For a couple days now we have noticed the browser hijacker and some general slowness on our netbook. Spybot has found click.giftload and claims to remove it, but as with many others, it doesn't go away. I have run ERUNT copied both the dds and spybot results here as requested. I also use Norton Antivirus. Spybot's TeaTimer is not active at the moment. If you need more information, please let me know. Any advice on how to remove this malware is much appreciated!
DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jackie at 8:36:42.70 on Sun 03/27/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.218 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Program Files\asus\SystemSetting\WallPaperAgent.exe
C:\windows\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Jackie\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
uWinlogon: Shell=c:\program files\asus\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [asp70vdviss.exe] c:\users\jackie\appdata\roaming\c4a124040baaee456847dd5207e2838a\asp70vdviss.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jackie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jackie\appdata\roaming\mozilla\firefox\profiles\k4zwr124.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Powered Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jackie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\jackie\appdata\roaming\mozilla\firefox\profiles\k4zwr124.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys [2011-3-25 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys [2011-3-25 652336]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-11-10 11448]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-2-25 800376]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110325.001\IDSvix86.sys [2011-3-25 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys [2011-3-25 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1205000.07d\symnets.sys [2011-3-25 295032]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-11-10 219136]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccSvcHst.exe [2011-3-25 130000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-22 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-26 102448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
.
=============== Created Last 30 ================
.
2011-03-27 12:10:08 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-26 01:05:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-26 01:05:47 -------- d-----w- c:\program files\Symantec
2011-03-26 01:05:47 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-26 01:05:36 652336 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys
2011-03-26 01:05:36 509560 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
2011-03-26 01:05:36 50168 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
2011-03-26 01:05:36 340016 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys
2011-03-26 01:05:36 295032 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
2011-03-26 01:05:36 136312 ----a-r- c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys
2011-03-26 01:05:23 -------- d-----w- c:\windows\system32\drivers\nav\1205000.07D
2011-03-26 01:05:23 -------- d-----w- c:\windows\system32\drivers\NAV
2011-03-26 01:05:22 -------- d-----w- c:\program files\Norton AntiVirus
2011-03-26 01:01:38 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 01:01:38 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-26 00:45:54 -------- d-----w- c:\progra~2\Norton
2011-03-26 00:41:35 0 ----a-w- c:\users\jackie\appdata\local\Ckihisequpa.bin
2011-03-26 00:41:33 -------- d-----w- c:\users\jackie\appdata\local\{4D558429-D3B0-4F0A-886F-87958B9D959C}
2011-03-23 01:55:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-23 01:55:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-23 01:24:59 -------- d-----w- c:\users\jackie\appdata\roaming\C4A124040BAAEE456847DD5207E2838A
2011-03-10 02:40:43 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 02:40:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 02:40:42 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 02:40:41 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 02:40:40 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 02:40:40 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 02:40:40 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 02:40:37 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 02:40:36 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST925031 rev.0002 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85279439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8527f7d0]; MOV EAX, [0x8527f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81C40448] -> \Device\Harddisk0\DR0[0x852543F0]
3 CLASSPNP[0x86B9C59E] -> ntkrnlpa!IofCallDriver[0x81C40448] -> [0x8482FB68]
5 ACPI[0x864883B2] -> ntkrnlpa!IofCallDriver[0x81C40448] -> \IAAStorageDevice-0[0x8445D028]
\Driver\iaStor[0x85256030] -> IRP_MJ_CREATE -> 0x85279439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST9250315AS_____________________________0002SDM1#4&228f1d6d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 8:40:32.19 ===============
Spybot S&D results:
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-22 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-22 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-21 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll