Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 85791 times)

pancakejohn · « **Reply #105 on:** May 02, 2010, 04:14:53 PM »

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!LoadLibraryExA] 76FC0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!VirtualAlloc] 77420320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!VirtualFree] 77420390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!CreateProcessA] 76FC0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!GetModuleFileNameW] 76FC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!GetModuleFileNameA] 76FC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\basegui.ppl [KERNEL32.dll!CreateProcessW] 76FC0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77420010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77420080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 76FC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 774201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\MSIMG32.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!CreateThread] 774201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\OLEAUT32.dll [KERNEL32.dll!SetErrorMode] 76FC0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 76FC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 774201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 76FC0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 77420240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 76FC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\NSI.dll [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [ntdll.dll!RtlAllocateHeap] 77420010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [ntdll.dll!RtlFreeHeap] 77420080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!CreateProcessW] 76FC0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!GetModuleFileNameW] 76FC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!VirtualFree] 77420390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!VirtualAlloc] 77420320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!LoadLibraryExW] 76FC0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\CLBCatQ.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!LoadLibraryExA] 76FC0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!VirtualAlloc] 77420320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [ntdll.dll!RtlFreeHeap] 77420080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\rsaenh.dll [ntdll.dll!RtlAllocateHeap] 77420010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\thpimpl.ppl [KERNEL32.dll!HeapFree] 774202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\thpimpl.ppl [KERNEL32.dll!CreateThread] 774201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\thpimpl.ppl [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\thpimpl.ppl [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\wtsapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\wtsapi32.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\wtsapi32.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\wtsapi32.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!GetModuleFileNameA] 76FC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!CreateThread] 774201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\WINSTA.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!LoadLibraryA] 76FC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!LoadLibraryW] 76FC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!GetModuleFileNameA] 76FC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!GetModuleFileNameW] 76FC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 76FC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!FreeLibrary] 76FC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2872] @ C:\Windows\system32\RICHED20.DLL [KERNEL32.dll!GetProcAddress] 76FC0240
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [COMCTL32.dll!_TrackMouseEvent] [74D6F7E6] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [COMCTL32.dll!CreatePropertySheetPageW] [74DF2A3D] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipDrawImageRectRectI] [73EA0A08] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipSetSmoothingMode] [73EA7624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipSetInterpolationMode] [73E9FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipGetImageGraphicsContext] [73EA2A73] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipCreateBitmapFromScan0] [73E9721D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipCreateBitmapFromFile] [73EE0405] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipGetImageHeight] [73EA074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipGetImageWidth] [73EA06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipDisposeImage] [73E971B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipDeleteGraphics] [73E9E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [gdiplus.dll!GdipCreateHBITMAPFromBitmap] [73EAD748] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!InitCommonControlsEx] [74D41322] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!PropertySheetW] [74DF806C] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!CreatePropertySheetPageW] [74DF2A3D] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!CreateToolbarEx] [74DF9C52] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Destroy] [74D52E74] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Draw] [74DB910F] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Users\Administrator\Desktop\gmer.exe[2916] @ C:\Windows\system32\COMDLG32.dll [COMCTL32.dll!ImageList_GetIconSize] [74D40E7A] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (CMSPCSUtilSvc/SprintNextel) &nb

pancakejohn · « **Reply #106 on:** May 02, 2010, 04:15:19 PM »

Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [DISABLED] Apple Mobile Device
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas
Service C:\??\C:\Program Files\ASTRA32\ASTRA32.sys [AUTO] ASTRA32
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv
Service C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) [AUTO] AVP
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service C:\Windows\system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [DISABLED] blbdrive
Service [DISABLED] BOHCI
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [DISABLED] Bonjour Service
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid
Service C:\Windows\System32\Drivers\BrSerIf.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] BrSerIf
Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM
Service [DISABLED] BUHCI
Service [DISABLED] BUSBD
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide
Service C:\Windows\system32\drivers\COMMONFX.SYS (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX
Service C:\Windows\System32\drivers\COMMONFX.SYS (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX.SYS
Service C:\Windows\system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (System Level Service Utility/Creative Labs) [DISABLED] Creative ALchemy AL6 Licensing Service
Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (System Level Service Utility/Creative Labs) [DISABLED] Creative Audio Engine Licensing Service
Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\Windows\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [SYSTEM] CSC
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CscService
Service C:\Windows\system32\CSHelper.exe [DISABLED] CSHelper
Service C:\Windows\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\Windows\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\Windows\system32\drivers\CTAUDFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX
Service C:\Windows\System32\drivers\CTAUDFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX.SYS
Service C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) [DISABLED] CTAudSvcService
Service C:\Windows\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\Windows\system32\drivers\CTERFXFX.SYS (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX
Service C:\Windows\System32\drivers\CTERFXFX.SYS (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX.SYS
Service C:\Windows\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\Windows\system32\drivers\CTSBLFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX
Service C:\Windows\System32\drivers\CTSBLFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX.SYS
Service C:\Windows\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service C:\Windows\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.) [MANUAL] CVirtA
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service C:\Windows\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:\??\C:\Windows\system32\DRIVERS\ENTECH.sys [MANUAL] ENTECH
Service C:\Windows\system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [DISABLED] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) &nbs

pancakejohn · « **Reply #107 on:** May 02, 2010, 04:15:45 PM »

Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\drivers\MTiCtwl.sys (MagicTunePremium Driver/Samsung Electronics, Inc. ) [SYSTEM] MagicTune
Service C:\Windows\system32\DRIVERS\MarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) [MANUAL] MarvinBus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Corporation) [DISABLED] megasas
Service C:\Windows\system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [DISABLED] MegaSR
Service Messenger
Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\motmodem.sys (Motorola USB Modem and Ports Driver/Motorola) [MANUAL] motmodem
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [DISABLED] NBService
Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\??\C:\Users\ADMINI~1\AppData\Local\Temp\000006f9.nmc\nse\bin\ndiskio.sys [MANUAL] NDISKIO
Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) [DISABLED] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 197.45 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [DISABLED] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor
Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 197.45/NVIDIA Corporation) [DISABLED] nvsvc
Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Windows\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service [AUTO] P2k
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\drivers\PalmUSBD.sys (USB Driver for Palm OS Handheld Devices/PalmSource, Inc.) [MANUAL] PalmUSBD
Service C:\Windows\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia
Service C:\Windows\System32\Drivers\pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) [MANUAL] pcouffin
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service

pancakejohn · « **Reply #108 on:** May 02, 2010, 04:16:09 PM »

Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device Driver/MCCI) [MANUAL] sscdbus
Service C:\Windows\system32\DRIVERS\sscdmdfl.sys (SAMSUNG CDMA Modem Filter Driver/MCCI) [MANUAL] sscdmdfl
Service C:\Windows\system32\DRIVERS\sscdmdm.sys (SAMSUNG CDMA Modem WDM/MCCI) [MANUAL] sscdmdm
Service C:\Windows\system32\DRIVERS\sscdserd.sys (SAMSUNG CDMA Modem Diagnostic Serial Port Device Driver/MCCI) [MANUAL] sscdserd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service C:\Program [DISABLED] Steam Client Service
Service C:\Windows\system32\DRIVERS\serscan.sys (Serial Imaging Device Driver/Microsoft Corporation) [MANUAL] StillCam
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\RtTeam60.sys (Realtek NDIS 6.0 Intermediate Miniport Driver for Teaming/Realtek Corporation) [MANUAL] TEAM
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\system32\drivers\TotRec7.sys (Total Recorder WDM audio driver/High Criteria inc.) [MANUAL] TotRec7
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Driver/TrueCrypt Foundation) [SYSTEM] truecrypt
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware Host Process for Ufa Services/VMware, Inc.) [DISABLED] ufad-ws60
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] UmRdpService
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] upnphost
Service usb
Service C:\Windows\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\Windows\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\Windows\system32\DRIVERS\lgusbbus.sys (LG CDMA USB Multi function Driver/LG Electronics Inc.) [MANUAL] usbbus
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\lgusbdiag.sys (LG CDMA USB Diagnostics Driver/LG Electronics Inc.) [MANUAL] UsbDiag
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\System32\Drivers\UsbFltr.sys (Ortek USB Keypad Driver/Waytech Development, Inc.) [MANUAL] UsbFltr
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\lgusbmodem.sys (LG CDMA USB Modem Driver/LG Electronics Inc.) [MANUAL] USBModem
Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\Windows\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\system32\DRIVERS\V0500Vid.sys (Video Capture Device Driver/Creative Technology Ltd.) [MANUAL] V0500Dev
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide
Service C:\??\C:\Users\Administrator\Desktop\usb_prep8\vdk.sys [MANUAL] VirtualDK
Service C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware Authorization Service/VMware, Inc.) [DISABLED] VMAuthdService
Service C:\??\C:\Windows\system32\Drivers\vmci.sys [AUTO] vmci
Service C:\??\C:\Windows\system32\drivers\VMkbd.sys [MANUAL] vmkbd
Service C:\Windows\system32\DRIVERS\vmnetadapter.sys (VMware virtual network adapter driver (32-bit)/VMware, Inc.) [MANUAL] VMnetAdapter
Service C:\Windows\system32\DRIVERS\vmnetbridge.sys (VMware bridge driver (32-bit)/VMware, Inc.) [AUTO] VMnetBridge
Service C:\Windows\system32\vmnetdhcp.exe (VMware VMnet DHCP service/VMware, Inc.) [DISABLED] VMnetDHCP
Service C:\??\C:\Windows\system32\drivers\vmnetuserif.sys [AUTO] VMnetuserif
Service C:\??\C:\Windows\system32\Drivers\VMparport.sys [AUTO] VMparport
Service C:\Windows\System32\Drivers\vmusb.sys (VMware USB driver/VMware, Inc.) [MANUAL] vmusb
Service

Dr Jay · « **Reply #109 on:** May 02, 2010, 10:29:25 PM »

Please use Internet Explorer and run a BitDefender Online scan

Please check I agree with the Terms and Conditions and click Start Here
You will need to allow an Active X install for the scan to run.
Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

pancakejohn · « **Reply #110 on:** May 03, 2010, 11:10:29 AM »

BitDefender Online Scanner




Scan report generated at: Mon, May 03, 2010 - 03:05:31





Scan path: C:\;








Statistics

Time


02:39:21

Files


879405

Folders


29126

Boot Sectors


0

Archives


9507

Packed Files


65526




Results

Identified Viruses


4

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


3




Engines Info

Virus Definitions


5692934

Engine build


AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)

Scan plugins


17

Archive plugins


43

Unpack plugins


9

E-mail plugins


6

System plugins


4




Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions


Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes




Scanned File


Status

C:\ProgramData\Kaspersky Lab\AVP9\QB\15bcbf549abcf7e2.klq=>(Quarantine-6)


Infected with: EICAR-Test-File (not a virus)

C:\ProgramData\Kaspersky Lab\AVP9\QB\15bcbf549abcf7e2.klq=>(Quarantine-6)


Disinfection failed

C:\ProgramData\Kaspersky Lab\AVP9\QB\15bcbf549abcf7e2.klq=>(Quarantine-6)


Deleted

Dr Jay · « **Reply #111 on:** May 03, 2010, 07:30:47 PM »

This is a little experimental.

Download this file: http://ad13.geekstogo.com/DirQuery.exe

Double-click on it to run it.

Copy and paste this in, or type it in exactly:

\Device\Ide\IdePort1

================

It will make a text file called DirQuery.txt.

Post the contents of that, please.

pancakejohn · « **Reply #112 on:** May 04, 2010, 11:49:33 AM »

Ran DirQuery

Code: [Select]

Running from: C:\Users\Administrator\Desktop\DirQuery.exe

Log file at : C:\Users\Administrator\Desktop\DirQuery.txt

The driver that owns the link: 

  \Device\Ide\IdePort1

is located at: 

  \SystemRoot\system32\drivers\atapi.sys

and the device link is: 

  \Driver\atapi

The path to the driver from the registry is: 

  system32\drivers\atapi.sys

Dr Jay · « **Reply #113 on:** May 04, 2010, 11:58:13 AM »

Good.

Now, do the same thing, please, but type in this, instead:

\Device\Ide\IdePort0

pancakejohn · « **Reply #114 on:** May 04, 2010, 12:46:21 PM »

Code: [Select]

Running from: C:\Users\Administrator\Desktop\DirQuery.exe

Log file at : C:\Users\Administrator\Desktop\DirQuery.txt

The driver that owns the link: 

  \Device\Ide\IdePort0

is located at: 

  \SystemRoot\system32\drivers\atapi.sys

and the device link is: 

  \Driver\atapi

The path to the driver from the registry is: 

  system32\drivers\atapi.sys

Dr Jay · « **Reply #115 on:** May 04, 2010, 12:58:12 PM »

Delete your copy of TDSSKiller, if it exists, and download a new one.

Now, run TDSSKiller once more and post a log.

I think it might be gone now.

pancakejohn · « **Reply #116 on:** May 04, 2010, 01:07:22 PM »

Downloaded new TDSS killer

Code: [Select]

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8.1 Mar 22 2010 10:43:04

Scanning        Services ...

Scanning        Kernel memory ...

Completed

Results:
Memory objects infected / cured / cured on reboot:      0 / 0 / 0
Registry objects infected / cured / cured on reboot:    0 / 0 / 0
File objects infected / cured / cured on reboot:        0 / 0 / 0

Press any key to continue . . .

Quote

I think it might be gone now.

I think it may be gone too.

Ever since running Combofix I haven't had any google redirect problems and everything seems to be running ok.

Dr Jay · « **Reply #117 on:** May 04, 2010, 01:08:26 PM »

Yay.

You may re-enable DeFogger.

Cleanup

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

pancakejohn · « **Reply #118 on:** May 04, 2010, 03:22:55 PM »

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Kaspersky Internet Security 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
DH Driver Cleaner Professional Edition
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
Kaspersky Lab Kaspersky Internet Security 2010 klwtblfs.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Dr Jay · « **Reply #119 on:** May 04, 2010, 08:16:56 PM »

Please consider updating to Windows Vista Service Pack 2 (SP2).
Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

See this page for more info about malware and prevention.

Do you have any more questions?

Computer Hope Forum

News:

Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 85791 times)

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista