GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-14 21:21:06 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- Code E19AF398 ZwEnumerateKey Code E1B5F5B8 ZwFlushInstructionCache Code EEAFAEAB pIofCallDriver ---- Kernel code sections - GMER 1.0.14 ---- PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP E19AF39C PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP E1B5F5BC ---- User code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\svchost.exe[912] time/date stamp mismatch; unknown module: wsock32.dllunknown module: CFGMGR32.dllunknown module: CRTDLL.DLL .text C:\WINDOWS\Explorer.EXE[1784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C8000A .text C:\WINDOWS\Explorer.EXE[1784] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C7000A .text C:\WINDOWS\Explorer.EXE[1784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C9000A ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegQueryValueW] 001020B8 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegReplaceKeyW] 438AE800 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegLoadKeyW] 56530000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegOpenKeyExA] 085D8B57 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegDeleteValueA] 4043B60F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegQueryInfoKeyW] 40DC158B IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegEnumKeyW] C2830041 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegEnumKeyA] 0FD03902 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegDeleteValueW] 00009E85 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegEnumValueW] 90E85300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegQueryValueExW] 0F00002A IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegEnumKeyExA] 40F43DBF IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegOpenKeyExW] EF830041 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegEnumKeyExW] 88C28905 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegQueryValueA] 53761F54 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegFlushKey] 002A7AE8 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegCreateKeyW] 08C48300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegCreateKeyExW] 103DBF0F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [advapi32.dll!RegCreateKeyExA] 03004141 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetPixel] 04EF8300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!ClearBitmapAttributes] 5488C289 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!BitBlt] CCA1761F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!DeleteDC] 83004140 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!ClearBrushAttributes] 438805E8 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!AddFontResourceExW] 05BF0F43 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!AddFontResourceExA] [004140AC] C:\WINDOWS\system32\drivers\svchost.exe IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!RestoreDC] 40980503 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!AddFontResourceTracking] E8830041 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!SetTextColor] E0458910 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!BeginPath] E85313EB IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!ExtTextOutA] 00002A3B IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!CopyMetaFileA] E07D8B59 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!ExcludeClipRect] 5488C289 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetDCOrgEx] 45FF441F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!DeleteObject] 05BF0FE0 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetPixel] [00414130] C:\WINDOWS\system32\drivers\svchost.exe IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetBitmapBits] 3905E883 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetClipBox] DE7CE045 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!GetCurrentPositionEx] AC05BF0F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [gdi32.dll!AbortPath] 83004140 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!FindFirstFileA] 00000FFF IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CopyFileA] EFE1858D IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!DeleteAtom] FF50FFFF IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!ReadFile] F5E80473 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CreateProcessA] 31000040 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!ExitThread] E8E940C0 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!DeleteFileA] 8D000001 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CreateDirectoryA] 358DE47D IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!GetFileTime] [00414280] C:\WINDOWS\system32\drivers\svchost.exe IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!DeleteFileW] 000005B9 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!FindAtomA] 53A5F300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CopyFileExA] DCE85300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!Sleep] 89000029 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!GetCPInfo] 415388C2 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!GlobalFree] 29D1E853 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!GetFileSize] C2890000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CopyFileExW] 53425388 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!WriteFile] 0029C6E8 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!ReadConsoleA] 10C48300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [kernel32.dll!CopyFileW] 5388C289 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_DrawIndirect] 34158B41 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_GetImageCount] 03004141 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_Destroy] 4140B415 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_GetImageRect] 0AEA8300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_Create] 3774D039 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_DragEnter] 414094A1 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_Draw] 15BF0F00 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_DrawEx] [0041409C] C:\WINDOWS\system32\drivers\svchost.exe IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_Merge] E883D001 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_GetDragImage] 8083390E IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_LoadImageA] 74000000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_GetImageInfo] 40B0A11E IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_AddIcon] C0830041 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!InitCommonControls] 00FF2506 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_AddMasked] 53500000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_GetIcon] 003C93E8 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_Remove] 08C48300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_EndDrag] 60E9C031 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_BeginDrag] 0F000001 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [comctl32.dll!ImageList_DragLeave] 8B4343B6 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!LoadMenuA] 24150300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!GetWindowTextA] 83004141 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!EndDialog] D0390CEA IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!DrawIcon] BF0F147D IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!AppendMenuW] 4140AC15 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!DrawIconEx] E4150300 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!GetMenu] 83004140 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!IsMenu] D03910EA IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!DialogBoxParamW] 08A11E7F IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!BlockInput] 83004141 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!GetDC] FF2504C0 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!GetFocus] 50000000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!DrawTextW] 3C4AE853 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!GetCursor] C4830000 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!CopyImage] E9C03108 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!AlignRects] 00000117 IAT C:\WINDOWS\system32\drivers\svchost.exe[912] @ C:\WINDOWS\system32\drivers\svchost.exe [user32.dll!CopyIcon] 437BB60F ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Modules - GMER 1.0.14 ---- Module \systemroot\system32\drivers\TDSSmqlt.sys (*** hidden *** ) EEAF9000-EEB0B000 (73728 bytes) ---- Threads - GMER 1.0.14 ---- Thread 4:388 EEAFBD66 ---- Processes - GMER 1.0.14 ---- Library C:\Documents (*** hidden *** ) @ C:\Documents [1748] 0x00400000 Library C:\Documents (*** hidden *** ) @ C:\Documents [3104] 0x00400000 ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 61 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v3001 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1 ---- EOF - GMER 1.0.14 ----