Problem with Click.Giftload

**esloman** · 2011-04-03, 21:29

First, thanks for any and all help given. I am having problems with browser redirection in both Firefox and Internet Explorer.

I have run the following prgorams at least twice each on my system in an attempt to remove Click.Giftload:
o MalwareBytes Paid Version - Quick Scan, Full Scan, and Flash Scan
o Spybot Search and Destroy
o CWShredder
o HijackThis
o Free Window Registry Repair (downloaded from download.com)

I have also installed AdAware on my system, though I have yet to use it as the update hangs. Spybot is the only program that seems to pick up this issue. My Spybot, DDS, and Attach logs follow:

SPYBOT
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-22 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-21 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 14:58:48.06 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2051 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ActiveArmor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SteelSeries World of Warcraft MMO Gaming Mouse] c:\program files\steelseries\world of warcraft mmo gaming mouse\WoWMHID.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Hosts: 192.168.2.105 HP000D9D065D6F
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\b71jbopy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c110d6a&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1049
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-3 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-17 363344]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-17 20952]
R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [2009-12-27 11136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1405384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-9 517448]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-28 33792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
.
=============== Created Last 30 ================
.
2011-04-03 18:11:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-03 18:06:18 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-03 18:06:02 -------- d-----w- c:\program files\Lavasoft
2011-04-03 01:53:02 -------- d-----w- c:\docume~1\user\locals~1\applic~1\The Lord of the Rings Online
2011-04-03 01:39:35 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-03 01:39:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-03 01:39:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-03 01:38:20 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Turbine
2011-04-03 01:34:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-03 01:05:40 -------- d-----w- c:\program files\Turbine
2011-04-01 22:10:37 -------- d-----w- c:\program files\Pando Networks
2011-03-30 22:20:46 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-03-30 22:20:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-30 22:20:41 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-03-30 22:20:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-30 22:20:40 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-30 22:20:40 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-30 22:20:40 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-30 17:24:13 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-30 17:24:12 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-30 17:24:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-30 01:40:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-30 01:40:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826AS rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3200826AS_____________________________3.06____#5&2d9b5df&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AD7A27F
user & kernel MBR OK
.
============= FINISH: 15:05:01.71 ===============

ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2007 12:51:33 AM
System Uptime: 4/3/2011 2:12:36 PM (1 hours ago)
.
Motherboard: | | ALiveNF6G-VSTA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | CPUSocket | 2009/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 14.034 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
L: is FIXED (NTFS) - 1397 GiB total, 1168.698 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1026: 1/3/2011 3:00:27 AM - Software Distribution Service 3.0
RP1027: 1/4/2011 3:00:16 AM - Software Distribution Service 3.0
RP1028: 1/5/2011 3:00:18 AM - Software Distribution Service 3.0
RP1029: 1/6/2011 3:00:16 AM - Software Distribution Service 3.0
RP1030: 1/7/2011 3:00:26 AM - Software Distribution Service 3.0
RP1031: 1/8/2011 3:00:21 AM - Software Distribution Service 3.0
RP1032: 1/9/2011 3:00:28 AM - Software Distribution Service 3.0
RP1033: 1/10/2011 3:01:01 AM - Software Distribution Service 3.0
RP1034: 1/11/2011 3:00:27 AM - Software Distribution Service 3.0
RP1035: 1/12/2011 3:00:18 AM - Software Distribution Service 3.0
RP1036: 1/14/2011 3:00:30 AM - Software Distribution Service 3.0
RP1037: 1/15/2011 3:00:26 AM - Software Distribution Service 3.0
RP1038: 1/16/2011 3:00:19 AM - Software Distribution Service 3.0
RP1039: 1/17/2011 3:00:31 AM - Software Distribution Service 3.0
RP1040: 1/18/2011 3:00:16 AM - Software Distribution Service 3.0
RP1041: 1/19/2011 3:00:28 AM - Software Distribution Service 3.0
RP1042: 1/20/2011 3:00:27 AM - Software Distribution Service 3.0
RP1043: 1/21/2011 3:00:17 AM - Software Distribution Service 3.0
RP1044: 1/22/2011 3:00:28 AM - Software Distribution Service 3.0
RP1045: 1/23/2011 3:00:28 AM - Software Distribution Service 3.0
RP1046: 1/24/2011 3:00:27 AM - Software Distribution Service 3.0
RP1047: 1/25/2011 3:00:27 AM - Software Distribution Service 3.0
RP1048: 1/26/2011 3:00:17 AM - Software Distribution Service 3.0
RP1049: 1/26/2011 11:11:34 AM - Installed ScanSoft PaperPort 11
RP1050: 1/26/2011 11:13:02 AM - Installed PaperPort Image Printer
RP1051: 1/26/2011 11:13:17 AM - Printer Driver Nuance Image Printer Driver Installed
RP1052: 1/26/2011 11:24:58 AM - Installed MFL-Pro Suite
RP1053: 1/26/2011 11:26:12 AM - Unsigned printer driver Brother PC-FAX v.2.1 installed.
RP1054: 1/27/2011 3:00:18 AM - Software Distribution Service 3.0
RP1055: 1/28/2011 3:00:26 AM - Software Distribution Service 3.0
RP1056: 1/29/2011 3:00:15 AM - Software Distribution Service 3.0
RP1057: 1/30/2011 3:00:14 AM - Software Distribution Service 3.0
RP1058: 1/30/2011 10:14:16 PM - Installed Magic Online
RP1059: 1/31/2011 3:00:17 AM - Software Distribution Service 3.0
RP1060: 2/1/2011 3:00:16 AM - Software Distribution Service 3.0
RP1061: 2/2/2011 3:00:15 AM - Software Distribution Service 3.0
RP1062: 2/3/2011 3:00:16 AM - Software Distribution Service 3.0
RP1063: 2/4/2011 3:00:15 AM - Software Distribution Service 3.0
RP1064: 2/5/2011 3:00:15 AM - Software Distribution Service 3.0
RP1065: 2/6/2011 3:00:28 AM - Software Distribution Service 3.0
RP1066: 2/7/2011 3:00:26 AM - Software Distribution Service 3.0
RP1067: 2/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP1068: 2/9/2011 3:00:15 AM - Software Distribution Service 3.0
RP1069: 2/10/2011 3:00:28 AM - Software Distribution Service 3.0
RP1070: 2/11/2011 3:00:27 AM - Software Distribution Service 3.0
RP1071: 2/12/2011 3:00:16 AM - Software Distribution Service 3.0
RP1072: 2/13/2011 3:00:15 AM - Software Distribution Service 3.0
RP1073: 2/14/2011 3:00:29 AM - Software Distribution Service 3.0
RP1074: 2/15/2011 3:00:27 AM - Software Distribution Service 3.0
RP1075: 2/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP1076: 2/17/2011 3:00:15 AM - Software Distribution Service 3.0
RP1077: 2/18/2011 3:00:15 AM - Software Distribution Service 3.0
RP1078: 2/19/2011 3:00:15 AM - Software Distribution Service 3.0
RP1079: 2/20/2011 3:00:15 AM - Software Distribution Service 3.0
RP1080: 2/21/2011 3:00:15 AM - Software Distribution Service 3.0
RP1081: 2/22/2011 3:00:15 AM - Software Distribution Service 3.0
RP1082: 2/23/2011 3:00:28 AM - Software Distribution Service 3.0
RP1083: 2/24/2011 3:00:15 AM - Software Distribution Service 3.0
RP1084: 2/25/2011 3:00:15 AM - Software Distribution Service 3.0
RP1085: 2/26/2011 3:00:16 AM - Software Distribution Service 3.0
RP1086: 2/27/2011 3:00:15 AM - Software Distribution Service 3.0
RP1087: 2/28/2011 3:00:18 AM - Software Distribution Service 3.0
RP1088: 2/28/2011 8:07:57 AM - Software Distribution Service 3.0
RP1089: 3/1/2011 3:00:15 AM - Software Distribution Service 3.0
RP1090: 3/2/2011 3:00:15 AM - Software Distribution Service 3.0
RP1091: 3/3/2011 3:00:27 AM - Software Distribution Service 3.0
RP1092: 3/4/2011 3:00:26 AM - Software Distribution Service 3.0
RP1093: 3/5/2011 3:00:27 AM - Software Distribution Service 3.0
RP1094: 3/6/2011 3:00:26 AM - Software Distribution Service 3.0
RP1095: 3/7/2011 3:00:25 AM - Software Distribution Service 3.0
RP1096: 3/8/2011 3:16:42 AM - System Checkpoint
RP1097: 3/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP1098: 3/19/2011 4:53:24 AM - System Checkpoint
RP1099: 3/20/2011 3:00:15 AM - Software Distribution Service 3.0
RP1100: 3/21/2011 3:00:16 AM - Software Distribution Service 3.0
RP1101: 3/22/2011 3:00:24 AM - Software Distribution Service 3.0
RP1102: 3/23/2011 3:00:16 AM - Software Distribution Service 3.0
RP1103: 3/24/2011 3:00:15 AM - Software Distribution Service 3.0
RP1104: 3/25/2011 3:00:15 AM - Software Distribution Service 3.0
RP1105: 3/26/2011 3:00:16 AM - Software Distribution Service 3.0
RP1106: 3/27/2011 3:00:17 AM - Software Distribution Service 3.0
RP1107: 3/27/2011 3:11:08 AM - Software Distribution Service 3.0
RP1108: 3/28/2011 3:00:15 AM - Software Distribution Service 3.0
RP1109: 3/29/2011 9:21:24 PM - Software Distribution Service 3.0
RP1110: 3/30/2011 9:55:43 PM - Configured Call of Duty(R) 2
RP1111: 3/30/2011 9:56:10 PM - Configured Call of Duty(TM) Game of the Year Edition
RP1112: 4/1/2011 8:37:36 PM - System Checkpoint
RP1113: 4/2/2011 8:57:53 PM - System Checkpoint
RP1114: 4/2/2011 9:34:43 PM - Installed DirectX
RP1115: 4/2/2011 9:35:07 PM - Installed DirectX
RP1116: 4/2/2011 9:39:29 PM - Installed DirectX
.
==== Installed Programs ======================
.
3DVIA player 5.0
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adventure Tools
AiO_Scan
AMP Font Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Brother MFL-Pro Suite MFC-9320CW
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Duty(TM) Game of the Year Edition
Character Builder
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Cosmic Osmo
DarkCrusade
Doom 3
Download Manager 2.3.9
ERUNT 1.1j
Fallout 3 - Game of the Year Edition
Free Ram Optimizer XP 1.0
Free Window Registry Repair
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
IrfanView (remove only)
iTunes
Java(TM) 6 Update 16
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
Logitech GamePanel Software 3.03.133
Magic Online
Magic: The Gathering - Duels of the Planeswalkers
Malwarebytes' Anti-Malware
Manhole
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Dynamics RMS Store Operations
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NETGEAR WPN311 Wireless Adapter
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
Pando Media Booster
PaperPort Image Printer
PuTTY version 0.60
QFolder
QuickTime
Real Myst
Realtek High Definition Audio Driver
Riven
Scan
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Civilization 4
Smartlaunch 4.1 Client
Spelunx
Spybot - Search & Destroy
Starcraft
Steam
The Lord of the Rings Online™ v03.03.00.8048
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Uru CC
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warhammer 40,000: Dawn Of War - Platinum Edition
WebFldrs XP
WinAce Archiver
Winamp
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/06/2008 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
Wizards Event Reporter
World of Warcraft
World of Warcraft MMO Gaming Mouse
.
==== Event Viewer Messages From Past Week ========
.
4/3/2011 1:17:04 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D7AE2AF1-67F6-4E9B-801E-8C1F6BAB4862} because another computer on the network has the same name. The server could not start.
3/30/2011 7:32:37 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Photosmart 2600 series share name HPPhotos.
3/30/2011 10:25:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/30/2011 10:24:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor
3/30/2011 10:23:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2011 10:09:37 PM, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2011 10:08:58 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
3/29/2011 11:58:33 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/29/2011 11:25:28 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/29/2011 1:59:03 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/28/2011 3:03:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).
3/28/2011 12:35:14 PM, error: System Error [1003] - Error code 10000050, parameter1 80566000, parameter2 00000000, parameter3 88dd360e, parameter4 00000000.
3/27/2011 1:58:14 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 bd139f87, parameter3 b1eebbdc, parameter4 b1eeb8d8.
3/27/2011 1:56:40 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

**Blottedisk** · 2011-04-04, 01:58

Hi esloman,

Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.

Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.

Unfortunately your machine appears to have been infected by the TDSS rootkit/backdoor infection. These kind of malware is very dangerous. Backdoor Trojans provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks,
paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or
credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps

Please read the following for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do

Although the TDSS infection can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that if this type of malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Where to draw the line? When to recommend a format and reinstall?

Note: Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help.

Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post. If you decide you want to try and clean your PC then please continue with the following instructions:

Step 1 | Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it

Step 2 | Please download GMER from one of the following locations and save it to your desktop:

Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Make sure all options are checked except:
- IAT/EAT
- Drives/Partition other than Systemdrive, which is typically C:\
- Show All (This is important, so do not miss it.)

Click the image to enlarge it

Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

**esloman** · 2011-04-04, 03:15

The requested logs:

aswMBR
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-03 20:46:53
-----------------------------
20:46:53.796 OS Version: Windows 5.1.2600 Service Pack 3
20:46:53.796 Number of processors: 2 586 0x4B02
20:46:53.796 ComputerName: COMP8 UserName: User
20:46:54.421 Initialize success
20:47:31.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort2
20:47:31.046 Disk 0 Vendor: ST3200826AS 3.06 Size: 190782MB BusType: 3
20:47:31.046 Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3200826AS_____________________________3.06____#5&2d9b5df&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:47:31.046 Device \Driver\atapi -> DriverStartIo 8ad7d27f
20:47:31.046 Disk 0 MBR read error
20:47:31.046 Disk 0 MBR scan
20:47:31.046 MBR BIOS signature not found 0
20:47:31.046 Disk 0 scanning sectors +390700800
20:47:31.046 Disk 0 scanning C:\WINDOWS\system32\drivers
20:47:35.625 Service scanning
20:47:36.500 Disk 0 trace - called modules:
20:47:36.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ad7d439]<<
20:47:36.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae24ab8]
20:47:36.500 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8ae27f18]
20:47:36.500 5 ACPI.sys[b7e7d620] -> nt!IofCallDriver -> [0x8ae0ad98]
20:47:36.500 \Driver\atapi[0x8ae05a08] -> IRP_MJ_CREATE -> 0x8ad7d439
20:47:36.500 Scan finished successfully

GMER
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 21:10:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3200826AS rev.3.06
Running: gvj8tzkc.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxtdqpoc.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB676A6C0]
SSDT sptd.sys ZwQueryKey [0xB7EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB676A770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB676A810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB676A8B0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B78968AC 5 Bytes JMP 8AC391C8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F75380, 0x3DF545, 0xE8000020]
? System32\Drivers\a92nqt1e.SYS The system cannot find the path specified. !
? C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
.text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 06BD000A
.text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 06BE000A
.text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 06BF000A
.text C:\WINDOWS\System32\svchost.exe[1372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E6000A
.text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0114000A
.text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0115000A
.text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FF000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AEBE1E8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom 8AB3D1E8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{77F047AB-B24E-4D16-99DD-B73F32689538} 897371E8
Device \Driver\usbohci \Device\USBPDO-0 8AC3B790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE4E1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE4E1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE4E1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE4E1E8
Device \Driver\usbehci \Device\USBPDO-1 8ACCD500
Device \Driver\NetBT \Device\NetBT_Tcpip_{79B3CCA2-15DB-40A9-8076-50F74530415E} 897371E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEC01E8
Device \Driver\Cdrom \Device\CdRom0 8ACE21E8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort0 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8AD7D27F
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort1 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort2 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort4 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8AD7D27F
Device \Driver\atapi \Device\Ide\IdePort5 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8ACE21E8
Device \Driver\Cdrom \Device\CdRom2 8ACE21E8
Device \Driver\Cdrom \Device\CdRom3 8ACE21E8
Device \Driver\Cdrom \Device\CdRom4 8ACE21E8
Device \Driver\Cdrom \Device\CdRom5 8ACE21E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 897371E8
Device \Driver\Cdrom \Device\CdRom6 8ACE21E8
Device \Driver\PCI_NTPNP0260 \Device\0000004b sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 897371E8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbohci \Device\USBFDO-0 8AC3B790
Device \Driver\usbehci \Device\USBFDO-1 8ACCD500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8974B588
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8974B588
Device \Driver\Ftdisk \Device\FtControl 8AEC01E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target0Lun0 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target4Lun0 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target1Lun0 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target5Lun0 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target3Lun0 8AC0F1E8
Device \Driver\a92nqt1e \Device\Scsi\a92nqt1e1Port6Path0Target2Lun0 8AC0F1E8
Device \FileSystem\Fastfat \Fat 8AB3D1E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs 89831790
Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3200826AS_____________________________3.06____#5&2d9b5df&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0xD7 0xB0 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0x1F 0x7C 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xAF 0x8E 0x2A 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xC0 0xEE 0x1C 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x4D 0x3A 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0xD7 0xB0 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0x1F 0x7C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xAF 0x8E 0x2A 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xC0 0xEE 0x1C 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x35 0x33 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4D 0x43 0xA6 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x31 0xB3 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0xD7 0xB0 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0x1F 0x7C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xAF 0x8E 0x2A 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xC0 0xEE 0x1C 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xB6 0x91 0x5F 0x47 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0xC7 0xA7 0x10 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x4D 0x3A 0x2D ...

---- EOF - GMER 1.0.15 ----

**Blottedisk** · 2011-04-04, 03:43

Hi esloman,

Please visit the following and have a look how you can disable your security software.

How to disable your security programs

After disabling your security programs, download Combofix from any of the links below and save it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on Combofix.exe & follow the prompts.
When finished, it will produce a report for you.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

**Blottedisk** · 2011-04-08, 17:13

Hi esloman,

Are you still there?

**Blottedisk** · 2011-04-11, 14:43

Due to the lack of feedback, this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please read the guidelines to request assistance and begin a New Topic.

Thread: Problem with Click.Giftload

Thread Tools

Display

Problem with Click.Giftload

Posting Permissions