Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with browsing web...GiftLoad???


  • Please log in to reply
4 replies to this topic

#1 JDK1556

JDK1556

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 15 March 2011 - 08:39 AM

Hi All,

I've recently been having problems when surfing the net. Sometimes i'll do a google search, click on a link and then i seem to get re-directed to another page that i didn't want, usually some other search engine i've never heard of..gameo or something like that.
I have tried scanning with AVG and MalwareBytes but both come back clear. Then a couple of days ago i downloaded and installed Spybot search and destroy. This found something called Click.GiftLoad. I asked it to fix the problem and it said it had removed it but each time i run the scan it finds it again. Could this thing be causing the problems with my web surfing experience? And if so, how do I get rid of it? I've tried restoring my laptop to the factory settings but to no avail :-(

Thanks in anticipation.
JDK.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:43 PM

Posted 15 March 2011 - 03:49 PM

hello, you did update those 2 apps before running?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Now an online scan..
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JDK1556

JDK1556
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 March 2011 - 11:52 AM

Hi Boopme,

Yes I did update both before running.

I'll try following your instructions from your post and let you know how I get on.

Cheers.
JDK.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:43 PM

Posted 16 March 2011 - 12:30 PM

Just wanted to be sure. A lot of folks just run them..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JDK1556

JDK1556
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 March 2011 - 02:52 PM

Hello boopme,

Right, i've run the TDSSKiller and the online scanner.

TDSSKiller log as follows

2011/03/16 16:55:23.0968 2696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/16 16:55:25.0968 2696 ================================================================================
2011/03/16 16:55:25.0968 2696 SystemInfo:
2011/03/16 16:55:25.0968 2696
2011/03/16 16:55:25.0968 2696 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/16 16:55:25.0968 2696 Product type: Workstation
2011/03/16 16:55:25.0968 2696 ComputerName: PADCH
2011/03/16 16:55:25.0968 2696 UserName: Jayne
2011/03/16 16:55:25.0968 2696 Windows directory: C:\WINDOWS
2011/03/16 16:55:25.0968 2696 System windows directory: C:\WINDOWS
2011/03/16 16:55:25.0968 2696 Processor architecture: Intel x86
2011/03/16 16:55:25.0968 2696 Number of processors: 1
2011/03/16 16:55:25.0968 2696 Page size: 0x1000
2011/03/16 16:55:25.0968 2696 Boot type: Normal boot
2011/03/16 16:55:25.0968 2696 ================================================================================
2011/03/16 16:55:27.0671 2696 Initialize success
2011/03/16 16:55:41.0734 3976 ================================================================================
2011/03/16 16:55:41.0734 3976 Scan started
2011/03/16 16:55:41.0734 3976 Mode: Manual;
2011/03/16 16:55:41.0734 3976 ================================================================================
2011/03/16 16:55:43.0468 3976 3xHybrid (53c2589bd342534a50e869f20c6ac2b9) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
2011/03/16 16:55:43.0718 3976 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/16 16:55:43.0765 3976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/16 16:55:43.0906 3976 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/03/16 16:55:44.0062 3976 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/03/16 16:55:44.0312 3976 AgereSoftModem (ba1ef9282ab269a984a150d6ebce2e4d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/16 16:55:44.0609 3976 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/16 16:55:44.0750 3976 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/16 16:55:44.0828 3976 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/16 16:55:44.0984 3976 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/16 16:55:45.0140 3976 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/16 16:55:45.0234 3976 ATSWPDRV (5c0656a478a7c41545a52b4724dbe67f) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
2011/03/16 16:55:45.0406 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/16 16:55:45.0500 3976 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/03/16 16:55:45.0531 3976 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/03/16 16:55:45.0625 3976 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/16 16:55:45.0734 3976 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/16 16:55:45.0796 3976 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/16 16:55:45.0859 3976 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/16 16:55:45.0953 3976 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/16 16:55:46.0015 3976 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/16 16:55:46.0078 3976 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/16 16:55:46.0187 3976 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/16 16:55:46.0296 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/16 16:55:46.0468 3976 BTKRNL (f1829392f47e0b766f062ae2d1490b0e) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/03/16 16:55:46.0640 3976 BTSERIAL (bfe983a7df25c416e5e543816f454dfa) C:\WINDOWS\system32\drivers\btserial.sys
2011/03/16 16:55:46.0718 3976 BTSLBCSP (eef1823cf73302f8c116512d6299351c) C:\WINDOWS\system32\drivers\btslbcsp.sys
2011/03/16 16:55:46.0812 3976 BTWUSB (2241c5bf7bfdb8a501274f6837c6b10a) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/03/16 16:55:46.0906 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/16 16:55:47.0000 3976 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/16 16:55:47.0109 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/16 16:55:47.0156 3976 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/16 16:55:47.0234 3976 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/16 16:55:47.0406 3976 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/16 16:55:47.0484 3976 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/16 16:55:47.0765 3976 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
2011/03/16 16:55:47.0812 3976 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/16 16:55:47.0937 3976 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/16 16:55:48.0046 3976 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/16 16:55:48.0171 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/16 16:55:48.0328 3976 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/16 16:55:48.0453 3976 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/16 16:55:48.0593 3976 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/16 16:55:48.0687 3976 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/16 16:55:48.0781 3976 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/16 16:55:48.0843 3976 flash (112a2e11b27caa6c249feacf59e98bf6) C:\WINDOWS\system32\drivers\flash.sys
2011/03/16 16:55:48.0921 3976 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/16 16:55:49.0000 3976 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/16 16:55:49.0078 3976 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/03/16 16:55:49.0125 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/16 16:55:49.0203 3976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/16 16:55:49.0296 3976 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/16 16:55:49.0375 3976 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/03/16 16:55:49.0468 3976 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/16 16:55:49.0625 3976 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/16 16:55:49.0765 3976 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
2011/03/16 16:55:49.0906 3976 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/16 16:55:50.0125 3976 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/16 16:55:50.0187 3976 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/16 16:55:50.0343 3976 INO_FLPY (ad8d86122be97cc1f31028143e29d8e1) C:\WINDOWS\system32\Drivers\ino_flpy.sys
2011/03/16 16:55:50.0468 3976 INO_FLTR (a761ae3147750d4564d00bbbe9d56e56) C:\WINDOWS\system32\Drivers\ino_fltr.sys
2011/03/16 16:55:50.0796 3976 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/16 16:55:51.0046 3976 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/16 16:55:51.0125 3976 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/16 16:55:51.0218 3976 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/16 16:55:51.0281 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/16 16:55:51.0343 3976 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/16 16:55:51.0437 3976 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/16 16:55:51.0531 3976 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/16 16:55:51.0609 3976 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/16 16:55:51.0718 3976 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/16 16:55:51.0796 3976 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/16 16:55:51.0843 3976 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/16 16:55:51.0937 3976 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/16 16:55:52.0015 3976 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/16 16:55:52.0234 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/16 16:55:52.0296 3976 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/16 16:55:52.0328 3976 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/16 16:55:52.0390 3976 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/16 16:55:52.0421 3976 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/16 16:55:52.0484 3976 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/03/16 16:55:52.0609 3976 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/16 16:55:52.0671 3976 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/16 16:55:52.0750 3976 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/16 16:55:52.0828 3976 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/16 16:55:52.0906 3976 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/16 16:55:52.0968 3976 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/16 16:55:53.0031 3976 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/16 16:55:53.0109 3976 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/16 16:55:53.0171 3976 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/16 16:55:53.0234 3976 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/16 16:55:53.0359 3976 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/16 16:55:53.0437 3976 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/16 16:55:53.0515 3976 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/16 16:55:53.0625 3976 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/16 16:55:53.0703 3976 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/16 16:55:53.0781 3976 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/16 16:55:53.0859 3976 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/16 16:55:53.0953 3976 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/16 16:55:54.0093 3976 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/16 16:55:54.0140 3976 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/16 16:55:54.0234 3976 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/03/16 16:55:54.0328 3976 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/16 16:55:54.0453 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/16 16:55:54.0515 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/16 16:55:54.0625 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/16 16:55:54.0687 3976 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/16 16:55:54.0734 3976 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/16 16:55:54.0843 3976 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/16 16:55:54.0937 3976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/16 16:55:55.0046 3976 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/03/16 16:55:55.0125 3976 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/16 16:55:55.0187 3976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/16 16:55:55.0250 3976 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/16 16:55:55.0500 3976 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/16 16:55:55.0546 3976 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/16 16:55:55.0578 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/16 16:55:55.0765 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/16 16:55:55.0843 3976 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/16 16:55:55.0875 3976 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/16 16:55:55.0906 3976 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/16 16:55:55.0937 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/16 16:55:56.0015 3976 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/16 16:55:56.0078 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/16 16:55:56.0171 3976 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/16 16:55:56.0250 3976 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/16 16:55:56.0359 3976 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/03/16 16:55:56.0453 3976 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/16 16:55:56.0531 3976 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/16 16:55:56.0609 3976 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/16 16:55:56.0703 3976 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/16 16:55:56.0843 3976 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/16 16:55:56.0953 3976 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/16 16:55:57.0031 3976 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/16 16:55:57.0125 3976 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/16 16:55:57.0203 3976 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/03/16 16:55:57.0281 3976 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/03/16 16:55:57.0359 3976 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/03/16 16:55:57.0437 3976 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/03/16 16:55:57.0515 3976 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/03/16 16:55:57.0593 3976 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/03/16 16:55:57.0703 3976 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/16 16:55:57.0781 3976 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/16 16:55:57.0875 3976 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/16 16:55:58.0109 3976 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/16 16:55:58.0281 3976 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/16 16:55:58.0437 3976 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/16 16:55:58.0515 3976 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/16 16:55:58.0578 3976 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/16 16:55:58.0656 3976 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/16 16:55:58.0750 3976 tifm21 (1154850749ecd019972d901ea6c6950c) C:\WINDOWS\system32\drivers\tifm21.sys
2011/03/16 16:55:58.0921 3976 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/16 16:55:59.0062 3976 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/16 16:55:59.0203 3976 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/16 16:55:59.0281 3976 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/16 16:55:59.0359 3976 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/16 16:55:59.0437 3976 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/16 16:55:59.0484 3976 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/16 16:55:59.0609 3976 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/16 16:55:59.0875 3976 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/16 16:56:00.0093 3976 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/16 16:56:00.0171 3976 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/16 16:56:00.0343 3976 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/16 16:56:00.0531 3976 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/03/16 16:56:00.0640 3976 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/16 16:56:00.0750 3976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/16 16:56:00.0875 3976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/16 16:56:01.0031 3976 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2011/03/16 16:56:01.0187 3976 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/16 16:56:01.0187 3976 ================================================================================
2011/03/16 16:56:01.0187 3976 Scan finished
2011/03/16 16:56:01.0187 3976 ================================================================================
2011/03/16 16:56:01.0234 5220 Detected object count: 1
2011/03/16 16:56:40.0484 5220 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/16 16:56:40.0484 5220 \HardDisk0 - ok
2011/03/16 16:56:40.0484 5220 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/16 16:56:57.0203 5396 Deinitialize success

ESETScan.txt as follows:
C:\Program Files\Java\jre1.5.0_04\lib\rt.jar a variant of Java/Agent.AG trojan deleted - quarantined
D:\MOBILE PHONE MEM CARD BACKUP\downloaded apps\z4root.1.3.0.apk Android/Exploit.RageCage.A trojan deleted - quarantined


Now going to re-boot and see what happens....

Thanks
JDK.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users