31 22:57:52.0314 0660 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/31 22:57:58.0725 0660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/31 22:58:05.0849 0660 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/03/31 22:58:17.0341 0660 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/31 22:58:24.0964 0660 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 22:58:40.0221 0660 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/03/31 22:58:55.0167 0660 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/03/31 22:59:17.0415 0660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/31 22:59:34.0816 0660 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/31 22:59:42.0762 0660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/31 22:59:53.0155 0660 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/31 23:00:01.0172 0660 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/31 23:00:09.0351 0660 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/31 23:00:16.0352 0660 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/31 23:00:24.0242 0660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/31 23:00:32.0399 0660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/31 23:00:39.0122 0660 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/03/31 23:00:46.0845 0660 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/03/31 23:00:56.0894 0660 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/31 23:01:05.0505 0660 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/31 23:01:12.0774 0660 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/03/31 23:01:20.0634 0660 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/03/31 23:01:30.0890 0660 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/31 23:01:39.0246 0660 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/03/31 23:01:47.0647 0660 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/03/31 23:02:06.0175 0660 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/31 23:02:07.0705 0660 NAVENG (ef04748a7a7266edbdbe02b161a0685d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
2011/03/31 23:02:09.0643 0660 NAVEX15 (09f3bfdc47718459b42d696cb671f65f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
2011/03/31 23:02:20.0807 0660 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/03/31 23:02:31.0216 0660 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/31 23:02:38.0239 0660 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/31 23:02:46.0420 0660 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/31 23:02:53.0068 0660 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/03/31 23:02:59.0955 0660 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/31 23:03:06.0887 0660 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/31 23:03:12.0878 0660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/31 23:03:18.0733 0660 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/03/31 23:03:25.0189 0660 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/31 23:03:32.0530 0660 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/03/31 23:03:36.0351 0660 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/03/31 23:03:40.0325 0660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/31 23:03:45.0014 0660 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/03/31 23:03:49.0695 0660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/31 23:03:56.0529 0660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/31 23:04:03.0477 0660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/31 23:04:20.0411 0660 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/03/31 23:04:26.0341 0660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/31 23:04:32.0956 0660 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/03/31 23:04:42.0209 0660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/31 23:04:47.0993 0660 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/03/31 23:04:53.0471 0660 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/31 23:05:01.0222 0660 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/31 23:05:10.0444 0660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/31 23:05:17.0883 0660 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/31 23:05:24.0335 0660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/31 23:05:30.0865 0660 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/31 23:05:38.0044 0660 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/03/31 23:05:47.0720 0660 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/03/31 23:05:55.0914 0660 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/03/31 23:06:05.0751 0660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/31 23:06:14.0026 0660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/31 23:06:21.0493 0660 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/31 23:06:31.0271 0660 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/31 23:06:37.0696 0660 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/31 23:06:44.0341 0660 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/31 23:06:51.0510 0660 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/31 23:07:00.0293 0660 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/31 23:07:08.0666 0660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/31 23:07:13.0043 0660 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/31 23:07:18.0780 0660 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/03/31 23:07:28.0145 0660 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/31 23:07:35.0413 0660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/31 23:07:42.0795 0660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/31 23:07:50.0795 0660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/31 23:07:57.0920 0660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/31 23:08:07.0136 0660 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/03/31 23:08:16.0855 0660 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/31 23:08:22.0667 0660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/31 23:08:29.0580 0660 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/31 23:08:41.0637 0660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/31 23:08:50.0929 0660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/31 23:08:57.0698 0660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/31 23:09:04.0274 0660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/31 23:09:11.0097 0660 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/03/31 23:09:12.0907 0660 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/31 23:09:20.0388 0660 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/03/31 23:09:26.0717 0660 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/03/31 23:09:31.0573 0660 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/03/31 23:09:37.0155 0660 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/03/31 23:09:43.0691 0660 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/03/31 23:09:49.0843 0660 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/31 23:09:59.0803 0660 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/31 23:10:04.0908 0660 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/31 23:10:09.0963 0660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/31 23:10:16.0352 0660 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/03/31 23:10:21.0945 0660 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/03/31 23:10:25.0720 0660 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
2011/03/31 23:10:29.0766 0660 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/03/31 23:10:37.0868 0660 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/03/31 23:10:43.0908 0660 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/03/31 23:10:49.0187 0660 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/03/31 23:10:55.0161 0660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/31 23:10:59.0762 0660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/31 23:11:04.0537 0660 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/03/31 23:11:14.0969 0660 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/31 23:11:41.0207 0660 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/31 23:11:57.0439 0660 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/03/31 23:12:04.0196 0660 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/31 23:12:11.0598 0660 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/31 23:12:20.0778 0660 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/31 23:12:31.0276 0660 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/31 23:12:37.0879 0660 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/31 23:12:46.0117 0660 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/31 23:12:57.0072 0660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/31 23:13:04.0624 0660 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/31 23:13:13.0754 0660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/31 23:13:18.0399 0660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/31 23:13:22.0498 0660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/31 23:13:25.0291 0660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/31 23:13:28.0268 0660 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/31 23:13:34.0146 0660 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/03/31 23:13:38.0873 0660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/31 23:13:42.0832 0660 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/31 23:13:46.0004 0660 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/31 23:13:50.0102 0660 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/31 23:13:57.0506 0660 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/31 23:14:05.0221 0660 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/31 23:14:12.0552 0660 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/31 23:14:19.0065 0660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/31 23:14:23.0075 0660 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/03/31 23:14:27.0323 0660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/31 23:14:31.0435 0660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/31 23:14:35.0991 0660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/31 23:14:40.0106 0660 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/03/31 23:14:43.0448 0660 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/03/31 23:14:48.0272 0660 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/03/31 23:14:51.0876 0660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/31 23:14:55.0480 0660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/31 23:14:59.0172 0660 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 23:14:59.0434 0660 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 23:15:03.0195 0660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/31 23:15:07.0341 0660 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/31 23:15:11.0864 0660 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/31 23:15:16.0686 0660 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/31 23:15:21.0642 0660 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/31 23:15:25.0998 0660 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/31 23:15:31.0745 0660 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/31 23:15:37.0820 0660 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/31 23:15:40.0702 0660 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/31 23:15:41.0434 0660 ================================================================================
2011/03/31 23:15:41.0434 0660 Scan finished
2011/03/31 23:15:41.0434 0660 ================================================================================
2011/03/31 23:15:42.0814 5196 Detected object count: 1
2011/03/31 23:16:01.0042 5196 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/31 23:16:01.0043 5196 \HardDisk0 - ok
2011/03/31 23:16:01.0235 5196 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/31 23:16:09.0871 2036 Deinitialize success

ok so far so good. We will get two more downloads to use. The first is combofix and requires that you read a guide before using it. Read through the guide then apply the directions on your own machine. The second is Malwarebytes which you can keep and use.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

Alright, here's the Combofix log:
ComboFix 11-04-01.01 - Rain 04/01/2011 18:34:59.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.162 [GMT -4:00]
Running from: c:\users\Rain\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 22:46 . 2011-04-01 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 04:37 . 2011-04-01 04:37 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-04-01 04:37 . 2011-04-01 04:37 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-04-01 04:37 . 2011-04-01 04:37 44768 ----a-w- c:\windows\system32\wups2.dll
2011-04-01 04:37 . 2011-04-01 04:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-04-01 04:36 . 2011-04-01 04:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-04-01 04:36 . 2011-04-01 04:36 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-04-01 04:01 . 2011-04-01 04:01 -------- d-----w- c:\program files\Common Files\Java
2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\OpenOffice.org 3
2011-03-30 23:29 . 2011-02-03 01:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 23:28 . 2011-04-01 03:59 -------- d-----w- c:\program files\Java
2011-03-30 04:05 . 2011-03-30 04:05 -------- d-----w- c:\program files\ERUNT
2011-03-29 22:13 . 2011-03-29 22:13 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-27 00:58 . 2011-03-27 00:58 -------- d-----w- c:\program files\CCleaner
2011-03-26 03:36 . 2011-03-26 03:38 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-03-26 03:36 . 2011-03-26 03:37 -------- d-----w- c:\program files\DVDVideoSoft
2011-03-26 02:44 . 2011-03-26 02:44 -------- d-----w- c:\program files\FreeTime
2011-03-26 02:17 . 2011-03-26 02:17 -------- d-----w- C:\My Zip Files
2011-03-26 02:17 . 2011-03-26 02:17 -------- d-----w- c:\program files\CoffeeCup Software
2011-03-26 02:12 . 2011-03-22 08:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-26 00:25 . 2011-03-26 00:25 3 ----a-w- c:\windows\AFirst.cmd
2011-03-26 00:25 . 2007-05-09 11:34 16437832 ----a-w- c:\windows\eRy.exe
2011-03-26 00:25 . 2007-05-23 10:18 100358 ----a-w- c:\windows\system32\Vxdif.dll
2011-03-26 00:25 . 2006-11-02 00:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-03-26 00:25 . 2007-06-14 02:33 154624 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-03-26 00:24 . 2011-03-25 20:40 1550 ----a-w- c:\windows\CLEANUP.CMD
2011-03-26 00:24 . 2007-01-11 09:50 23 ----a-w- c:\windows\system32\$Acer$.cmd
2011-03-26 00:24 . 2007-01-11 09:50 23 ----a-w- c:\programdata\Microsoft\Crypto\RSA\MachineKeys\$Acer$.cmd
2011-03-26 00:24 . 2002-11-14 14:32 55808 ----a-w- c:\windows\devcon.exe
2011-03-25 21:47 . 2011-03-25 21:47 -------- d--h--w- c:\windows\PIF
2011-03-25 21:07 . 2011-03-28 00:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-25 21:07 . 2011-03-25 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 20:52 . 2011-03-25 20:52 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-25 20:52 . 2011-03-22 08:05 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 20:51 . 2011-03-25 20:51 -------- dc-h--w- c:\programdata\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-25 20:50 . 2011-03-25 20:51 -------- d-----w- c:\programdata\Lavasoft
2011-03-25 20:50 . 2011-03-25 20:50 -------- d-----w- c:\program files\Lavasoft
2011-03-25 20:49 . 2006-11-12 15:54 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-03-25 20:49 . 2006-11-10 21:27 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-03-25 20:49 . 2005-12-09 13:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-25 20:49 . 2007-05-08 19:26 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-25 20:47 . 2011-03-25 20:47 -------- d-----w- c:\program files\Apoint2K
2011-03-25 20:46 . 2011-03-25 20:46 -------- d-----w- c:\program files\Acer Assist
2011-03-25 20:46 . 2011-03-25 20:46 -------- d-----w- c:\program files\Acer Registration
2011-03-25 20:43 . 2011-03-25 20:44 -------- d-----w- c:\program files\Launch Manager
2011-03-25 20:41 . 2011-03-25 20:41 -------- d-----w- c:\windows\system32\Macromed
2011-03-25 20:41 . 2007-04-19 17:41 83554304 ----a-w- c:\windows\system32\acer.scr
2011-03-25 20:41 . 2007-05-10 19:21 40368034 ----a-w- c:\windows\system32\acer.exe
2011-03-25 20:41 . 2011-03-25 20:41 -------- d-----w- c:\program files\Acer Inc
2011-03-25 20:40 . 2011-03-25 20:41 -------- d-----w- c:\windows\ACER
2011-03-25 20:40 . 2011-03-25 20:40 -------- d-----w- c:\program files\Yahoo!
2011-03-25 20:40 . 2011-04-01 22:16 -------- d-----w- c:\users\Rain
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 23:03 . 2007-09-03 21:05 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-18 17:53 . 2011-03-25 23:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648]
"Acer Tour"="c:\acer\AcerTour\AcerTour.exe" [2007-05-25 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Rain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-3 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-22 15232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-22 64512]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20110322.001\IDSvix86.sys [2011-03-12 287792]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-22 1405384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-15 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Rain.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 04:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Free YouTube to MP3 Converter - c:\users\Rain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Rain\AppData\Roaming\Mozilla\Firefox\Profiles\mqgmut40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 18:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\eNetHook.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\eNetHook.dll
.
- - - - - - - > 'Explorer.exe'(2088)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2011-04-01 18:50:54
ComboFix-quarantined-files.txt 2011-04-01 22:50
.
Pre-Run: 16,063,811,584 bytes free
Post-Run: 15,982,596,096 bytes free
.
- - End Of File - - 86AD5DC8E8399983CFFB787D86B38AD4

I'll post the Malwarebytes log as soon as it's finished scanning. ^-^

And, the Malwarebytes log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6242

Windows 6.0.6000
Internet Explorer 7.0.6000.16473

4/1/2011 7:49:40 PM
mbam-log-2011-04-01 (19-49-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 52707
Time elapsed: 29 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ok looking good. One more download then we can call it quits:

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it. A window will open
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan. When done it will say "scan finished successfully"
When it finishes, press the save log button, save the log to your desktop and post its contents in your next reply. Click the Exit button to close the window.

Here we go:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-01 23:30:15
-----------------------------
23:30:15.779 OS Version: Windows 6.0.6000
23:30:15.779 Number of processors: 1 586 0x1601
23:30:15.781 ComputerName: RAIN-PC UserName: Rain
23:30:37.990 Initialize success
23:30:50.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
23:30:50.863 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
23:30:52.905 Disk 0 MBR read successfully
23:30:52.908 Disk 0 MBR scan
23:30:54.913 Disk 0 scanning sectors +156299264
23:30:54.978 Disk 0 scanning C:\Windows\system32\drivers
23:30:57.414 Service scanning
23:31:01.602 Disk 0 trace - called modules:
23:31:01.628 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS SYMTDI.SYS HSX_CNXT.sys dxgkrnl.sys igdkmd32.sys
23:31:01.632 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83c4cad8]
23:31:01.636 3 ntoskrnl.exe[81ca811d] -> nt!IofCallDriver -> [0x83c0f8e8]
23:31:01.641 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83c05bb0]
23:31:01.648 Scan finished successfully

ok. We are done. couple things to do; you can delete the tdsskiller and aswMBR icons.
You can remove combofis like this;
start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /

getting a run box in Vista may be slightly different.
You can make a new restore point, the why and the how.

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.



To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Windows Vista and 7:

1. Click Start.

2. Right-click the Computer icon, and then click Properties.

3. Click on System Protection under the Tasks column on the left side

4. Click on Continue on the "User Account Control" window that pops up

5. Under the System Protection tab, find Available Disks

6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C")

7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.

8. Click OK

9. Restart computer.

10. Turn System Restore back on. Restart computer once more.

and last some tips to help you remain malware free:



10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)



2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.



3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.



4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).



5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.



6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?



7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.



8) Install and understand the *limitations* of a software firewall.



9) A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.



10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything and be nothing but malware or have malware bundled in it. Can you really trust the source of the file?


More info/tips with pictures, links below
Happy Safe Surfing.

Thank you so so much for all the help! I really appreciate it. ^-^

ok your welcome. happy safe surfing out there.