Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Need help with Click.GiftLoad

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default Need help with Click.GiftLoad

    Hello,
    I have recently discovered an issue on my computer with Click.GiftLoad. I noticed the effects of it after I restored my computer to the factory settings due to what I believe was a virus. After I realized what the problem was, I downloaded Spybot and attempted to use that to fix it. When it kept coming back, I restored my computer again. Obviously, that didn't work either... So, I've come here for help. I read the post about what to do prior to creating a thread and need to mention some of those thing as well. First, I attempted to turn Spybot's TeaTimer off, but I never got any prompts to OK. I rebooted the computer anyway and, when I checked the TeaTimer, it was turned back on. Also, I downloaded, installed, and ran ERUNT, but, after my computer rebooted, I got a message saying that the save failed and any restores would have to be done using the OS boot disk. I have no idea what's going on with my computer and would really appreciate any help that can be given.

    DDS:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Rain at 0:06:51.05 on Wed 03/30/2011
    Internet Explorer: 7.0.6000.16473
    Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.225 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Users\Rain\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\ALaunch\ALaunch.exe
    C:\Windows\ery.exe
    C:\Windows\ery.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\Temp\bye166C.tmp\Disk1\CheckD2DSystem.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Rain\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://en.us.acer.yahoo.com
    uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
    mRun: [Acer Tour] c:\acer\acertour\AcerTour.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SetPanel] c:\acer\apanel\APanel.cmd
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
    mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [eRecoveryService]
    StartupFolder: c:\users\rain\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    IE: Free YouTube to MP3 Converter - c:\users\rain\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: eNetHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\rain\appdata\roaming\mozilla\firefox\profiles\mqgmut40.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.type - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-25 64512]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20110322.001\IDSvix86.sys [2011-3-25 287792]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-9-3 50688]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-22 1405384]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-3 179712]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-9-3 102760]
    R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2011-3-25 1251720]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-22 15232]
    .
    =============== Created Last 30 ================
    .
    2011-03-29 22:13:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-27 00:58:28 -------- d-----w- c:\program files\CCleaner
    2011-03-26 07:06:26 -------- d-----w- c:\users\rain\appdata\local\Adobe
    2011-03-26 03:38:20 -------- d-----w- c:\users\rain\appdata\roaming\DVDVideoSoftIEHelpers
    2011-03-26 03:36:52 -------- d-----w- c:\program files\DVDVideoSoft
    2011-03-26 03:36:52 -------- d-----w- c:\program files\common files\DVDVideoSoft
    2011-03-26 02:44:04 -------- d-----w- c:\program files\FreeTime
    2011-03-26 02:17:35 -------- d-----w- C:\My Zip Files
    2011-03-26 02:17:23 -------- d-----w- c:\program files\CoffeeCup Software
    2011-03-26 02:12:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-26 00:25:14 3 ----a-w- c:\windows\AFirst.cmd
    2011-03-26 00:25:13 16437832 ----a-w- c:\windows\eRy.exe
    2011-03-26 00:25:07 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2011-03-26 00:25:07 100358 ----a-w- c:\windows\system32\Vxdif.dll
    2011-03-26 00:25:06 154624 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-03-26 00:24:56 336 ----a-w- c:\windows\ACERTOURREMINDERRUN.REG
    2011-03-26 00:24:53 55808 ----a-w- c:\windows\devcon.exe
    2011-03-26 00:24:53 23 ----a-w- c:\windows\system32\$Acer$.cmd
    2011-03-26 00:24:53 23 ----a-w- c:\progra~2\microsoft\crypto\rsa\machinekeys\$Acer$.cmd
    2011-03-26 00:24:53 1550 ----a-w- c:\windows\CLEANUP.CMD
    2011-03-25 23:30:44 -------- d-----w- c:\users\rain\appdata\local\Mozilla
    2011-03-25 21:47:37 -------- d--h--w- c:\windows\PIF
    2011-03-25 21:07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-25 21:07:14 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-03-25 20:57:40 -------- d-----w- c:\users\rain\appdata\roaming\Acer
    2011-03-25 20:52:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-25 20:51:29 -------- dc-h--w- c:\progra~2\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
    2011-03-25 20:50:51 -------- d-----w- c:\program files\Lavasoft
    2011-03-25 20:49:50 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
    2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
    2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
    2011-03-25 20:49:49 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
    2011-03-25 20:47:23 -------- d-----w- c:\program files\Apoint2K
    2011-03-25 20:46:05 -------- d-----w- c:\program files\Acer Assist
    2011-03-25 20:46:04 -------- d-----w- c:\program files\Acer Registration
    2011-03-25 20:43:50 -------- d-----w- c:\program files\Launch Manager
    2011-03-25 20:43:07 -------- d--h--w- c:\users\rain\appdata\local\acer eNM
    2011-03-25 20:42:12 -------- d-----w- c:\users\rain\appdata\local\Acer Arcade
    2011-03-25 20:41:42 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-03-25 20:41:21 -------- d-----w- c:\users\rain\appdata\local\VirtualStore
    2011-03-25 20:41:09 83554304 ----a-w- c:\windows\system32\acer.scr
    2011-03-25 20:41:03 40368034 ----a-w- c:\windows\system32\acer.exe
    2011-03-25 20:41:00 -------- d-----w- c:\program files\Acer Inc
    .
    ==================== Find3M ====================
    .
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6000 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC70P -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B64439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85b6a7d0]; MOV EAX, [0x85b6a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x81C67C65] -> \Device\Harddisk0\DR0[0x854C5180]
    3 nt[0x81CA811D] -> nt!IofCallDriver[0x81C67C65] -> [0x84FCE968]
    5 acpi[0x8047B32A] -> nt!IofCallDriver[0x81C67C65] -> [0x85008BB0]
    \Driver\atapi[0x85B49E38] -> IRP_MJ_CREATE -> 0x85B64439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC70P#5&33632e6b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 156301486 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 0:08:10.78 ===============


    Spybot Log:

    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi,

    Based on the log you shouldn't be using the computer until its clean. It shouldnt have any connectivity, if your not sure how to do this then I would power it off.

    You have a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

    The best source for information on how to do this would be the computer manufacturers website.

    To manually clean up the machine with current utilities proceed as follows:



    Please download TDSS Killer.exe and save it to your desktop
    Double click to launch the utility. Vista and Windows 7 right click as "run as admin.." After it initializes click the start scan button.
    Once the scan completes you can click the continue button.
    "The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
    "After clicking Next, the utility applies selected actions and outputs the result."
    "A reboot might require after disinfection."
    A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

    Please post the log report
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default

    Thank you so much for helping. ^-^

    Here are the TDSSKiller results:

    2011/03/31 22:42:31.0414 2024 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/31 22:42:33.0418 2024 ================================================================================
    2011/03/31 22:42:33.0418 2024 SystemInfo:
    2011/03/31 22:42:33.0418 2024
    2011/03/31 22:42:33.0418 2024 OS Version: 6.0.6000 ServicePack: 0.0
    2011/03/31 22:42:33.0418 2024 Product type: Workstation
    2011/03/31 22:42:33.0418 2024 ComputerName: RAIN-PC
    2011/03/31 22:42:33.0419 2024 UserName: Rain
    2011/03/31 22:42:33.0419 2024 Windows directory: C:\Windows
    2011/03/31 22:42:33.0419 2024 System windows directory: C:\Windows
    2011/03/31 22:42:33.0419 2024 Processor architecture: Intel x86
    2011/03/31 22:42:33.0419 2024 Number of processors: 1
    2011/03/31 22:42:33.0419 2024 Page size: 0x1000
    2011/03/31 22:42:33.0419 2024 Boot type: Normal boot
    2011/03/31 22:42:33.0419 2024 ================================================================================
    2011/03/31 22:42:48.0780 2024 Initialize success
    2011/03/31 22:42:57.0366 0660 ================================================================================
    2011/03/31 22:42:57.0366 0660 Scan started
    2011/03/31 22:42:57.0366 0660 Mode: Manual;
    2011/03/31 22:42:57.0366 0660 ================================================================================
    2011/03/31 22:43:39.0871 0660 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
    2011/03/31 22:43:55.0869 0660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/31 22:44:06.0341 0660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/03/31 22:44:17.0100 0660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/31 22:44:34.0463 0660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/03/31 22:44:52.0544 0660 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2011/03/31 22:45:09.0090 0660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/03/31 22:45:20.0669 0660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/03/31 22:45:33.0036 0660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/03/31 22:45:43.0405 0660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/03/31 22:45:55.0170 0660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/03/31 22:46:06.0583 0660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/03/31 22:46:15.0817 0660 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/03/31 22:46:24.0434 0660 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/03/31 22:46:31.0423 0660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/03/31 22:46:38.0701 0660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/03/31 22:46:46.0657 0660 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/31 22:46:53.0958 0660 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
    2011/03/31 22:47:00.0630 0660 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
    2011/03/31 22:47:07.0395 0660 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/03/31 22:47:14.0005 0660 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2011/03/31 22:47:25.0707 0660 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/31 22:47:31.0818 0660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/31 22:47:38.0296 0660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/31 22:47:47.0613 0660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/03/31 22:47:54.0126 0660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/31 22:47:59.0715 0660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/31 22:48:07.0571 0660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/03/31 22:48:15.0728 0660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/31 22:48:22.0941 0660 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/31 22:48:29.0865 0660 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/31 22:48:37.0711 0660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/03/31 22:48:44.0112 0660 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
    2011/03/31 22:48:51.0547 0660 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/31 22:48:59.0148 0660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/03/31 22:49:06.0193 0660 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/31 22:49:13.0474 0660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/31 22:49:20.0331 0660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/03/31 22:49:27.0670 0660 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/31 22:49:34.0579 0660 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2011/03/31 22:49:40.0551 0660 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2011/03/31 22:49:44.0352 0660 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    2011/03/31 22:49:51.0206 0660 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/31 22:49:57.0727 0660 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/31 22:50:05.0616 0660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/03/31 22:50:12.0617 0660 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2011/03/31 22:50:14.0646 0660 eeCtrl (fb069d8270853023f6e315745b5bbad4) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/03/31 22:50:24.0528 0660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/03/31 22:50:25.0468 0660 EraserUtilRebootDrv (c2b7492eaea689e812bbbd01ebc9418a) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/03/31 22:50:32.0147 0660 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2011/03/31 22:50:38.0414 0660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/31 22:50:46.0927 0660 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/31 22:50:53.0251 0660 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2011/03/31 22:50:59.0519 0660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/31 22:51:05.0957 0660 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/31 22:51:12.0234 0660 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/31 22:51:18.0471 0660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/31 22:51:25.0956 0660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/31 22:51:34.0062 0660 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/31 22:51:40.0745 0660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/03/31 22:51:49.0703 0660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/03/31 22:51:58.0881 0660 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    2011/03/31 22:52:04.0903 0660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/31 22:52:10.0032 0660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/03/31 22:52:17.0577 0660 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/03/31 22:52:24.0181 0660 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/03/31 22:52:31.0329 0660 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
    2011/03/31 22:52:38.0004 0660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/03/31 22:52:43.0600 0660 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/31 22:52:49.0949 0660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/03/31 22:52:51.0792 0660 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110322.001\IDSvix86.sys
    2011/03/31 22:53:00.0203 0660 igfx (f93a6b133a2fa961cd49ddbcc16449bb) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/03/31 22:53:08.0555 0660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/03/31 22:53:19.0947 0660 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
    2011/03/31 22:53:52.0630 0660 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/03/31 22:54:10.0783 0660 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/03/31 22:54:21.0317 0660 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/31 22:54:34.0874 0660 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/31 22:54:50.0610 0660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/31 22:54:59.0357 0660 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/31 22:55:11.0093 0660 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2011/03/31 22:55:19.0594 0660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/03/31 22:55:31.0078 0660 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/31 22:55:41.0130 0660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/31 22:55:48.0943 0660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/03/31 22:55:57.0155 0660 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/31 22:56:13.0790 0660 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2011/03/31 22:56:33.0927 0660 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/31 22:56:38.0649 0660 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2011/03/31 22:56:56.0108 0660 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/03/31 22:57:08.0772 0660 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/31 22:57:19.0763 0660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/31 22:57:24.0964 0660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/31 22:57:31.0511 0660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/31 22:57:40.0168 0660 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2011/03/31 22:57:52.0314 0660 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/03/31 22:57:58.0725 0660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/03/31 22:58:05.0849 0660 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2011/03/31 22:58:17.0341 0660 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/31 22:58:24.0964 0660 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/31 22:58:40.0221 0660 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    2011/03/31 22:58:55.0167 0660 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/31 22:59:17.0415 0660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/03/31 22:59:34.0816 0660 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/31 22:59:42.0762 0660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/31 22:59:53.0155 0660 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/31 23:00:01.0172 0660 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/31 23:00:09.0351 0660 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/31 23:00:16.0352 0660 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/31 23:00:24.0242 0660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/03/31 23:00:32.0399 0660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/03/31 23:00:39.0122 0660 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2011/03/31 23:00:46.0845 0660 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/31 23:00:56.0894 0660 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/31 23:01:05.0505 0660 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/31 23:01:12.0774 0660 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/31 23:01:20.0634 0660 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/31 23:01:30.0890 0660 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/31 23:01:39.0246 0660 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/31 23:01:47.0647 0660 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2011/03/31 23:02:06.0175 0660 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/31 23:02:07.0705 0660 NAVENG (ef04748a7a7266edbdbe02b161a0685d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
    2011/03/31 23:02:09.0643 0660 NAVEX15 (09f3bfdc47718459b42d696cb671f65f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
    2011/03/31 23:02:20.0807 0660 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2011/03/31 23:02:31.0216 0660 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/31 23:02:38.0239 0660 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/31 23:02:46.0420 0660 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/31 23:02:53.0068 0660 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/31 23:02:59.0955 0660 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/31 23:03:06.0887 0660 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/31 23:03:12.0878 0660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/31 23:03:18.0733 0660 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2011/03/31 23:03:25.0189 0660 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/31 23:03:32.0530 0660 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/31 23:03:36.0351 0660 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2011/03/31 23:03:40.0325 0660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/03/31 23:03:45.0014 0660 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2011/03/31 23:03:49.0695 0660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/03/31 23:03:56.0529 0660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/03/31 23:04:03.0477 0660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/31 23:04:20.0411 0660 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/03/31 23:04:26.0341 0660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/03/31 23:04:32.0956 0660 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    2011/03/31 23:04:42.0209 0660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/03/31 23:04:47.0993 0660 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    2011/03/31 23:04:53.0471 0660 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
    2011/03/31 23:05:01.0222 0660 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/03/31 23:05:10.0444 0660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/03/31 23:05:17.0883 0660 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/31 23:05:24.0335 0660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/03/31 23:05:30.0865 0660 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/31 23:05:38.0044 0660 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
    2011/03/31 23:05:47.0720 0660 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
    2011/03/31 23:05:55.0914 0660 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
    2011/03/31 23:06:05.0751 0660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/03/31 23:06:14.0026 0660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/31 23:06:21.0493 0660 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/31 23:06:31.0271 0660 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/31 23:06:37.0696 0660 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/31 23:06:44.0341 0660 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/31 23:06:51.0510 0660 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/31 23:07:00.0293 0660 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/31 23:07:08.0666 0660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/31 23:07:13.0043 0660 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/31 23:07:18.0780 0660 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/31 23:07:28.0145 0660 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/31 23:07:35.0413 0660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/31 23:07:42.0795 0660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/31 23:07:50.0795 0660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/03/31 23:07:57.0920 0660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/03/31 23:08:07.0136 0660 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
    2011/03/31 23:08:16.0855 0660 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/31 23:08:22.0667 0660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/31 23:08:29.0580 0660 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/31 23:08:41.0637 0660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/31 23:08:50.0929 0660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/03/31 23:08:57.0698 0660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/31 23:09:04.0274 0660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/31 23:09:11.0097 0660 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/31 23:09:12.0907 0660 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/03/31 23:09:20.0388 0660 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2011/03/31 23:09:26.0717 0660 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
    2011/03/31 23:09:31.0573 0660 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
    2011/03/31 23:09:37.0155 0660 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
    2011/03/31 23:09:43.0691 0660 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/31 23:09:49.0843 0660 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/31 23:09:59.0803 0660 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/31 23:10:04.0908 0660 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/31 23:10:09.0963 0660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/31 23:10:16.0352 0660 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
    2011/03/31 23:10:21.0945 0660 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/03/31 23:10:25.0720 0660 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
    2011/03/31 23:10:29.0766 0660 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
    2011/03/31 23:10:37.0868 0660 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
    2011/03/31 23:10:43.0908 0660 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/03/31 23:10:49.0187 0660 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/03/31 23:10:55.0161 0660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/31 23:10:59.0762 0660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/31 23:11:04.0537 0660 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
    2011/03/31 23:11:14.0969 0660 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/31 23:11:41.0207 0660 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/31 23:11:57.0439 0660 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/31 23:12:04.0196 0660 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/31 23:12:11.0598 0660 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/31 23:12:20.0778 0660 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/31 23:12:31.0276 0660 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/31 23:12:37.0879 0660 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/31 23:12:46.0117 0660 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/31 23:12:57.0072 0660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/03/31 23:13:04.0624 0660 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/31 23:13:13.0754 0660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/31 23:13:18.0399 0660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/03/31 23:13:22.0498 0660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/03/31 23:13:25.0291 0660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/31 23:13:28.0268 0660 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/31 23:13:34.0146 0660 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
    2011/03/31 23:13:38.0873 0660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/03/31 23:13:42.0832 0660 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/31 23:13:46.0004 0660 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/31 23:13:50.0102 0660 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/03/31 23:13:57.0506 0660 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/03/31 23:14:05.0221 0660 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/31 23:14:12.0552 0660 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/31 23:14:19.0065 0660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/31 23:14:23.0075 0660 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2011/03/31 23:14:27.0323 0660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/03/31 23:14:31.0435 0660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/03/31 23:14:35.0991 0660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/03/31 23:14:40.0106 0660 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    2011/03/31 23:14:43.0448 0660 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/31 23:14:48.0272 0660 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
    2011/03/31 23:14:51.0876 0660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/31 23:14:55.0480 0660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/03/31 23:14:59.0172 0660 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/31 23:14:59.0434 0660 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/31 23:15:03.0195 0660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/03/31 23:15:07.0341 0660 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/31 23:15:11.0864 0660 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/03/31 23:15:16.0686 0660 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/31 23:15:21.0642 0660 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/31 23:15:25.0998 0660 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/31 23:15:31.0745 0660 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/31 23:15:37.0820 0660 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/03/31 23:15:40.0702 0660 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/03/31 23:15:41.0434 0660 ================================================================================
    2011/03/31 23:15:41.0434 0660 Scan finished
    2011/03/31 23:15:41.0434 0660 ================================================================================
    2011/03/31 23:15:42.0814 5196 Detected object count: 1
    2011/03/31 23:16:01.0042 5196 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/03/31 23:16:01.0043 5196 \HardDisk0 - ok
    2011/03/31 23:16:01.0235 5196 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/03/31 23:16:09.0871 2036 Deinitialize success

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    ok so far so good. We will get two more downloads to use. The first is combofix and requires that you read a guide before using it. Read through the guide then apply the directions on your own machine. The second is Malwarebytes which you can keep and use.

    Guide to using Combofix


    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.

    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    Post the log in your reply.
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default

    Alright, here's the Combofix log:
    ComboFix 11-04-01.01 - Rain 04/01/2011 18:34:59.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.162 [GMT -4:00]
    Running from: c:\users\Rain\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-01 22:46 . 2011-04-01 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-01 04:37 . 2011-04-01 04:37 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2011-04-01 04:37 . 2011-04-01 04:37 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2011-04-01 04:37 . 2011-04-01 04:37 44768 ----a-w- c:\windows\system32\wups2.dll
    2011-04-01 04:37 . 2011-04-01 04:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2011-04-01 04:36 . 2011-04-01 04:36 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-04-01 04:36 . 2011-04-01 04:36 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2011-04-01 04:01 . 2011-04-01 04:01 -------- d-----w- c:\program files\Common Files\Java
    2011-03-30 23:31 . 2011-03-30 23:31 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-03-30 23:29 . 2011-02-03 01:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-30 23:28 . 2011-04-01 03:59 -------- d-----w- c:\program files\Java
    2011-03-30 04:05 . 2011-03-30 04:05 -------- d-----w- c:\program files\ERUNT
    2011-03-29 22:13 . 2011-03-29 22:13 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-27 00:58 . 2011-03-27 00:58 -------- d-----w- c:\program files\CCleaner
    2011-03-26 03:36 . 2011-03-26 03:38 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2011-03-26 03:36 . 2011-03-26 03:37 -------- d-----w- c:\program files\DVDVideoSoft
    2011-03-26 02:44 . 2011-03-26 02:44 -------- d-----w- c:\program files\FreeTime
    2011-03-26 02:17 . 2011-03-26 02:17 -------- d-----w- C:\My Zip Files
    2011-03-26 02:17 . 2011-03-26 02:17 -------- d-----w- c:\program files\CoffeeCup Software
    2011-03-26 02:12 . 2011-03-22 08:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-26 00:25 . 2011-03-26 00:25 3 ----a-w- c:\windows\AFirst.cmd
    2011-03-26 00:25 . 2007-05-09 11:34 16437832 ----a-w- c:\windows\eRy.exe
    2011-03-26 00:25 . 2007-05-23 10:18 100358 ----a-w- c:\windows\system32\Vxdif.dll
    2011-03-26 00:25 . 2006-11-02 00:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2011-03-26 00:25 . 2007-06-14 02:33 154624 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2011-03-26 00:24 . 2011-03-25 20:40 1550 ----a-w- c:\windows\CLEANUP.CMD
    2011-03-26 00:24 . 2007-01-11 09:50 23 ----a-w- c:\windows\system32\$Acer$.cmd
    2011-03-26 00:24 . 2007-01-11 09:50 23 ----a-w- c:\programdata\Microsoft\Crypto\RSA\MachineKeys\$Acer$.cmd
    2011-03-26 00:24 . 2002-11-14 14:32 55808 ----a-w- c:\windows\devcon.exe
    2011-03-25 21:47 . 2011-03-25 21:47 -------- d--h--w- c:\windows\PIF
    2011-03-25 21:07 . 2011-03-28 00:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-03-25 21:07 . 2011-03-25 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-25 20:52 . 2011-03-25 20:52 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-03-25 20:52 . 2011-03-22 08:05 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-25 20:51 . 2011-03-25 20:51 -------- dc-h--w- c:\programdata\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
    2011-03-25 20:50 . 2011-03-25 20:51 -------- d-----w- c:\programdata\Lavasoft
    2011-03-25 20:50 . 2011-03-25 20:50 -------- d-----w- c:\program files\Lavasoft
    2011-03-25 20:49 . 2006-11-12 15:54 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
    2011-03-25 20:49 . 2006-11-10 21:27 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
    2011-03-25 20:49 . 2005-12-09 13:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
    2011-03-25 20:49 . 2007-05-08 19:26 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
    2011-03-25 20:47 . 2011-03-25 20:47 -------- d-----w- c:\program files\Apoint2K
    2011-03-25 20:46 . 2011-03-25 20:46 -------- d-----w- c:\program files\Acer Assist
    2011-03-25 20:46 . 2011-03-25 20:46 -------- d-----w- c:\program files\Acer Registration
    2011-03-25 20:43 . 2011-03-25 20:44 -------- d-----w- c:\program files\Launch Manager
    2011-03-25 20:41 . 2011-03-25 20:41 -------- d-----w- c:\windows\system32\Macromed
    2011-03-25 20:41 . 2007-04-19 17:41 83554304 ----a-w- c:\windows\system32\acer.scr
    2011-03-25 20:41 . 2007-05-10 19:21 40368034 ----a-w- c:\windows\system32\acer.exe
    2011-03-25 20:41 . 2011-03-25 20:41 -------- d-----w- c:\program files\Acer Inc
    2011-03-25 20:40 . 2011-03-25 20:41 -------- d-----w- c:\windows\ACER
    2011-03-25 20:40 . 2011-03-25 20:40 -------- d-----w- c:\program files\Yahoo!
    2011-03-25 20:40 . 2011-04-01 22:16 -------- d-----w- c:\users\Rain
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-30 23:03 . 2007-09-03 21:05 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-03-18 17:53 . 2011-03-25 23:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648]
    "Acer Tour"="c:\acer\AcerTour\AcerTour.exe" [2007-05-25 712704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
    "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\users\Rain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-3 535336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-22 15232]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-22 64512]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20110322.001\IDSvix86.sys [2011-03-12 287792]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-22 1405384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-15 102448]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Rain.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 04:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://en.us.acer.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: Free YouTube to MP3 Converter - c:\users\Rain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    FF - ProfilePath - c:\users\Rain\AppData\Roaming\Mozilla\Firefox\Profiles\mqgmut40.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
    HKLM-Run-eRecoveryService - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-01 18:46
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\windows\system32\eNetHook.dll
    .
    - - - - - - - > 'lsass.exe'(552)
    c:\windows\system32\eNetHook.dll
    .
    - - - - - - - > 'Explorer.exe'(2088)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Completion time: 2011-04-01 18:50:54
    ComboFix-quarantined-files.txt 2011-04-01 22:50
    .
    Pre-Run: 16,063,811,584 bytes free
    Post-Run: 15,982,596,096 bytes free
    .
    - - End Of File - - 86AD5DC8E8399983CFFB787D86B38AD4

    I'll post the Malwarebytes log as soon as it's finished scanning. ^-^

  6. #6
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default

    And, the Malwarebytes log:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6242

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16473

    4/1/2011 7:49:40 PM
    mbam-log-2011-04-01 (19-49-40).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 52707
    Time elapsed: 29 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  7. #7
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    ok looking good. One more download then we can call it quits:

    Please download aswMBR to your desktop.

    Double click the aswMBR icon to run it. A window will open
    Vista and Windows 7 users right click the icon and choose "Run as administrator".
    Click the Scan button to start scan. When done it will say "scan finished successfully"
    When it finishes, press the save log button, save the log to your desktop and post its contents in your next reply. Click the Exit button to close the window.
    How Can I Reduce My Risk?

  8. #8
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default

    Here we go:

    aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
    Run date: 2011-04-01 23:30:15
    -----------------------------
    23:30:15.779 OS Version: Windows 6.0.6000
    23:30:15.779 Number of processors: 1 586 0x1601
    23:30:15.781 ComputerName: RAIN-PC UserName: Rain
    23:30:37.990 Initialize success
    23:30:50.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    23:30:50.863 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC70P Size: 76319MB BusType: 3
    23:30:52.905 Disk 0 MBR read successfully
    23:30:52.908 Disk 0 MBR scan
    23:30:54.913 Disk 0 scanning sectors +156299264
    23:30:54.978 Disk 0 scanning C:\Windows\system32\drivers
    23:30:57.414 Service scanning
    23:31:01.602 Disk 0 trace - called modules:
    23:31:01.628 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS SYMTDI.SYS HSX_CNXT.sys dxgkrnl.sys igdkmd32.sys
    23:31:01.632 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83c4cad8]
    23:31:01.636 3 ntoskrnl.exe[81ca811d] -> nt!IofCallDriver -> [0x83c0f8e8]
    23:31:01.641 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83c05bb0]
    23:31:01.648 Scan finished successfully

  9. #9
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    ok. We are done. couple things to do; you can delete the tdsskiller and aswMBR icons.
    You can remove combofis like this;
    start>run and type in combofix /uninstall
    click ok or enter
    note the space after the x and before the /

    getting a run box in Vista may be slightly different.
    You can make a new restore point, the why and the how.

    One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.



    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    Windows Vista and 7:

    1. Click Start.

    2. Right-click the Computer icon, and then click Properties.

    3. Click on System Protection under the Tasks column on the left side

    4. Click on Continue on the "User Account Control" window that pops up

    5. Under the System Protection tab, find Available Disks

    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C")

    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.

    8. Click OK

    9. Restart computer.

    10. Turn System Restore back on. Restart computer once more.

    and last some tips to help you remain malware free:



    10 Tips for Prevention and Avoidance of Malware:

    There is no reason why your computer can not stay malware free.

    No software can think for you. Help yourself. In no special order:

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.



    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.



    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.



    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.



    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.



    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?



    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.



    8) Install and understand the *limitations* of a software firewall.



    9) A slide show how to for securing Internet Explorer 8.0 for safer surfing. How to harden FireFox. for safer surfing.



    10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything and be nothing but malware or have malware bundled in it. Can you really trust the source of the file?


    More info/tips with pictures, links below
    Happy Safe Surfing.
    How Can I Reduce My Risk?

  10. #10
    Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default

    Thank you so so much for all the help! I really appreciate it. ^-^

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •