PDA

View Full Version : Gift.Load



amr815
2011-04-14, 07:00
I have read and followed all instructions as per “BEFORE You POST.”

Here's my story...last night I was surfing the internet and randomly there was a warning pop-up from Avast, saying a possible threat was found and blocked. Ever since then I have been experiencing problems with my laptop. Within a couple minutes of this pop-up, my computer randomly shut off. I ran spybot and found one typical tracking cookie, as well as an infection called Gift.Load. It successfully deleted it. I ran spybot one more time and it appeared again, and was "successfully" deleted once more. Since then I have ran spybot 2 more times, both have come up clean. I ran a scan with Avast which came up clean. I also ran a full scan using Malwarebytes and found one infection which was successfully deleted. I ran it once more to be sure and it came up clean.

HOWEVER, I am still experiencing some weird problems. Some of the time, websites will redirect or completely fail to load. Websites I have been on before and been fine are now sometimes blocked saying it is a malicious URL (this has happened for several sites). Another strange thing is that when I am not even on the internet, I will get Avast pop-ups saying “MALICIOUS URL BLOCKED Infection: URL Mal, Process: C:\WINDOWS\System32\svchost.exe”





Here is my DDS log





.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 21:32:30.12 on Wed 04/13/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.310 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UsbBootWatcher.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\f2fqf2e6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-22 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-22 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-12 54760]
R2 UsbBootWatcher;Usb Boot Watcher Service;c:\windows\system32\UsbBootWatcher.exe [2010-6-16 119808]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-6-17 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
S0 cvggvbc;cvggvbc;c:\windows\system32\drivers\dkrjpua.sys --> c:\windows\system32\drivers\dkrjpua.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
.
=============== Created Last 30 ================
.
2011-04-13 16:46:11 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-13 16:45:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 16:45:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 16:45:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 16:45:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 17:06:02 49152 ----a-w- c:\program files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2011-04-08 17:06:02 135168 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-08 17:06:00 8704 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-08 17:06:00 774144 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-08 17:06:00 720896 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-08 17:06:00 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-08 17:06:00 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-08 17:06:00 1867776 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-08 17:06:00 135168 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-19 12:05:34 -------- d-----w- c:\docume~1\owner\applic~1\Dropbox
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEVT-60ZCT1 rev.13.01A13 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86524439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8652a7d0]; MOV EAX, [0x8652a84c]; PUSH EBX; PUSH ESI; MOV ESI,
[EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x865A5AB8]
3 CLASSPNP[0xF75D8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x864A7030]
\Driver\atapi[0x8655A440] -> IRP_MJ_CREATE -> 0x86524439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV
CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-60ZCT1___________________13.01A13#5&982e772&0&0.0.0#{53f56307-b6bf-11d0-94f2-
00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8652427F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:34:05.03 ===============

Blottedisk
2011-04-15, 23:40
Hi amr815,

Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.


Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. This kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.


If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps

Please read the following for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451 )
What Should I Do If I've Become A Victim Of Identity Theft? (http://www.usdoj.gov/criminal/fraud/websites/idtheft.html#whatifvictim )
Identity Theft Victims Guide - What to do (http://www.privacyrights.org/fs/fs17a.htm )


Although the TDSS infection can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that if this type of malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063 )
Where to draw the line? When to recommend a format and reinstall? (http://miekiemoes.blogspot.com/2008/06/malware-removal-where-to-draw-line.html )

Note: Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help.


Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post. If you decide you want to try and clean your PC then please continue with the following instructions:


Please download TDSSKiller from one of the following mirrors and save it in your desktop:

This is THE Mirror (http://support.kaspersky.com/downloads/utils/tdsskiller.zip )

Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png


If a suspicious file is detected, the default action will be Skip, click on Continue.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious-1.png


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and
paste the contents of that file here.

amr815
2011-04-16, 01:14
Thank you very much for the help.

Ideally I would like to wipe everything out to avoid future risk, but with finals at school I simply don't have the time to do that at least for the next couple of weeks. I think my plan will be to repair it for now just so I can access files to study on this laptop, and then wipe it out in a few weeks time. Another idea I had was just avoiding this computer altogether until I can wipe it out (in case it ends up crashing and deleting all of my files or something in the mean time). However I do have files on here that I need to have access to. How can I transfer them to another computer without running the risk of infecting that one as well? Some files are fine since I can simply copy & paste the text into an email and send to myself, however I'm concerned about power point files, photos, etc.




2011/04/15 15:45:58.0515 0692 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 15:45:58.0984 0692 ================================================================================
2011/04/15 15:45:58.0984 0692 SystemInfo:
2011/04/15 15:45:58.0984 0692
2011/04/15 15:45:58.0984 0692 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 15:45:58.0984 0692 Product type: Workstation
2011/04/15 15:45:58.0984 0692 ComputerName: AMANDASNETBOOK
2011/04/15 15:45:58.0984 0692 UserName: Owner
2011/04/15 15:45:58.0984 0692 Windows directory: C:\WINDOWS
2011/04/15 15:45:58.0984 0692 System windows directory: C:\WINDOWS
2011/04/15 15:45:58.0984 0692 Processor architecture: Intel x86
2011/04/15 15:45:58.0984 0692 Number of processors: 2
2011/04/15 15:45:58.0984 0692 Page size: 0x1000
2011/04/15 15:45:58.0984 0692 Boot type: Normal boot
2011/04/15 15:45:58.0984 0692 ================================================================================
2011/04/15 15:45:59.0703 0692 Initialize success
2011/04/15 15:46:04.0359 2980 ================================================================================
2011/04/15 15:46:04.0359 2980 Scan started
2011/04/15 15:46:04.0359 2980 Mode: Manual;
2011/04/15 15:46:04.0359 2980 ================================================================================
2011/04/15 15:46:06.0109 2980 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/15 15:46:06.0328 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 15:46:06.0375 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/15 15:46:06.0468 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 15:46:06.0531 2980 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/04/15 15:46:06.0609 2980 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 15:46:06.0953 2980 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/15 15:46:07.0000 2980 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/15 15:46:07.0062 2980 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/15 15:46:07.0093 2980 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/15 15:46:07.0140 2980 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/15 15:46:07.0218 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 15:46:07.0250 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 15:46:07.0328 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 15:46:07.0406 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 15:46:07.0593 2980 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/15 15:46:07.0687 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 15:46:07.0765 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 15:46:07.0812 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 15:46:07.0937 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 15:46:07.0984 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 15:46:08.0062 2980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/04/15 15:46:08.0203 2980 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/15 15:46:08.0281 2980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/15 15:46:08.0640 2980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 15:46:08.0734 2980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 15:46:08.0796 2980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 15:46:08.0859 2980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 15:46:08.0937 2980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 15:46:09.0046 2980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 15:46:09.0156 2980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 15:46:09.0203 2980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/15 15:46:09.0234 2980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 15:46:09.0265 2980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/15 15:46:09.0343 2980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/15 15:46:09.0437 2980 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/04/15 15:46:09.0484 2980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 15:46:09.0546 2980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 15:46:09.0578 2980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 15:46:09.0656 2980 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 15:46:09.0796 2980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 15:46:10.0000 2980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 15:46:10.0312 2980 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/15 15:46:10.0656 2980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/04/15 15:46:10.0843 2980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 15:46:10.0890 2980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/15 15:46:10.0953 2980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 15:46:11.0000 2980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 15:46:11.0062 2980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 15:46:11.0140 2980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 15:46:11.0187 2980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 15:46:11.0296 2980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 15:46:11.0375 2980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 15:46:11.0468 2980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 15:46:11.0515 2980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 15:46:11.0578 2980 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/04/15 15:46:11.0781 2980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 15:46:11.0843 2980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 15:46:11.0890 2980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 15:46:11.0921 2980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 15:46:12.0000 2980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 15:46:12.0078 2980 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 15:46:12.0156 2980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 15:46:12.0234 2980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 15:46:12.0296 2980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 15:46:12.0328 2980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 15:46:12.0421 2980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 15:46:12.0500 2980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 15:46:12.0531 2980 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 15:46:12.0578 2980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 15:46:12.0671 2980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 15:46:12.0734 2980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 15:46:12.0796 2980 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 15:46:12.0875 2980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 15:46:12.0906 2980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 15:46:12.0984 2980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 15:46:13.0031 2980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 15:46:13.0093 2980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 15:46:13.0218 2980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 15:46:13.0312 2980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 15:46:13.0437 2980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 15:46:13.0578 2980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 15:46:13.0609 2980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 15:46:13.0687 2980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/15 15:46:13.0718 2980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 15:46:13.0781 2980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 15:46:13.0828 2980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 15:46:13.0921 2980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 15:46:14.0015 2980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 15:46:14.0343 2980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 15:46:14.0406 2980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 15:46:14.0453 2980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 15:46:14.0703 2980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 15:46:14.0750 2980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 15:46:14.0796 2980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 15:46:14.0843 2980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 15:46:14.0890 2980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 15:46:14.0937 2980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 15:46:15.0031 2980 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 15:46:15.0140 2980 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/04/15 15:46:15.0171 2980 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/04/15 15:46:15.0218 2980 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/15 15:46:15.0375 2980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 15:46:15.0453 2980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/15 15:46:15.0578 2980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 15:46:15.0703 2980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 15:46:15.0796 2980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 15:46:15.0875 2980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 15:46:15.0953 2980 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 15:46:16.0093 2980 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/15 15:46:16.0218 2980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 15:46:16.0281 2980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 15:46:16.0328 2980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 15:46:16.0640 2980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 15:46:16.0750 2980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 15:46:16.0812 2980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 15:46:16.0875 2980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 15:46:16.0953 2980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 15:46:17.0093 2980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 15:46:17.0203 2980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 15:46:17.0312 2980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 15:46:17.0390 2980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 15:46:17.0437 2980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 15:46:17.0531 2980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 15:46:17.0578 2980 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 15:46:17.0625 2980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 15:46:17.0656 2980 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/15 15:46:17.0718 2980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 15:46:17.0781 2980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 15:46:17.0859 2980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 15:46:17.0968 2980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 15:46:18.0093 2980 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/15 15:46:18.0187 2980 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/04/15 15:46:18.0234 2980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 15:46:18.0375 2980 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/15 15:46:18.0375 2980 ================================================================================
2011/04/15 15:46:18.0375 2980 Scan finished
2011/04/15 15:46:18.0375 2980 ================================================================================
2011/04/15 15:46:18.0406 2568 Detected object count: 1
2011/04/15 15:46:42.0312 2568 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/15 15:46:42.0312 2568 \HardDisk0 - ok
2011/04/15 15:46:42.0312 2568 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/15 15:46:48.0609 2256 Deinitialize success

amr815
2011-04-16, 04:14
Just a quick update...I ran spybot one more time after the reboot, and it is still catching Click.GiftLoad (even though TDSS said it would be cured following the reboot).

What do I do now? Is there any hope for a repair to hold me over til I have time to do a total wipe out, or is there too much damage to repair?

Blottedisk
2011-04-16, 06:43
Hi amr815,


The infection is not completely removed yet. I will let you know you when you are ready to go.


Please visit the following and have a look how you can disable your security software.

How to disable your security programs (http://forums.whatthetech.com/index.php?showtopic=96260 )

After disabling your security programs, download Combofix from any of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe )
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe )

--------------------------------------------------------------------

Double click on Combofix.exe & follow the prompts.
When finished, it will produce a report for you.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix )

Blottedisk
2011-05-10, 15:22
Hi amr815,


Are you still with us?