Jump to content

Recommended Posts

Picked up this particular nasty on April 10, the only one I haven't

been able to remove myself.

I'm searching for a way to remove 'Click.Giftload' from my PC.

It is a hijacker picked up by Spybot but can't be removed.

Malwarebytes doesn't pick it up on my system at all.

I've rebooted in safe mode and ran Malwarebytes, Spybot, Avast.

Cleaned registry with two utilities and ran ATF-Cleaner.

I'm at wits end!

DDS log proceeds. Many thanks for any assistance.

==========================================================================================

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by AKT at 23:40:03.18 on Thu 04/14/2011

Internet Explorer: 7.0.6000.16575

Microsoft

Link to post
Share on other sites

:welcome:

You caught a Bootkit.

-----

Please post the content of Attach.txt on your desktop

-----

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Let's use another tool then.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

--------------

Then run ComboFix and post the log C:\ComboFix.txt

Link to post
Share on other sites

After running the TDSS Killer and restarting Combofix was able to run and generate log.

Again, greatly appreciate your continued assistance and hope I am doing this right !

TDSS Killer Report

=============================================================================================

2011/04/16 23:54:51.0773 4024 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/16 23:54:51.0818 4024 ================================================================================

2011/04/16 23:54:51.0818 4024 SystemInfo:

2011/04/16 23:54:51.0818 4024

2011/04/16 23:54:51.0818 4024 OS Version: 6.0.6000 ServicePack: 0.0

2011/04/16 23:54:51.0818 4024 Product type: Workstation

2011/04/16 23:54:51.0818 4024 ComputerName: AKT-PC

2011/04/16 23:54:51.0818 4024 UserName: AKT

2011/04/16 23:54:51.0818 4024 Windows directory: C:\Windows

2011/04/16 23:54:51.0818 4024 System windows directory: C:\Windows

2011/04/16 23:54:51.0818 4024 Processor architecture: Intel x86

2011/04/16 23:54:51.0818 4024 Number of processors: 2

2011/04/16 23:54:51.0818 4024 Page size: 0x1000

2011/04/16 23:54:51.0819 4024 Boot type: Normal boot

2011/04/16 23:54:51.0819 4024 ================================================================================

2011/04/16 23:54:57.0170 4024 Initialize success

2011/04/16 23:55:02.0483 0792 ================================================================================

2011/04/16 23:55:02.0483 0792 Scan started

2011/04/16 23:55:02.0484 0792 Mode: Manual;

2011/04/16 23:55:02.0484 0792 ================================================================================

2011/04/16 23:55:02.0912 0792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/04/16 23:55:02.0986 0792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/04/16 23:55:03.0036 0792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/04/16 23:55:03.0070 0792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/04/16 23:55:03.0115 0792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/04/16 23:55:03.0173 0792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/04/16 23:55:03.0231 0792 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/04/16 23:55:03.0276 0792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/16 23:55:03.0314 0792 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/04/16 23:55:03.0345 0792 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/04/16 23:55:03.0386 0792 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/04/16 23:55:03.0422 0792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/04/16 23:55:03.0450 0792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/04/16 23:55:03.0536 0792 ApfiltrService (36ab14bfe3dcf3c848acd1e3810f9cda) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/04/16 23:55:03.0576 0792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/04/16 23:55:03.0624 0792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/04/16 23:55:03.0701 0792 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys

2011/04/16 23:55:03.0758 0792 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys

2011/04/16 23:55:03.0779 0792 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys

2011/04/16 23:55:03.0921 0792 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys

2011/04/16 23:55:03.0976 0792 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys

2011/04/16 23:55:04.0015 0792 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys

2011/04/16 23:55:04.0056 0792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/16 23:55:04.0101 0792 atapi (bfd3df48c9ed81934fe21e8e3cfc2496) C:\Windows\system32\drivers\atapi.sys

2011/04/16 23:55:04.0234 0792 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2011/04/16 23:55:04.0298 0792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/04/16 23:55:04.0369 0792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/16 23:55:04.0438 0792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/16 23:55:04.0476 0792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/16 23:55:04.0531 0792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/16 23:55:04.0564 0792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/16 23:55:04.0591 0792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/16 23:55:04.0610 0792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/16 23:55:04.0748 0792 BthEnum (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/16 23:55:04.0788 0792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/16 23:55:04.0819 0792 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/16 23:55:04.0881 0792 BTHPORT (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys

2011/04/16 23:55:04.0911 0792 BTHUSB (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/16 23:55:04.0964 0792 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys

2011/04/16 23:55:05.0025 0792 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys

2011/04/16 23:55:05.0063 0792 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/04/16 23:55:05.0112 0792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/16 23:55:05.0154 0792 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/16 23:55:05.0200 0792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/04/16 23:55:05.0246 0792 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys

2011/04/16 23:55:05.0348 0792 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/16 23:55:05.0408 0792 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/04/16 23:55:05.0458 0792 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/16 23:55:05.0492 0792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/04/16 23:55:05.0525 0792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/04/16 23:55:05.0616 0792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/04/16 23:55:05.0738 0792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/04/16 23:55:05.0816 0792 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys

2011/04/16 23:55:05.0843 0792 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys

2011/04/16 23:55:05.0926 0792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/04/16 23:55:06.0023 0792 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/04/16 23:55:06.0092 0792 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys

2011/04/16 23:55:06.0146 0792 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/16 23:55:06.0255 0792 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/04/16 23:55:06.0314 0792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/16 23:55:06.0380 0792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/04/16 23:55:06.0445 0792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/04/16 23:55:06.0496 0792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/04/16 23:55:06.0560 0792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/16 23:55:06.0629 0792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/04/16 23:55:06.0664 0792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/04/16 23:55:06.0716 0792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/16 23:55:06.0755 0792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/04/16 23:55:06.0804 0792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/16 23:55:06.0842 0792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/16 23:55:06.0890 0792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/16 23:55:06.0933 0792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/04/16 23:55:06.0970 0792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/16 23:55:07.0014 0792 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/16 23:55:07.0066 0792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/04/16 23:55:07.0127 0792 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/04/16 23:55:07.0226 0792 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/04/16 23:55:07.0279 0792 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys

2011/04/16 23:55:07.0322 0792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/04/16 23:55:07.0364 0792 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/16 23:55:07.0419 0792 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys

2011/04/16 23:55:07.0489 0792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/04/16 23:55:07.0617 0792 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/16 23:55:07.0746 0792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/16 23:55:07.0925 0792 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\DRIVERS\intelide.sys

2011/04/16 23:55:07.0976 0792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/16 23:55:08.0040 0792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/16 23:55:08.0117 0792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/16 23:55:08.0152 0792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/16 23:55:08.0183 0792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/04/16 23:55:08.0239 0792 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/04/16 23:55:08.0321 0792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/16 23:55:08.0364 0792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/16 23:55:08.0419 0792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/16 23:55:08.0443 0792 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/16 23:55:08.0493 0792 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/04/16 23:55:08.0560 0792 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/16 23:55:08.0630 0792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/16 23:55:08.0732 0792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/16 23:55:08.0785 0792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/16 23:55:08.0847 0792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/16 23:55:08.0875 0792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/04/16 23:55:08.0938 0792 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/04/16 23:55:08.0978 0792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/04/16 23:55:09.0018 0792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/04/16 23:55:09.0069 0792 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/16 23:55:09.0100 0792 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/16 23:55:09.0121 0792 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/16 23:55:09.0146 0792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/04/16 23:55:09.0184 0792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/04/16 23:55:09.0227 0792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/16 23:55:09.0271 0792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/16 23:55:09.0303 0792 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys

2011/04/16 23:55:09.0367 0792 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/16 23:55:09.0403 0792 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/16 23:55:09.0440 0792 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/16 23:55:09.0463 0792 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2011/04/16 23:55:09.0492 0792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/04/16 23:55:09.0537 0792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/04/16 23:55:09.0569 0792 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

2011/04/16 23:55:09.0615 0792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/16 23:55:09.0689 0792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/16 23:55:09.0709 0792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/04/16 23:55:09.0739 0792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/04/16 23:55:09.0771 0792 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/16 23:55:09.0802 0792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/04/16 23:55:09.0836 0792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/04/16 23:55:09.0897 0792 NativeWifiP (52acc9fdebbd2e523eb3ae2ca6882e9b) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/16 23:55:09.0977 0792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/04/16 23:55:10.0032 0792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/16 23:55:10.0072 0792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/16 23:55:10.0108 0792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/16 23:55:10.0163 0792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/04/16 23:55:10.0205 0792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/16 23:55:10.0233 0792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/16 23:55:10.0362 0792 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys

2011/04/16 23:55:10.0632 0792 NETw5v32 (08d19e78a11d5cf9c4ac8ecdd77b7fc3) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/04/16 23:55:10.0893 0792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/16 23:55:10.0929 0792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/04/16 23:55:10.0969 0792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/16 23:55:11.0063 0792 Ntfs (2620822a21b76375f5fd6e0986407cd1) C:\Windows\system32\drivers\Ntfs.sys

2011/04/16 23:55:11.0140 0792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/16 23:55:11.0171 0792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/04/16 23:55:11.0219 0792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/04/16 23:55:11.0254 0792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/04/16 23:55:11.0306 0792 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/04/16 23:55:11.0409 0792 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

2011/04/16 23:55:11.0446 0792 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

2011/04/16 23:55:11.0491 0792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/04/16 23:55:11.0551 0792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/04/16 23:55:11.0589 0792 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys

2011/04/16 23:55:11.0624 0792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/04/16 23:55:11.0671 0792 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

2011/04/16 23:55:11.0745 0792 pciide (a88ff9e32aaa9af398ae89b9a082870b) C:\Windows\system32\drivers\pciide.sys

2011/04/16 23:55:11.0844 0792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/04/16 23:55:11.0941 0792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/16 23:55:12.0119 0792 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/16 23:55:12.0180 0792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/04/16 23:55:12.0281 0792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/16 23:55:12.0326 0792 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

2011/04/16 23:55:12.0429 0792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/04/16 23:55:12.0526 0792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/16 23:55:12.0588 0792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/16 23:55:12.0704 0792 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/04/16 23:55:12.0886 0792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/16 23:55:12.0949 0792 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/16 23:55:12.0987 0792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/16 23:55:13.0029 0792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/16 23:55:13.0082 0792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/16 23:55:13.0139 0792 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2011/04/16 23:55:13.0161 0792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/16 23:55:13.0212 0792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/04/16 23:55:13.0273 0792 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/16 23:55:13.0319 0792 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/04/16 23:55:13.0400 0792 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/04/16 23:55:13.0427 0792 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/04/16 23:55:13.0488 0792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/16 23:55:13.0543 0792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/16 23:55:13.0642 0792 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

2011/04/16 23:55:13.0693 0792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/16 23:55:13.0737 0792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/04/16 23:55:13.0772 0792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/04/16 23:55:13.0836 0792 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys

2011/04/16 23:55:13.0913 0792 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/04/16 23:55:13.0941 0792 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/16 23:55:13.0970 0792 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/16 23:55:14.0028 0792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/16 23:55:14.0077 0792 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/04/16 23:55:14.0120 0792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/04/16 23:55:14.0152 0792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/04/16 23:55:14.0205 0792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/04/16 23:55:14.0246 0792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/04/16 23:55:14.0326 0792 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

2011/04/16 23:55:14.0326 0792 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2011/04/16 23:55:14.0333 0792 sptd - detected Locked file (1)

2011/04/16 23:55:14.0383 0792 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys

2011/04/16 23:55:14.0435 0792 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/16 23:55:14.0471 0792 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/16 23:55:14.0579 0792 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

2011/04/16 23:55:14.0643 0792 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/16 23:55:14.0699 0792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/16 23:55:14.0743 0792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/16 23:55:14.0823 0792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/16 23:55:14.0924 0792 Tcpip (028061c7f6d2d03068c72e2a27e4228a) C:\Windows\system32\drivers\tcpip.sys

2011/04/16 23:55:14.0990 0792 Tcpip6 (028061c7f6d2d03068c72e2a27e4228a) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/16 23:55:15.0036 0792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/16 23:55:15.0072 0792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/04/16 23:55:15.0113 0792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/04/16 23:55:15.0151 0792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/16 23:55:15.0178 0792 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/16 23:55:15.0263 0792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/16 23:55:15.0317 0792 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/16 23:55:15.0349 0792 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/16 23:55:15.0408 0792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/04/16 23:55:15.0452 0792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/16 23:55:15.0510 0792 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/16 23:55:15.0551 0792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/04/16 23:55:15.0591 0792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/16 23:55:15.0640 0792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/16 23:55:15.0683 0792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/16 23:55:15.0719 0792 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/16 23:55:15.0761 0792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/16 23:55:15.0810 0792 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/16 23:55:15.0859 0792 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/16 23:55:15.0919 0792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/16 23:55:15.0972 0792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/16 23:55:16.0020 0792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/16 23:55:16.0056 0792 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/16 23:55:16.0154 0792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/16 23:55:16.0228 0792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/04/16 23:55:16.0292 0792 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/04/16 23:55:16.0342 0792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/04/16 23:55:16.0387 0792 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/04/16 23:55:16.0447 0792 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

2011/04/16 23:55:16.0487 0792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/04/16 23:55:16.0543 0792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/04/16 23:55:16.0593 0792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/04/16 23:55:16.0656 0792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/16 23:55:16.0719 0792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/16 23:55:16.0744 0792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/16 23:55:16.0869 0792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/04/16 23:55:16.0948 0792 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

2011/04/16 23:55:16.0993 0792 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/16 23:55:17.0147 0792 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/04/16 23:55:17.0315 0792 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/16 23:55:17.0491 0792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/16 23:55:17.0579 0792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/16 23:55:17.0678 0792 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/16 23:55:17.0742 0792 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/04/16 23:55:17.0833 0792 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/04/16 23:55:17.0838 0792 ================================================================================

2011/04/16 23:55:17.0838 0792 Scan finished

2011/04/16 23:55:17.0838 0792 ================================================================================

2011/04/16 23:55:17.0853 1112 Detected object count: 2

2011/04/16 23:55:50.0937 1112 Locked file(sptd) - User select action: Skip

2011/04/16 23:55:51.0033 1112 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/04/16 23:55:51.0033 1112 \HardDisk0 - ok

2011/04/16 23:55:51.0035 1112 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/04/17 00:01:05.0498 2160 Deinitialize success

Combofix Report

=================================================================================================

ComboFix 11-04-16.01 - AKT 04/17/2011 0:34.1.2 - x86

Microsoft

Link to post
Share on other sites

hope I am doing this right !
yes you are.

You have these installed: CCleaner, Registry Mechanic 8.0

Something I should point out, regarding CCleaner, Registry Mechanic 8.0, Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the Experts here at Geekstogo, miekiemoes has an excellent writeup here

Another excellent article by Bill Castner is located here.

Step 1.

Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following :

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.