Thanks for gettin back with me. None of it worked like the instructions. There wasn't an extract all, so I unzipped regular to the desktop, and then all I could do was click the unzipped file. It immediately started scanning and then told me that my files were altered would I like to scan. I clicked yes and it started scanning again. All the boxes are checked to the side, but they don't line up with Show Extracted Files. Here is the log:
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-11-05 01:42:35
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xBAFEB7B6]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7520818]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xBAFEAD16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xBAFEB372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xBAFEBF80]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7514A20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xBAFEAA70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xBAFECC70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xBAFEB99C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xBAFEA646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xBAFEBBEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xBAFEBD9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xBAFEA4F8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75152A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7520910]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xBAFEC8F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xBAFEAF5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xBAFEB5AA]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7520794]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xBAFEA228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xBAFEB1EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xBAFEA3A0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75152C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7520866]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xBAFEC346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xBAFEAB8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xBAFEC6AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xBAFECAA0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75200B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xBAFEC146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xBAFEAEF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xBAFEB0E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xBAFEA93A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xBAFEA808]
INT 0x62 ? 88B6CBF8
INT 0x63 ? 888A0BF8
INT 0x73 ? 888A0BF8
INT 0x82 ? 88B6CBF8
INT 0x83 ? 888A0BF8
---- Kernel code sections - GMER 1.0.14 ----
? spzr.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F72738AC 5 Bytes JMP 888A01D8
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 88BDB2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F758293C] spzr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7582990] spzr.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 888A02D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7562D92] spzr.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F737D950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F737D990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F737D710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F737D770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 88BD71F8
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\CFPTcpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbohci \Device\USBPDO-0 8885C1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 88BD91F8
Device \Driver\dmio \Device\DmControl\DmConfig 88BD91F8
Device \Driver\dmio \Device\DmControl\DmPnP 88BD91F8
Device \Driver\dmio \Device\DmControl\DmInfo 88BD91F8
Device \Driver\usbohci \Device\USBPDO-1 8885C1F8
Device \Driver\usbehci \Device\USBPDO-2 888E71F8
Device \Driver\cmdHlp \Device\CFPRawFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\CFPUdpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 88B6D1F8
Device \Driver\Cdrom \Device\CdRom0 887E3620
Device \FileSystem\Rdbss \Device\FsWrap 886D4948
Device \Driver\Cdrom \Device\CdRom1 887E3620
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 887E3728
Device \Driver\atapi \Device\Ide\IdePort0 887E3728
Device \Driver\atapi \Device\Ide\IdePort1 887E3728
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 887E3728
Device \Driver\NetBT \Device\NetBt_Wins_Export 88466500
Device \Driver\NetBT \Device\NetbiosSmb 88466500
Device \FileSystem\Srv \Device\LanmanServer 88950C68
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\cmdhlp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbohci \Device\USBFDO-0 8885C1F8
Device \Driver\usbohci \Device\USBFDO-1 8885C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88465500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 886D1B80
Device \Driver\cmdHlp \Device\CFPIpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbehci \Device\USBFDO-2 888E71F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88465500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 886D1B80
Device \FileSystem\Npfs \Device\NamedPipe 886B7B88
Device \Driver\Ftdisk \Device\FtControl 88B6D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CE720297-240C-48AA-A46A-657689230769} 88466500
Device \FileSystem\Msfs \Device\Mailslot 886BBE90
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 88751790
Device \Driver\d347prt \Device\Scsi\d347prt1 88751790
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 888FD030
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 888FD030
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 888FD030
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 888FD030
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 888FD030
Device \FileSystem\Cdfs \Cdfs 887691F8
Device \FileSystem\Cdfs \Cdfs 88931AD8
---- Modules - GMER 1.0.14 ----
Module _________ F7477000-F748F000 (98304 bytes)
---- Services - GMER 1.0.14 ----
Service system32\drivers\TDSSxxou.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
Service system32\drivers\TDSSpqxt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys) <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x93 0xF3 0x64 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 46235088
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -743653309
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktpo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsserrors \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSproc \systemroot\system32\TDSSlubs.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)@imagepath \systemroot\system32\drivers\TDSSpqxt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)\modules@TDSSserv \systemroot\system32\drivers\TDSSpqxt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys)\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxxou.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktpo.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSyavu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSacun.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqqcn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsserrors \systemroot\system32\TDSSwghd.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSproc \systemroot\system32\TDSSlubs.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)@imagepath \systemroot\system32\drivers\TDSSpqxt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)\modules@TDSSserv \systemroot\system32\drivers\TDSSpqxt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys)\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
---- EOF - GMER 1.0.14 ----