Redirect virus from hell HELP PLEASE!!!

[hellno187]

The only thing in it was this, 127.0.0.1 localhost

[touch]

Ok. Nothing suspicious there.


Click http://support.kaspersky.com/downloa...tdsskiller.zip
and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller. (numbers) log.txt


Copy/paste those contents back here please.

-----------

Also click http://ad13.geekstogo.com/MBRCheck.exe
to download AD13's MBRCheck.exe. Then right click that file, and select "Run as administrator". Follow the prompts, and post back here the log it should have created on your desktop.

[hellno187]

2011/02/16 19:55:28.0159 3340 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/16 19:55:28.0610 3340 ================================================== ==============================
2011/02/16 19:55:28.0610 3340 SystemInfo:
2011/02/16 19:55:28.0610 3340
2011/02/16 19:55:28.0610 3340 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/16 19:55:28.0610 3340 Product type: Workstation
2011/02/16 19:55:28.0610 3340 ComputerName: GERRY-53XHTR4Z8
2011/02/16 19:55:28.0620 3340 UserName: GERRY
2011/02/16 19:55:28.0620 3340 Windows directory: C:\WINDOWS
2011/02/16 19:55:28.0620 3340 System windows directory: C:\WINDOWS
2011/02/16 19:55:28.0620 3340 Processor architecture: Intel x86
2011/02/16 19:55:28.0620 3340 Number of processors: 1
2011/02/16 19:55:28.0620 3340 Page size: 0x1000
2011/02/16 19:55:28.0620 3340 Boot type: Normal boot
2011/02/16 19:55:28.0620 3340 ================================================== ==============================
2011/02/16 19:55:29.0020 3340 Initialize success
2011/02/16 19:55:33.0166 4080 ================================================== ==============================
2011/02/16 19:55:33.0166 4080 Scan started
2011/02/16 19:55:33.0166 4080 Mode: Manual;
2011/02/16 19:55:33.0166 4080 ================================================== ==============================
2011/02/16 19:55:34.0699 4080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 19:55:34.0819 4080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/16 19:55:35.0029 4080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 19:55:35.0219 4080 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 19:55:35.0610 4080 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/02/16 19:55:36.0111 4080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 19:55:36.0201 4080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 19:55:36.0331 4080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 19:55:36.0481 4080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 19:55:36.0682 4080 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/16 19:55:36.0842 4080 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/16 19:55:36.0932 4080 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/16 19:55:37.0082 4080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 19:55:37.0282 4080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 19:55:37.0483 4080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 19:55:37.0623 4080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 19:55:37.0723 4080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 19:55:38.0344 4080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 19:55:38.0424 4080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 19:55:38.0654 4080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 19:55:38.0995 4080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 19:55:39.0125 4080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 19:55:39.0335 4080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 19:55:39.0526 4080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 19:55:39.0636 4080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/16 19:55:39.0776 4080 FETNDIS (585b9c652299caf0128fbe598e29bb7e) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/02/16 19:55:39.0916 4080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 19:55:40.0026 4080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/16 19:55:40.0167 4080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/16 19:55:40.0267 4080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 19:55:40.0387 4080 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/02/16 19:55:40.0517 4080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 19:55:40.0607 4080 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/02/16 19:55:40.0687 4080 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/16 19:55:40.0787 4080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/16 19:55:40.0948 4080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 19:55:41.0098 4080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/16 19:55:41.0288 4080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 19:55:41.0548 4080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 19:55:41.0699 4080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 19:55:41.0959 4080 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/16 19:55:42.0089 4080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 19:55:42.0229 4080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 19:55:42.0350 4080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 19:55:42.0520 4080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 19:55:42.0600 4080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 19:55:42.0710 4080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 19:55:42.0810 4080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 19:55:42.0930 4080 KeyMaestro (0a5578183dfdcd7c38db8b8e00cb62da) C:\WINDOWS\system32\drivers\Maestro1.sys
2011/02/16 19:55:43.0031 4080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 19:55:43.0191 4080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 19:55:43.0341 4080 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/16 19:55:43.0601 4080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 19:55:43.0732 4080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 19:55:43.0892 4080 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/16 19:55:44.0002 4080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 19:55:44.0142 4080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/16 19:55:44.0272 4080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 19:55:44.0443 4080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 19:55:44.0573 4080 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 19:55:44.0723 4080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 19:55:44.0823 4080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 19:55:44.0903 4080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 19:55:45.0023 4080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 19:55:45.0094 4080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 19:55:45.0204 4080 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/02/16 19:55:45.0304 4080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 19:55:45.0394 4080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 19:55:45.0494 4080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 19:55:45.0594 4080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 19:55:45.0735 4080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 19:55:45.0845 4080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 19:55:45.0955 4080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 19:55:46.0035 4080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 19:55:46.0295 4080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 19:55:46.0385 4080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 19:55:46.0496 4080 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/02/16 19:55:46.0606 4080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 19:55:47.0006 4080 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 19:55:47.0487 4080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 19:55:47.0587 4080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 19:55:47.0787 4080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/16 19:55:47.0918 4080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 19:55:48.0028 4080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 19:55:48.0138 4080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 19:55:48.0338 4080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 19:55:48.0458 4080 Pcouffin (a09c1922ef8149e27500c0f935a55f60) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/02/16 19:55:49.0009 4080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 19:55:49.0159 4080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/16 19:55:49.0260 4080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/16 19:55:49.0380 4080 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/16 19:55:49.0740 4080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/16 19:55:49.0880 4080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/16 19:55:49.0981 4080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/16 19:55:50.0071 4080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/16 19:55:50.0191 4080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/16 19:55:50.0291 4080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/16 19:55:50.0411 4080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/16 19:55:50.0541 4080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/16 19:55:50.0772 4080 S3Psddr (660213bc4070fddfba9df4ee4ffa8ff4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/02/16 19:55:50.0992 4080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/16 19:55:51.0152 4080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/16 19:55:51.0252 4080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/16 19:55:51.0473 4080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/02/16 19:55:51.0703 4080 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/02/16 19:55:51.0873 4080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/16 19:55:52.0004 4080 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/16 19:55:52.0004 4080 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/02/16 19:55:52.0034 4080 sptd - detected Locked file (1)
2011/02/16 19:55:52.0084 4080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/16 19:55:52.0194 4080 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/16 19:55:52.0304 4080 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/16 19:55:52.0424 4080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/16 19:55:52.0524 4080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/16 19:55:52.0845 4080 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/02/16 19:55:53.0075 4080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/16 19:55:53.0255 4080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/16 19:55:53.0345 4080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/16 19:55:53.0426 4080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/16 19:55:53.0506 4080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/16 19:55:53.0626 4080 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/02/16 19:55:53.0706 4080 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/02/16 19:55:53.0886 4080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/16 19:55:54.0117 4080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/16 19:55:54.0337 4080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/16 19:55:54.0457 4080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/16 19:55:54.0527 4080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/16 19:55:54.0647 4080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/16 19:55:54.0757 4080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/16 19:55:54.0828 4080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/16 19:55:54.0928 4080 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/02/16 19:55:55.0028 4080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/16 19:55:55.0148 4080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/16 19:55:55.0248 4080 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/02/16 19:55:55.0328 4080 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/02/16 19:55:55.0459 4080 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/02/16 19:55:55.0619 4080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/16 19:55:55.0769 4080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/16 19:55:55.0909 4080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/16 19:55:56.0049 4080 whfltr2k (97d0d27a87622154bc90b92d84fd91b5) C:\WINDOWS\system32\DRIVERS\whfltr2k.sys
2011/02/16 19:55:56.0160 4080 whmice2k (11bbe284b1d7fe319546130636cb6712) C:\WINDOWS\system32\DRIVERS\whmice2k.sys
2011/02/16 19:55:56.0510 4080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/16 19:55:56.0660 4080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/16 19:55:56.0760 4080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/16 19:55:57.0181 4080 ================================================== ==============================
2011/02/16 19:55:57.0181 4080 Scan finished
2011/02/16 19:55:57.0181 4080 ================================================== ==============================
2011/02/16 19:55:57.0241 2968 Detected object count: 1
2011/02/16 19:57:47.0570 2968 Locked file(sptd) - User select action: Skip

[hellno187]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000bd

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7A2F000 \WINDOWS\system32\KDCOM.DLL
0xF793F000 \WINDOWS\system32\BOOTVID.dll
0xF7415000 spnj.sys
0xF7A31000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73FD000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF73CF000 ACPI.sys
0xF73BE000 pci.sys
0xF752F000 isapnp.sys
0xF7A33000 viaidexp.sys
0xF77AF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF753F000 MountMgr.sys
0xF739F000 ftdisk.sys
0xF77B7000 PartMgr.sys
0xF754F000 VolSnap.sys
0xF7387000 atapi.sys
0xF755F000 disk.sys
0xF756F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7367000 fltmgr.sys
0xF7355000 sr.sys
0xF77BF000 PxHelp20.sys
0xF7335000 symsnap.sys
0xF731E000 KSecDD.sys
0xF7291000 Ntfs.sys
0xF7264000 NDIS.sys
0xF7204000 timntr.sys
0xF757F000 viaagp.sys
0xF77C7000 viaagp1.sys
0xF71E9000 snapman.sys
0xF71CF000 Mup.sys
0xF75AF000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF6809000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF67F5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF780F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF67D1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF783F000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF75BF000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF75CF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF75DF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF67AE000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7A39000 \SystemRoot\System32\DRIVERS\NTIDrvr.sys
0xF7897000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF677C000 \SystemRoot\system32\drivers\vinyl97.sys
0xF6758000 \SystemRoot\system32\drivers\portcls.sys
0xF75EF000 \SystemRoot\system32\drivers\drmk.sys
0xF75FF000 \SystemRoot\System32\DRIVERS\fetnd5b.sys
0xF790F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF760F000 \SystemRoot\System32\DRIVERS\serial.sys
0xF71A7000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6744000 \SystemRoot\System32\DRIVERS\parport.sys
0xF761F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77EF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7A3F000 \??\C:\WINDOWS\system32\drivers\Maestro1.sys
0xF719B000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7C46000 \SystemRoot\system32\drivers\msmpu401.sys
0xF7C49000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF762F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7193000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF672D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF763F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF764F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7847000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF671C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF765F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF786F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF787F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF766F000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF767F000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF78A7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7A47000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF661E000 \SystemRoot\System32\DRIVERS\update.sys
0xF717B000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF768F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF769F000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7A4B000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF792F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7A4F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AFA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A53000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77F7000 \SystemRoot\System32\drivers\vga.sys
0xF7A57000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A5B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7807000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF781F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF714F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF449B000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4442000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF441A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF43F4000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF76BF000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF43D2000 \SystemRoot\System32\drivers\afd.sys
0xF76CF000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF43A7000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4337000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF76DF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF42EB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF78C7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF4506000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76FF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF78DF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF44FA000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF42D3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A63000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4317000 \SystemRoot\System32\drivers\Dxapi.sys
0xF791F000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xF7867000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB7FA2000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB7C79000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7D8E000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7A66000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7AE1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB78A6000 \SystemRoot\System32\DRIVERS\srv.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xB79BE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB738D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF782F000 \??\C:\ComboFix\catchme.sys
0xF7A9F000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB7057000 \SystemRoot\system32\DRIVERS\Lbd.sys
0xB5FFE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB5FE9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB5B0F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
616 C:\WINDOWS\system32\smss.exe
700 csrss.exe
724 C:\WINDOWS\system32\winlogon.exe
768 C:\WINDOWS\system32\services.exe
780 C:\WINDOWS\system32\lsass.exe
932 C:\WINDOWS\system32\nvsvc32.exe
1012 C:\WINDOWS\system32\svchost.exe
1080 svchost.exe
1176 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1376 svchost.exe
1592 C:\WINDOWS\system32\spoolsv.exe
684 svchost.exe
928 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1032 C:\Program Files\Advanced Micro Instruments\AMICommApp.exe
1020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1156 C:\Program Files\Bonjour\mDNSResponder.exe
1600 C:\Program Files\Java\jre6\bin\jqs.exe
672 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2312 C:\techbox\techbox.exe
2356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2368 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2388 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
2400 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
2464 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2584 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2736 C:\Program Files\iTunes\iTunesHelper.exe
2784 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2956 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3064 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
3608 alg.exe
2564 C:\Program Files\iPod\bin\iPodService.exe
3832 C:\WINDOWS\system32\ctfmon.exe
3372 C:\WINDOWS\explorer.exe
1396 unsecapp.exe
2420 wmiprvse.exe
448 C:\Program Files\uTorrent\uTorrent.exe
3648 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2112 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3032 C:\Program Files\Avira\AntiVir Desktop\sched.exe
372 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2108 wmiprvse.exe
3928 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
2412 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
3280 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1716 C:\Program Files\Internet Explorer\iexplore.exe
3424 C:\Program Files\Internet Explorer\iexplore.exe
1480 C:\WINDOWS\system32\msfeedssync.exe
3436 C:\Documents and Settings\GERRY\Desktop\Movies\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002b`82d1fe00 (FAT32)

PhysicalDrive0 Model Number: ST3250823A, Rev: 3.06

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

[touch]

Quote:

Locked file(sptd) - User select action: Skip

Do you have Alcohol 120% installed or recently removed it? sptd.sys is a driver for it and is protected.

[hellno187]

I don't remember downloading that is that my problem

[hellno187]

I think what I just did got rid of the driver. I went to the program developer and used their unistall. No help though still redirecting, I kinda thought it would though. My dad has the same redirect virus and he would have never downloaded Alcohol 120%.

[Jintan]

Hello hellno187,

Sorry for the response delay. Touch is unavailable right now, and although I thought I subscribed to all the open requests, I must have missed yours.

Daemon Tools driver does not cause redirects (normally), but the effects of it's rootkit-like drivers and functions cause it to blur the log results some of our scans create. And even if uninstalled a long time ago, would have left the sptd.sys hidden functions behind. Since it is really important this is out of the way, the uninstall you choose was the one here? You ran it, then selected the Uninstall option? Then rebooted?

Assuming that all is yes, let's do other checks now to see what we need to remove there.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

------------------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\

mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

[Jintan]

If he hasn't already, I would suggest your Dad also consider registering at CTH, and starting his own new request thread. But not run any scans like those here, until one of us gets a chance to review things first.

[Jintan]

Just saw a note I made earlier but didn't post. The logs show you have two antivirus programs, with AntiVir and Ad-Aware. Confusing, since Ad-Aware Antivirus uses same-named files as the no-longer-supported anti-adware version, but the logs show it's antivirus kernel driver. Since more than one antivirus program installed can cause system problems and corruption, you will need to choose one, then temp disable all security programs and uninstall the other. Being sure to reboot after. Then do the scans I requested please.

[hellno187]

Quote:

Originally Posted by Jintan

Just saw a note I made earlier but didn't post. The logs show you have two antivirus programs, with AntiVir and Ad-Aware. Confusing, since Ad-Aware Antivirus uses same-named files as the no-longer-supported anti-adware version, but the logs show it's antivirus kernel driver. Since more than one antivirus program installed can cause system problems and corruption, you will need to choose one, then temp disable all security programs and uninstall the other. Being sure to reboot after. Then do the scans I requested please.

I use Avira to pick up viruses and Ad-Aware for malware scans. I really won't miss Ad-Aware I guess if it really messes with my computer.I just never noticed it causing any problems before.

[Jintan]

Ad-Aware just isn't what folks think any longer. Let's see what the scans show, and decide what to do next here.

[hellno187]

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-07 21:15:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250823A rev.3.06
Running: s11zv4vo.exe; Driver: C:\DOCUME~1\GERRY\LOCALS~1\Temp\afgorkod.sys


---- System - GMER 1.0.15 ----

SSDT F7B33C16 ZwCreateKey
SSDT F7B33C0C ZwCreateThread
SSDT F7B33C1B ZwDeleteKey
SSDT F7B33C25 ZwDeleteValueKey
SSDT spfz.sys ZwEnumerateKey [0xF742FE4C]
SSDT spfz.sys ZwEnumerateValueKey [0xF74301DA]
SSDT F7B33C2A ZwLoadKey
SSDT spfz.sys ZwOpenKey [0xF74150C0]
SSDT F7B33BF8 ZwOpenProcess
SSDT F7B33BFD ZwOpenThread
SSDT spfz.sys ZwQueryKey [0xF74302B2]
SSDT spfz.sys ZwQueryValueKey [0xF7430132]
SSDT F7B33C34 ZwReplaceKey
SSDT F7B33C2F ZwRestoreKey
SSDT F7B33C20 ZwSetValueKey

INT 0x33 ? 86E91C88
INT 0x35 ? 86E91C88
INT 0x3B ? 86E91C88
INT 0x3C ? 86E91C88
INT 0x3E ? 86FDBC88
INT 0x3F ? 86FDBC88

---- Kernel code sections - GMER 1.0.15 ----

? spfz.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF68083A0, 0x5CC259, 0xE8000020]
.text USBPORT.SYS!DllUnload F67E88AC 5 Bytes JMP 86E911D8
? C:\DOCUME~1\GERRY\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F6F458
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7443ECE] spfz.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7443F22] spfz.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74163E6] spfz.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F741690E] spfz.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7416F9C] spfz.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F741690E] spfz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74161D4] spfz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7416116] spfz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7417178] spfz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7416F9C] spfz.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E91308
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7427976] spfz.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3768] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

[hellno187]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FDA1F8

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Fastfat \FatCdrom 86B6C1F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Maestro1.sys (KeyMaestro Sys for Windows NT, 2000, .../BTC)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Maestro1.sys (KeyMaestro Sys for Windows NT, 2000, .../BTC)

Device \Driver\NetBT \Device\NetBT_Tcpip_{5D19CAB2-9C23-43F2-8315-FFFF9A4EC9F6} 86BA11F8
Device \Driver\usbuhci \Device\USBPDO-0 86E901F8
Device \Driver\usbuhci \Device\USBPDO-1 86E901F8
Device \Driver\usbuhci \Device\USBPDO-2 86E901F8
Device \Driver\usbehci \Device\USBPDO-3 86E6E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6D1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\USBSTOR \Device\00000071 86B901F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6D1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\USBSTOR \Device\00000072 86B901F8
Device \Driver\Cdrom \Device\CdRom0 86E621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F738FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86E621F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86BA11F8
Device \Driver\NetBT \Device\NetbiosSmb 86BA11F8
Device \Driver\usbuhci \Device\USBFDO-0 86E901F8
Device \Driver\usbuhci \Device\USBFDO-1 86E901F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B951F8
Device \Driver\usbuhci \Device\USBFDO-2 86E901F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B951F8
Device \Driver\usbehci \Device\USBFDO-3 86E6E1F8
Device \Driver\Ftdisk \Device\FtControl 86F6D1F8
Device \FileSystem\Fastfat \Fat 86B6C1F8

AttachedDevice \FileSystem\Fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs 86B121F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x22 0x52 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFD 0xFF 0x58 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xD7 0xD7 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x22 0x52 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFD 0xFF 0x58 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0xD7 0xD7 0xB2 ...

---- EOF - GMER 1.0.15 ----
Your right though about Ad-Aware I noticed that it really doesn't do much for me.

[Jintan]

Daemon Tools pretty active in that Gmer log, and not seeing any malware. Did you run the uninstaller steps I had posted, including rebooting after? Have you tried the mbr.exe -t steps yet?