Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

View previous topic View next topic Go down

Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 3:24 pm

Hello im chris, i got a tip from someone to use this site as they said it was amazing.
i am okay with computers but a newbie to all this anti-virus malarkie please be patient Smile

i have done countless checks with symantic antivirus and the same virus comes up Backdoor.Tidserv!inf but it is unable to remove clean on qurantine it....and also the Trojan.FakeAV!gen31 pops up every now and again with the same problem of being unable to clean or quarantine it.....my computer is becoming gadually slower and is prone to sudden crashes sending the screen completely blank ..... a massive thanks to anyone who can shed some light on the problem...my computer is my life Sad tearing id hate to have to wipe it again.....please

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 30th June 2010, 3:27 pm

Hello and welcome to GeekPolice.net.

My name is Sneakyone, and I will do my best to help get your problem resolved today.

I am currently a student in GeekPolice Academy, and will be a little delayed on each reply, as my instructors must review and approve each reply.

If you have any questions, please ask, and I will do my best to get to the question promptly.

Please wait here, while I get the first set of instructions for you.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 30th June 2010, 3:35 pm

Hi duck_boi_97, Smile

Welcome to GeekPolice.net!

My username is Sneakyone and I will be assisting you today.

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time




Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 5:13 pm

this is all the contents of OTL.Txt - Notepad (sent in seperate parts as it was too large to send as a whole)

OTL logfile created on: 30/06/2010 17:14:54 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Linda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 8.80 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
Drive D: | 78.12 Gb Total Space | 3.91 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive E: | 57.11 Gb Total Space | 30.09 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-UKBQQ2GE7I
Current User Name: Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/30 17:14:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
PRC - [2010/06/29 16:26:52 | 000,075,776 | -H-- | M] (Gkkvw) -- C:\WINDOWS\bill113.exe
PRC - [2010/06/14 11:58:15 | 000,031,232 | ---- | M] (Aqnwugr) -- C:\Program Files\webserver\webserver.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/04 18:08:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Philips PhotoFrame Manager\AvqAutorun.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/06 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/06 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/06 17:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/06 14:20:26 | 000,124,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/06 14:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/13 18:31:06 | 000,459,848 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrowser.exe
PRC - [2003/12/09 13:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/10/29 02:35:50 | 000,114,688 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
PRC - [2003/10/29 02:33:18 | 000,057,344 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\opware14.exe
PRC - [2003/09/03 13:16:56 | 000,217,088 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/05/16 00:45:54 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003/05/16 00:41:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/04/10 09:36:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/30 17:14:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/29 02:29:10 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\ophook14.dll
MOD - [2003/03/25 13:39:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/06/14 11:58:15 | 000,031,232 | ---- | M] (Aqnwugr) [Auto | Stopped] -- C:\Program Files\webserver\webserver.exe -- (webserver)
SRV - [2010/06/14 11:53:02 | 000,020,992 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\pdrv.dll -- (ppdrv)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/29 07:40:10 | 000,679,920 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfeeScanAndRepair\McRbScanner.exe -- (McLtScanner)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2004/08/06 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/06 17:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/06 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/06 16:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/08/06 14:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/08/06 14:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/08/06 10:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2010/06/14 11:53:02 | 000,047,616 | ---- | M] (PDRV) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pdrv.sys -- (PDRV)
DRV - [2010/06/11 09:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100611.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/11 09:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100611.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2004/08/07 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/06 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/06 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/08/06 10:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/06 10:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/07/09 16:58:38 | 000,017,920 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004/07/06 17:44:47 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/06/10 22:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/04/11 06:32:36 | 000,502,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/04/07 14:42:18 | 000,007,296 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WBHWDOCT.SYS -- (WBHWDOCT)
DRV - [2003/04/03 03:59:46 | 000,850,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/04/01 13:07:58 | 000,142,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/03/27 05:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/25 13:13:30 | 000,144,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/03/25 13:13:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/25 13:13:02 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/03/25 13:12:54 | 000,190,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/25 13:11:24 | 000,134,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\pfmodnt.sys -- (PfModNT)
DRV - [2002/12/30 05:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2002/10/04 03:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 2A 48 98 35 53 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 03:49:36 | 000,000,000 | ---D | M]

[2009/10/22 18:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\extensions
[2009/10/22 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2001/09/04 04:14:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BT Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BT Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}] C:\Program Files\Philips PhotoFrame Manager\AvqAutoRun.exe ()
O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\Less Else.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Opware14] C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysfbtray] C:\WINDOWS\bill113.exe (Gkkvw)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WorkFlowTray] C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA19xx Device Manager.lnk = C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe (KeenHigh Tech.)
O4 - Startup: C:\Documents and Settings\Linda\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire1\FrostWire.exe (FrostWire Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll ()
O9 - Extra 'Tools' menuitem : BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} [You must be registered and logged in to see this link.] (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} [You must be registered and logged in to see this link.] (YAddBook Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/06 20:23:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{afad6b64-f165-11de-9b21-00508df9d877}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found
O33 - MountPoints2\{afad6b64-f165-11de-9b21-00508df9d877}\Shell\verb\command - "" = H:\installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/06 20:23:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {25A4B6D0-CF64-48EF-A4A2-7CD30F44FEEC} - Reg Error: Value error.
ActiveX: {26FCDD66-A1AA-49AF-B65A-069DA3A75221} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()


duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 5:14 pm

========== Files/Folders - Created Within 90 Days ==========

[2010/06/30 17:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/30 17:14:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
[2010/06/30 15:32:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/30 15:32:38 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/30 15:32:38 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/30 15:32:38 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/30 15:30:15 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/30 15:30:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/30 15:30:10 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/30 15:30:01 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/30 15:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/30 15:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/30 15:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/30 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/29 16:26:52 | 000,075,776 | -H-- | C] (Gkkvw) -- C:\WINDOWS\bill113.exe
[2010/06/29 07:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/16 11:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2010/06/14 11:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\webserver
[2010/06/14 11:53:02 | 000,047,616 | ---- | C] (PDRV) -- C:\WINDOWS\System32\drivers\pdrv.sys
[2010/06/14 11:52:19 | 000,073,216 | -H-- | C] (Hloms) -- C:\WINDOWS\bill112.exe
[2010/06/13 18:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\PakkISO
[2010/06/01 21:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\888poker
[2010/06/01 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\PacificPoker
[2010/06/01 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[2010/05/23 22:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\New Folder
[2010/05/18 18:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\PSXMemTool
[2010/05/12 21:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Spotify
[2010/05/12 21:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Spotify
[2010/05/12 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/05/05 02:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\httpstrategywiki.orgwikiThe_Adventures_of_AlundraLars'_Crypt
[2010/04/26 03:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2010/04/25 15:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/16 02:32:30 | 000,000,000 | ---D | C] -- C:\Casino
[2010/04/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Conduit
[2010/04/07 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Messenger_Plus_Live_UK
[2010/04/02 20:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live_UK
[2004/08/06 21:08:13 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

File not found -- C:\WINDOWS\System32\zonedon.reg
File not found -- C:\WINDOWS\System32\zonedoff.reg
File not found -- C:\WINDOWS\System32\zipfldr.dll
File not found -- C:\WINDOWS\Zapotec.bmp
File not found -- C:\WINDOWS\System32\YPcservice.exe
File not found -- C:\WINDOWS\System32\ypclsp.dll
File not found -- C:\WINDOWS\System32\YCRWin32.dll
File not found -- C:\WINDOWS\System32\xpssvcs.dll
File not found -- C:\WINDOWS\System32\xpsshhdr.dll
File not found -- C:\WINDOWS\System32\xpsp4res.dll
File not found -- C:\WINDOWS\System32\xpsp3res.dll
File not found -- C:\WINDOWS\System32\xpsp2res.dll
File not found -- C:\WINDOWS\System32\xpsp1res.dll
File not found -- C:\WINDOWS\System32\xpsp1hfm.exe
File not found -- C:\WINDOWS\System32\xpob2res.dll
File not found -- C:\WINDOWS\System32\xolehlp.dll
File not found -- C:\WINDOWS\System32\xmlprovi.dll
File not found -- C:\WINDOWS\System32\xmlprov.dll
File not found -- C:\WINDOWS\System32\xmllite.dll
File not found -- C:\WINDOWS\System32\xenroll.dll
File not found -- C:\WINDOWS\System32\xcopy.exe
File not found -- C:\WINDOWS\System32\xactsrv.dll
File not found -- C:\WINDOWS\System32\wzcsvc.dll
File not found -- C:\WINDOWS\System32\wzcsapi.dll
File not found -- C:\WINDOWS\System32\wzcdlg.dll
File not found -- C:\WINDOWS\System32\wuweb.dll
File not found -- C:\WINDOWS\System32\wups2.dll
File not found -- C:\WINDOWS\System32\wups.dll
File not found -- C:\WINDOWS\System32\wupdmgr.exe
File not found -- C:\WINDOWS\System32\WUDFx.dll
File not found -- C:\WINDOWS\System32\WudfSvc.dll
File not found -- C:\WINDOWS\System32\WudfPlatform.dll
File not found -- C:\WINDOWS\System32\WudfHost.exe
File not found -- C:\WINDOWS\System32\WUDFCoinstaller.dll
File not found -- C:\WINDOWS\System32\wucltui.dll.mui
File not found -- C:\WINDOWS\System32\wucltui.dll
File not found -- C:\WINDOWS\System32\wuauserv.dll
File not found -- C:\WINDOWS\System32\wuaueng1.dll
File not found -- C:\WINDOWS\System32\wuaueng.dll.mui
File not found -- C:\WINDOWS\System32\wuaueng.dll
File not found -- C:\WINDOWS\System32\wuaucpl.cpl.mui
File not found -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
File not found -- C:\WINDOWS\System32\wuaucpl.cpl
File not found -- C:\WINDOWS\System32\wuauclt1.exe
File not found -- C:\WINDOWS\System32\wuauclt.exe
File not found -- C:\WINDOWS\System32\wuapi.dll.mui
File not found -- C:\WINDOWS\System32\wuapi.dll
File not found -- C:\WINDOWS\System32\wtsapi32.dll
File not found -- C:\WINDOWS\System32\wstrenderer.ax
File not found -- C:\WINDOWS\System32\wstpager.ax
File not found -- C:\WINDOWS\System32\wstdecod.dll
File not found -- C:\WINDOWS\System32\wsock32.dll
File not found -- C:\WINDOWS\System32\wsnmp32.dll
File not found -- C:\WINDOWS\System32\wshtcpip.dll
File not found -- C:\WINDOWS\System32\wshrm.dll
File not found -- C:\WINDOWS\System32\wshom.ocx
File not found -- C:\WINDOWS\System32\wshnetbs.dll
File not found -- C:\WINDOWS\System32\wshisn.dll
File not found -- C:\WINDOWS\System32\wship6.dll
File not found -- C:\WINDOWS\System32\wshext.dll
File not found -- C:\WINDOWS\System32\wshcon.dll
File not found -- C:\WINDOWS\System32\wshbth.dll
File not found -- C:\WINDOWS\System32\wshatm.dll
File not found -- C:\WINDOWS\System32\wsecedit.dll
File not found -- C:\WINDOWS\System32\wscui.cpl
File not found -- C:\WINDOWS\System32\wscsvc.dll
File not found -- C:\WINDOWS\System32\wscript.exe
File not found -- C:\WINDOWS\System32\wscntfy.exe
File not found -- C:\WINDOWS\System32\ws2help.dll
File not found -- C:\WINDOWS\System32\ws2_32.dll
File not found -- C:\WINDOWS\System32\write.exe
File not found -- C:\WINDOWS\System32\wpnpinst.exe
File not found -- C:\WINDOWS\System32\wpdsp.dll
File not found -- C:\WINDOWS\System32\WPDShServiceObj.dll
File not found -- C:\WINDOWS\System32\wpdshextres.dll
File not found -- C:\WINDOWS\System32\wpdshextautoplay.exe
File not found -- C:\WINDOWS\System32\WpdShext.dll
File not found -- C:\WINDOWS\System32\wpdmtpus.dll
File not found -- C:\WINDOWS\System32\wpdmtp.dll
File not found -- C:\WINDOWS\System32\wpdconns.dll
File not found -- C:\WINDOWS\System32\wpd_ci.dll
File not found -- C:\WINDOWS\System32\wpabaln.exe
File not found -- C:\WINDOWS\System32\wpa.dbl
File not found -- C:\WINDOWS\System32\wowfax.dll
File not found -- C:\WINDOWS\System32\wowexec.exe
File not found -- C:\WINDOWS\System32\wowdeb.exe
File not found -- C:\WINDOWS\System32\wow32.dll
File not found -- C:\WINDOWS\System32\WMVXENCD.dll
File not found -- C:\WINDOWS\System32\WMVSENCD.dll
File not found -- C:\WINDOWS\System32\WMVSDECD.dll
File not found -- C:\WINDOWS\System32\WMVENCOD.dll
File not found -- C:\WINDOWS\System32\wmvds32.ax
File not found -- C:\WINDOWS\System32\wmvdmoe2.dll
File not found -- C:\WINDOWS\System32\wmvdmoe.dll
File not found -- C:\WINDOWS\System32\wmvdmod.dll
File not found -- C:\WINDOWS\System32\WMVDECOD.dll
File not found -- C:\WINDOWS\System32\wmvcore2.dll
File not found -- C:\WINDOWS\System32\WMVCore.dll
File not found -- C:\WINDOWS\System32\WMVADVE.DLL
File not found -- C:\WINDOWS\System32\WMVADVD.dll
File not found -- C:\WINDOWS\System32\wmv8ds32.ax
File not found -- C:\WINDOWS\System32\wmv8dmod.dll
File not found -- C:\WINDOWS\WMSysPrx.prx
File not found -- C:\WINDOWS\WMSysPr9.prx
File not found -- C:\WINDOWS\System32\wmstream.dll
File not found -- C:\WINDOWS\System32\WMSPDMOE.dll
File not found -- C:\WINDOWS\System32\wmspdmod.dll
File not found -- C:\WINDOWS\System32\wmsdmoe2.dll
File not found -- C:\WINDOWS\System32\wmsdmoe.dll
File not found -- C:\WINDOWS\System32\wmsdmod.dll
File not found -- C:\WINDOWS\System32\wmpui.dll
File not found -- C:\WINDOWS\System32\wmpstub.exe
File not found -- C:\WINDOWS\System32\wmpsrcwp.dll
File not found -- C:\WINDOWS\System32\wmpshell.dll
File not found -- C:\WINDOWS\System32\wmpscheme.xml
File not found -- C:\WINDOWS\System32\wmpps.dll
File not found -- C:\WINDOWS\System32\wmpns.dll
File not found -- C:\WINDOWS\System32\wmpmde.dll
File not found -- C:\WINDOWS\System32\wmploc.dll
File not found -- C:\WINDOWS\System32\wmpencen.dll
File not found -- C:\WINDOWS\System32\wmpeffects.dll
File not found -- C:\WINDOWS\System32\wmpdxm.dll
File not found -- C:\WINDOWS\System32\wmpcore.dll
File not found -- C:\WINDOWS\System32\wmpcd.dll
File not found -- C:\WINDOWS\System32\wmpasf.dll
File not found -- C:\WINDOWS\System32\wmp.ocx
File not found -- C:\WINDOWS\System32\wmp.dll
File not found -- C:\WINDOWS\System32\WMNetmgr.dll
File not found -- C:\WINDOWS\System32\wmiscmgr.dll
File not found -- C:\WINDOWS\System32\wmiprop.dll
File not found -- C:\WINDOWS\System32\wmimgmt.msc
File not found -- C:\WINDOWS\System32\wmidx.ocx
File not found -- C:\WINDOWS\System32\wmidx.dll
File not found -- C:\WINDOWS\System32\wmi.dll
File not found -- C:\WINDOWS\System32\wmerror.dll
File not found -- C:\WINDOWS\System32\wmerrenu.dll
File not found -- C:\WINDOWS\System32\wmdrmsdk.dll
File not found -- C:\WINDOWS\System32\wmdrmnet.dll
File not found -- C:\WINDOWS\System32\wmdrmdev.dll
File not found -- C:\WINDOWS\System32\wmdmps.dll
File not found -- C:\WINDOWS\System32\wmdmlog.dll
File not found -- C:\WINDOWS\System32\wmasf.dll
File not found -- C:\WINDOWS\System32\WMADMOE.dll
File not found -- C:\WINDOWS\System32\WMADMOD.dll
File not found -- C:\WINDOWS\WLXPGSS.SCR
File not found -- C:\WINDOWS\System32\wlnotify.dll
File not found -- C:\WINDOWS\System32\wldap32.dll
File not found -- C:\WINDOWS\System32\wlanapi.dll
File not found -- C:\WINDOWS\System32\wkssvc.dll
File not found -- C:\WINDOWS\System32\wjview.exe
File not found -- C:\WINDOWS\System32\WISPTIS.EXE
File not found -- C:\WINDOWS\System32\winver.exe
File not found -- C:\WINDOWS\System32\wintrust.dll
File not found -- C:\WINDOWS\System32\winstrm.dll
File not found -- C:\WINDOWS\System32\winsta.dll
File not found -- C:\WINDOWS\System32\winspool.exe
File not found -- C:\WINDOWS\System\winspool.drv
File not found -- C:\WINDOWS\winnt256.bmp
File not found -- C:\WINDOWS\winnt.bmp
File not found -- C:\WINDOWS\winhlp32.exe
File not found -- C:\WINDOWS\winhelp.exe
File not found -- C:\WINDOWS\WindowsShell.Manifest
File not found -- C:\Documents and Settings\Linda\Desktop\Windows Messenger.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\Windows Live Messenger .lnk
File not found -- C:\WINDOWS\win.ini
File not found -- C:\Documents and Settings\All Users\Desktop\William Hill Poker.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\William Hill Casino.lnk
File not found -- C:\WINDOWS\System\WFWNET.DRV
File not found -- C:\WINDOWS\VPC32.INI
File not found -- C:\WINDOWS\VO63QJ2E.ocx
File not found -- C:\WINDOWS\vmmreg32.dll
File not found -- C:\WINDOWS\System\VGA.DRV
File not found -- C:\WINDOWS\System\VER.DLL
File not found -- C:\WINDOWS\vbaddin.ini
File not found -- C:\WINDOWS\vb.ini
File not found -- C:\WINDOWS\Updreg.EXE
File not found -- C:\WINDOWS\UnsetupBT Openworld Broadband ICM4.1.exe
File not found -- C:\WINDOWS\UNNeroVision.exe
File not found -- C:\WINDOWS\UNNeroVision.cfg
File not found -- C:\WINDOWS\UDB.zip
File not found -- C:\WINDOWS\twunk_32.exe
File not found -- C:\WINDOWS\twunk_16.exe
File not found -- C:\WINDOWS\twain_32.dll
File not found -- C:\WINDOWS\twain.dll
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Titan Poker.lnk
File not found -- C:\WINDOWS\System\TIMER.DRV
File not found -- C:\WINDOWS\TASKMAN.EXE
File not found -- C:\WINDOWS\System\TAPI.DLL
File not found -- C:\WINDOWS\system.ini
File not found -- C:\WINDOWS\System\SYSTEM.DRV
File not found -- C:\WINDOWS\System\stdole.tlb
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\Spotify.lnk
File not found -- C:\WINDOWS\System\SOUND.DRV
File not found -- C:\WINDOWS\Soap Bubbles.bmp
File not found -- C:\WINDOWS\slrundll.exe
File not found -- C:\WINDOWS\SlantAdj.dll
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
File not found -- C:\Documents and Settings\Linda\Desktop\Shortcut to art pictures.lnk
File not found -- C:\WINDOWS\System\SHELL.DLL
File not found -- C:\WINDOWS\SGDetectionTool.dll
File not found -- C:\WINDOWS\System\setup.inf
File not found -- C:\WINDOWS\setdebug.exe
File not found -- C:\WINDOWS\SBWIN.INI
File not found -- C:\WINDOWS\Santa Fe Stucco.bmp
File not found -- C:\WINDOWS\tasks\SA.DAT
File not found -- C:\WINDOWS\River Sumida.bmp
File not found -- C:\WINDOWS\Rhododendron.bmp
File not found -- C:\WINDOWS\REGULOCS.OLD
File not found -- C:\WINDOWS\RegSDImport.xml
File not found -- C:\WINDOWS\REGLOCS.OLD
File not found -- C:\WINDOWS\RegISSImport.xml
File not found -- C:\WINDOWS\regedit.exe
File not found -- C:\WINDOWS\READREG.EXE
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
File not found -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
File not found -- C:\WINDOWS\PSCONV.EXE
File not found -- C:\WINDOWS\Prairie Wind.bmp
File not found -- C:\WINDOWS\pp.enc
File not found -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PhotoImpact XL.lnk
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA19xx Device Manager.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Philips SA19xx Device Manager.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Philips PhotoFrame Manager.lnk
File not found -- C:\WINDOWS\PCTBDRes.dll
File not found -- C:\WINDOWS\PCTBDCore.dll.old
File not found -- C:\WINDOWS\PCTBDCore.dll
File not found -- C:\WINDOWS\pcdlib32.dll
File not found -- C:\Documents and Settings\Linda\Desktop\PartyPoker.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
File not found -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
File not found -- C:\WINDOWS\tasks\ParetoLogic Registration.job
File not found -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\OTL.exe
File not found -- C:\Documents and Settings\All Users\Desktop\OmniPage Pro 14.0.lnk
File not found -- C:\WINDOWS\System\OLESVR.DLL
File not found -- C:\WINDOWS\System\OLECLI.DLL
File not found -- C:\WINDOWS\tasks\OGALogon.job
File not found -- C:\WINDOWS\oeuninst.exe
File not found -- C:\WINDOWS\ODBCINST.INI
File not found -- C:\WINDOWS\ODBC.INI
File not found -- C:\WINDOWS\O83PPKBG.ocx
File not found -- C:\WINDOWS\NWQNADHB.ocx
File not found -- C:\Documents and Settings\Linda\ntuser.pol
File not found -- C:\Documents and Settings\All Users\ntuser.pol
File not found -- C:\Documents and Settings\Linda\ntuser.ini
File not found -- C:\Documents and Settings\Linda\NTUSER.DAT
File not found -- C:\Documents and Settings\All Users\NTUSER.DAT
File not found -- C:\WINDOWS\notepad.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
File not found -- C:\WINDOWS\NeroDigital.ini
File not found -- C:\Documents and Settings\All Users\Desktop\Nero Recode.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM.lnk
File not found -- C:\WINDOWS\muninst.exe
File not found -- C:\WINDOWS\System\MSVIDEO.DLL
File not found -- C:\Documents and Settings\Linda\My Documents\MsgPlusLive-482.exe
File not found -- C:\WINDOWS\msdfmap.ini
File not found -- C:\WINDOWS\System\MOUSE.DRV
File not found -- C:\WINDOWS\System\MMTASK.TSK
File not found -- C:\WINDOWS\System\mmsystem.dll
File not found -- C:\WINDOWS\MIDIDEF.EXE
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Publisher 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office PowerPoint 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft AutoRoute.lnk
File not found -- C:\WINDOWS\System\MCIWAVE.DRV
File not found -- C:\WINDOWS\System\MCISEQ.DRV
File not found -- C:\WINDOWS\System\MCIAVI.DRV
File not found -- C:\WINDOWS\MAXLINK.INI
File not found -- C:\WINDOWS\System\LZEXPAND.DLL
File not found -- C:\WINDOWS\lgo
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File not found -- C:\WINDOWS\System\KEYBOARD.DRV
File not found -- C:\WINDOWS\jautoexp.dat
File not found -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
File not found -- C:\WINDOWS\IsUninst.exe
File not found -- C:\WINDOWS\isnooker.INI
File not found -- C:\WINDOWS\INRES.DLL
File not found -- C:\WINDOWS\imsins.BAK
File not found -- C:\WINDOWS\ieuninst.exe
File not found -- C:\WINDOWS\IDB.zip
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\IconCache.db
File not found -- C:\WINDOWS\hh.exe
File not found -- C:\WINDOWS\Greenstone.bmp
File not found -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
File not found -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
File not found -- C:\WINDOWS\Gone Fishing.bmp
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File not found -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
File not found -- C:\WINDOWS\fs1235.dat
File not found -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\FrostWire On Startup.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\FrostWire 4.18.3.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.17.2.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\FlashFXP.lnk
File not found -- C:\WINDOWS\firstrun.vbs
File not found -- C:\WINDOWS\Firstrun.exe
File not found -- C:\WINDOWS\FeatherTexture.bmp
File not found -- C:\WINDOWS\fdgg34353edfgdfdf
File not found -- C:\WINDOWS\F9B5D4PH.ocx
File not found -- C:\WINDOWS\explorer.scf
File not found -- C:\WINDOWS\explorer.exe
File not found -- C:\Program Files\EULA.eng
File not found -- C:\Documents and Settings\Linda\Desktop\ePSXe.lnk
File not found -- C:\WINDOWS\EPSTPLOG.BAK
File not found -- C:\Documents and Settings\All Users\Desktop\DVD X Copy Platinum RF.lnk
File not found -- C:\WINDOWS\tasks\DriverCure.job
File not found -- C:\Documents and Settings\Linda\My Documents\Doc1.doc
File not found -- C:\Documents and Settings\Linda\Desktop\DivX Movies.lnk
File not found -- C:\WINDOWS\DEVREG.DLL
File not found -- C:\WINDOWS\d3dx.dat
File not found -- C:\WINDOWS\CTRES.DLL
File not found -- C:\WINDOWS\CTDVAUDY.CDF
File not found -- C:\WINDOWS\CTDCRES.DLL
File not found -- C:\WINDOWS\CTCCW.DLL
File not found -- C:\Documents and Settings\All Users\Desktop\Creature Attack Pinball.lnk
File not found -- C:\WINDOWS\control.ini
File not found -- C:\WINDOWS\COMP.BMP
File not found -- C:\WINDOWS\System\COMMDLG.DLL
File not found -- C:\WINDOWS\Coffee Bean.bmp
File not found -- C:\Documents and Settings\All Users\Desktop\Clone DVD.lnk
File not found -- C:\WINDOWS\clock.avi
File not found -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Messenger.lnk
File not found -- C:\WINDOWS\BQSHYJ2R.ocx
File not found -- C:\WINDOWS\bootstat.dat
File not found -- C:\WINDOWS\Blue Lace 16.bmp
File not found -- C:\WINDOWS\bk23567.dat
File not found -- C:\WINDOWS\bk20856.dat
File not found -- C:\WINDOWS\bill113.exe
File not found -- C:\WINDOWS\bill112.exe
File not found -- C:\WINDOWS\BDTSupport.dll.old
File not found -- C:\WINDOWS\BDTSupport.dll
File not found -- C:\WINDOWS\System\AVIFILE.DLL
File not found -- C:\WINDOWS\System\AVICAP.DLL
File not found -- C:\Documents and Settings\All Users\Desktop\ARCADE GAMES.lnk
File not found -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
File not found -- C:\WINDOWS\Ade001.bin
File not found -- C:\WINDOWS\ADE.DLL
File not found -- C:\WINDOWS\AC3API.INI
File not found -- C:\WINDOWS\tasks\A21E998D9185167D.job
File not found -- C:\Documents and Settings\Linda\Desktop\888poker.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\2010%20Group%20Fitness%20Programme.pdf
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0995154505553.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\097101524998102.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0554999559954.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535748485197.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535049569854.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\05154484910053.xxe
File not found -- C:\Documents and Settings\Linda\Desktop\µTorrent.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
File not found -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF
File not found -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK
File not found -- C:\WINDOWS\_default.pif
[2010/06/30 17:01:26 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,132 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,132 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/30 17:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/30 17:01:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
[2010/06/30 17:01:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
[2010/06/18 12:44:41 | 000,522,726 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/18 12:44:41 | 000,443,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/18 12:44:41 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 11:53:02 | 000,047,616 | ---- | M] (PDRV) -- C:\WINDOWS\System32\drivers\pdrv.sys
[2010/06/14 11:53:02 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\pdrv.dll
[2010/06/10 11:00:25 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 17:17:42 | 000,008,259 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
[2010/06/30 17:12:34 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
[2010/06/30 15:33:48 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/06/30 15:32:40 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/30 15:32:40 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/30 15:32:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/30 15:32:39 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/30 15:32:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/30 15:32:38 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/30 15:30:15 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/30 15:30:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/30 15:30:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/30 15:30:05 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/30 15:30:01 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/29 22:11:53 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
[2010/06/29 21:30:17 | 000,012,732 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
[2010/06/29 21:24:10 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
[2010/06/29 16:41:25 | 000,012,234 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
[2010/06/29 16:35:10 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
[2010/06/29 16:28:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0554999559954.xxe
[2010/06/29 16:27:28 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
[2010/06/20 13:35:58 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
[2010/06/18 12:54:11 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
[2010/06/18 12:48:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\097101524998102.xxe
[2010/06/18 12:47:19 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
[2010/06/16 11:51:48 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/16 11:51:48 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/06/15 20:59:21 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
[2010/06/15 20:43:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\05154484910053.xxe
[2010/06/15 20:42:40 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
[2010/06/14 23:08:52 | 000,000,039 | ---- | C] () -- C:\WINDOWS\bk20856.dat
[2010/06/14 11:58:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo
[2010/06/14 11:58:37 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/06/14 11:58:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/06/14 11:58:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535748485197.xxe
[2010/06/14 11:58:17 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0995154505553.xxe
[2010/06/14 11:58:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535049569854.xxe
[2010/06/14 11:53:02 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\pdrv.dll
[2010/06/10 17:53:43 | 000,049,143 | ---- | C] () -- C:\Program Files\EULA.eng
[2010/06/01 21:33:24 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2010/06/01 21:33:24 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\888poker.lnk
[2010/05/26 15:47:31 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to art pictures.lnk
[2010/05/12 21:25:42 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Spotify.lnk
[2010/05/01 09:56:09 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\ePSXe.lnk
[2010/04/16 02:32:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\William Hill Casino.lnk
[2010/04/08 05:48:13 | 000,450,560 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Doc1.doc
[2010/04/05 12:21:47 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\William Hill Poker.lnk
[2010/02/23 05:57:31 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/22 22:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isnooker.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/09/17 10:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/08/07 16:58:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/08/07 16:51:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/08/07 16:35:41 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/08/07 11:05:22 | 000,000,430 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/08/07 09:40:42 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2004/08/07 09:40:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2004/08/07 09:39:37 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/08/07 09:39:37 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/08/07 09:38:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2004/08/07 09:38:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2004/08/07 09:38:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2004/08/06 22:16:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/06 21:10:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/06 21:08:45 | 000,068,908 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/08/06 21:08:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/06 21:08:23 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/08/06 21:08:23 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/08/06 21:06:17 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/06 20:58:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/06 20:52:10 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/08/06 20:52:08 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys
[2004/06/10 22:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 02:08:28 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys

========== LOP Check ==========

File not found -- C:\Documents and Settings\All Users\Application Data\BVRP Software
File not found -- C:\Documents and Settings\All Users\Application Data\DriverCure
File not found -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
File not found -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
File not found -- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
File not found -- C:\Documents and Settings\All Users\Application Data\ScanSoft
File not found -- C:\Documents and Settings\All Users\Application Data\TEMP
File not found -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
File not found -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
File not found -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
File not found -- C:\Documents and Settings\Linda\Application Data\FrostWire
File not found -- C:\Documents and Settings\Linda\Application Data\info joy ford
File not found -- C:\Documents and Settings\Linda\Application Data\Microgaming
File not found -- C:\Documents and Settings\Linda\Application Data\PacificPoker
File not found -- C:\Documents and Settings\Linda\Application Data\ScanSoft
File not found -- C:\Documents and Settings\Linda\Application Data\Spotify
File not found -- C:\Documents and Settings\Linda\Application Data\Ulead Systems
File not found -- C:\Documents and Settings\Linda\Application Data\uTorrent
File not found -- C:\WINDOWS\Tasks\A21E998D9185167D.job
File not found -- C:\WINDOWS\Tasks\DriverCure.job
File not found -- C:\WINDOWS\Tasks\OGALogon.job
File not found -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
File not found -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-10 03:05:03


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\LastGood\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 00:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/09/04 04:12:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/09/04 04:12:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\imm32.dll

< MD5 for: KERNEL32.DLL >
[2004/08/04 00:56:44 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[2009/03/21 14:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:56:56 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 03:41:10 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:56:46 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\sp2gdr\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\sp2qfe\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/06 11:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 5:17 pm

it only opened one notepad .. (OTL.Txt - Notepad) the othe Extras.Txt did not appear

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 30th June 2010, 5:37 pm

Hi duck_boi_97, Smile

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download [You must be registered and logged in to see this link.]

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

=====

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 5:56 pm

this is the log created from the Lop S&D scan

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Linda ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 9.0.0.1400 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:78 Go (Free:3 Go)
E:\ (Local Disk) - NTFS - Total:57 Go (Free:30 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 30/06/2010|18:44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Tasks\A21E998D9185167D.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool\Less Else.dat
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool\Less Else.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\Beep Fast Okay Hope.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\cdromstupidtime.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\Online Noun Dumb.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\yilbzemk.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_b25c.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f16b.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f508.exe
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@adultfriendfinder[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@ads.adultadvertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising.sheknows[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[10].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[11].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[6].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[7].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[8].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[9].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@ero-advertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[6].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.darkorbit.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.darkorbit.bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.seafight.bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@uk.farmerama.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@uk.farmerama.bigpoint[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@xblaster.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@pacificpoker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@pacificpoker[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[7].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@las-vegas-nevada[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegas.williamhill[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegas.williamhill[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegasred[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegasred[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888casino[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888games[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888poker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888sport[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[4].txt
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bis1A.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bisDC.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bisDF.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1
Deleted! - C:\DOCUME~1\Linda\APPLIC~1\infojo~1
Deleted! - C:\Program Files\infojo~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[06/08/2004|21:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[07/08/2004|09:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[06/08/2004|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/08/2004|21:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[06/08/2004|23:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[07/08/2004|11:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[06/08/2004|20:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[22/10/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[01/12/2009|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[07/08/2004|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[22/10/2009|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/10/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/12/2009|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[06/08/2004|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/06/2010|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverCure
[07/08/2004|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[27/12/2009|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/06/2010|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/10/2009|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[18/11/2009|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[31/01/2010|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[30/12/2009|22:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
[30/06/2010|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[07/08/2004|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[17/09/2005|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[30/06/2010|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2010|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[07/08/2004|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[26/10/2009|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[06/08/2004|20:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/11/2009|22:20] C:\DOCUME~1\Ian\APPLIC~1\Adobe
[30/12/2009|14:10] C:\DOCUME~1\Ian\APPLIC~1\Apple Computer
[07/08/2004|09:45] C:\DOCUME~1\Ian\APPLIC~1\ArcSoft
[07/08/2004|12:52] C:\DOCUME~1\Ian\APPLIC~1\CyberLink
[30/12/2009|22:31] C:\DOCUME~1\Ian\APPLIC~1\DriverCure
[07/08/2004|12:28] C:\DOCUME~1\Ian\APPLIC~1\EPSON
[20/03/2010|04:00] C:\DOCUME~1\Ian\APPLIC~1\FrostWire
[06/08/2004|23:29] C:\DOCUME~1\Ian\APPLIC~1\Identities
[21/03/2010|21:12] C:\DOCUME~1\Ian\APPLIC~1\LittlewoodsPoker
[07/08/2004|09:55] C:\DOCUME~1\Ian\APPLIC~1\Macromedia
[31/03/2010|22:55] C:\DOCUME~1\Ian\APPLIC~1\Microgaming
[27/11/2009|19:59] C:\DOCUME~1\Ian\APPLIC~1\Microsoft
[29/04/2010|21:33] C:\DOCUME~1\Ian\APPLIC~1\MSN6
[18/02/2010|02:12] C:\DOCUME~1\Ian\APPLIC~1\Office Genuine Advantage
[30/06/2010|15:29] C:\DOCUME~1\Ian\APPLIC~1\PC Tools
[07/08/2004|11:05] C:\DOCUME~1\Ian\APPLIC~1\ScanSoft
[09/06/2010|21:48] C:\DOCUME~1\Ian\APPLIC~1\Spotify
[25/04/2010|15:36] C:\DOCUME~1\Ian\APPLIC~1\Sun
[17/09/2005|10:17] C:\DOCUME~1\Ian\APPLIC~1\Symantec
[07/08/2004|12:28] C:\DOCUME~1\Ian\APPLIC~1\Ulead Systems
[30/06/2010|17:00] C:\DOCUME~1\Ian\APPLIC~1\uTorrent

[29/10/2009|19:43] C:\DOCUME~1\Linda\APPLIC~1\Adobe
[24/12/2009|14:20] C:\DOCUME~1\Linda\APPLIC~1\Apple Computer
[30/06/2010|17:08] C:\DOCUME~1\Linda\APPLIC~1\FrostWire
[06/08/2004|23:54] C:\DOCUME~1\Linda\APPLIC~1\Identities
[25/12/2009|18:51] C:\DOCUME~1\Linda\APPLIC~1\InstallShield
[07/08/2004|17:15] C:\DOCUME~1\Linda\APPLIC~1\Macromedia
[17/03/2010|18:44] C:\DOCUME~1\Linda\APPLIC~1\Microgaming
[02/12/2009|00:32] C:\DOCUME~1\Linda\APPLIC~1\Microsoft
[22/10/2009|18:42] C:\DOCUME~1\Linda\APPLIC~1\Mozilla
[03/06/2010|17:53] C:\DOCUME~1\Linda\APPLIC~1\MSN6
[28/02/2010|14:45] C:\DOCUME~1\Linda\APPLIC~1\Office Genuine Advantage
[01/06/2010|21:35] C:\DOCUME~1\Linda\APPLIC~1\PacificPoker
[07/08/2004|12:16] C:\DOCUME~1\Linda\APPLIC~1\ScanSoft
[30/06/2010|12:31] C:\DOCUME~1\Linda\APPLIC~1\Spotify
[22/10/2009|21:15] C:\DOCUME~1\Linda\APPLIC~1\Sun
[07/08/2004|12:18] C:\DOCUME~1\Linda\APPLIC~1\Ulead Systems
[30/06/2010|17:12] C:\DOCUME~1\Linda\APPLIC~1\uTorrent

[26/01/2010|23:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/08/2004|20:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[30/06/2010 17:03][--a------] C:\WINDOWS\tasks\OGALogon.job
[30/06/2010 17:50][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[30/06/2010 17:03][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[30/06/2010 18:00][--a------] C:\WINDOWS\tasks\ParetoLogic Registration.job
[28/06/2010 04:31][--a------] C:\WINDOWS\tasks\DriverCure.job
[26/06/2010 03:38][--a------] C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[25/06/2010 20:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[30/06/2010 17:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/09/2001 04:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000


--------------------\\ Listing Folders in C:\Program Files

[06/08/2004|23:09] C:\Program Files\321Studios
[06/08/2004|23:13] C:\Program Files\321StudiosRF
[06/08/2004|20:55] C:\Program Files\ABIT
[06/08/2004|21:11] C:\Program Files\Adobe
[07/08/2004|11:41] C:\Program Files\Ahead
[22/10/2009|18:20] C:\Program Files\Apple Software Update
[07/08/2004|09:42] C:\Program Files\ArcSoft
[29/11/2009|23:35] C:\Program Files\Ask Search Assistant
[22/10/2009|18:42] C:\Program Files\AskBarDis
[06/08/2004|21:01] C:\Program Files\ATI Technologies
[22/10/2009|18:20] C:\Program Files\Bonjour
[07/08/2004|16:58] C:\Program Files\BT Openworld Broadband ICM
[07/08/2004|16:54] C:\Program Files\BTopenworld NetHelp
[23/02/2010|03:52] C:\Program Files\Circle Devlopement
[06/08/2004|23:27] C:\Program Files\CloneDVD
[30/06/2010|15:29] C:\Program Files\Common Files
[06/08/2004|20:21] C:\Program Files\ComPlus Applications
[28/03/2010|15:36] C:\Program Files\Conduit
[06/08/2004|21:10] C:\Program Files\Creative
[06/08/2004|22:08] C:\Program Files\CyberLink
[26/04/2010|03:39] C:\Program Files\Delta
[06/01/2010|01:12] C:\Program Files\DivX
[07/08/2004|09:44] C:\Program Files\EPSON
[07/08/2004|17:09] C:\Program Files\FlashFXP
[22/10/2009|21:22] C:\Program Files\FrostWire
[22/10/2009|22:06] C:\Program Files\FrostWire1
[30/06/2010|18:27] C:\Program Files\Full Tilt Poker
[06/01/2010|01:13] C:\Program Files\Google
[21/03/2010|14:09] C:\Program Files\InstallShield Installation Information
[06/08/2004|20:52] C:\Program Files\Intel
[10/06/2010|11:00] C:\Program Files\Internet Explorer
[13/02/2010|22:10] C:\Program Files\iPod
[13/02/2010|22:11] C:\Program Files\iTunes
[22/10/2009|21:22] C:\Program Files\Java
[07/08/2004|14:59] C:\Program Files\Lavasoft
[10/06/2010|17:54] C:\Program Files\LittlewoodsPoker
[16/06/2010|11:51] C:\Program Files\McAfeeScanAndRepair
[28/03/2010|15:36] C:\Program Files\Messenger Plus! Live
[22/05/2010|17:32] C:\Program Files\Messenger_Plus_Live_UK
[21/10/2009|17:47] C:\Program Files\Microsoft
[06/08/2004|22:15] C:\Program Files\Microsoft ActiveSync
[07/08/2004|10:56] C:\Program Files\Microsoft AutoRoute
[23/10/2009|02:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/08/2004|20:23] C:\Program Files\microsoft frontpage
[06/08/2004|21:17] C:\Program Files\Microsoft IntelliPoint
[06/08/2004|21:16] C:\Program Files\Microsoft IntelliType Pro
[07/08/2004|10:55] C:\Program Files\Microsoft Office
[21/10/2009|17:46] C:\Program Files\Microsoft Office Outlook Connector
[07/08/2004|10:53] C:\Program Files\Microsoft Plus!
[06/06/2010|13:02] C:\Program Files\Microsoft Silverlight
[21/10/2009|17:42] C:\Program Files\Microsoft SQL Server Compact Edition
[21/10/2009|17:43] C:\Program Files\Microsoft Sync Framework
[06/08/2004|22:15] C:\Program Files\Microsoft Visual Studio
[23/10/2009|02:48] C:\Program Files\Microsoft Works
[06/08/2004|22:15] C:\Program Files\Microsoft.NET
[07/08/2004|16:53] C:\Program Files\Motive
[10/03/2010|22:56] C:\Program Files\Movie Maker
[22/10/2009|18:42] C:\Program Files\Mozilla Firefox
[24/10/2009|17:17] C:\Program Files\MSBuild
[06/11/2009|00:35] C:\Program Files\MSN
[06/08/2004|20:20] C:\Program Files\MSN Gaming Zone
[21/10/2009|17:34] C:\Program Files\MSN Toolbar
[19/10/2009|18:42] C:\Program Files\MSXML 4.0
[19/10/2009|18:25] C:\Program Files\NetMeeting
[06/08/2004|20:21] C:\Program Files\Online Services
[12/05/2010|03:01] C:\Program Files\Outlook Express
[01/06/2010|21:33] C:\Program Files\PacificPoker
[13/06/2010|18:08] C:\Program Files\PakkISO
[30/12/2009|22:30] C:\Program Files\ParetoLogic
[04/06/2010|14:50] C:\Program Files\PartyGaming
[25/12/2009|18:51] C:\Program Files\Philips
[06/12/2009|15:25] C:\Program Files\Philips PhotoFrame Manager
[15/06/2010|15:08] C:\Program Files\PokerStars
[18/05/2010|22:58] C:\Program Files\PSXMemTool
[01/12/2009|23:27] C:\Program Files\QuickTime
[24/10/2009|17:17] C:\Program Files\Reference Assemblies
[07/08/2004|11:03] C:\Program Files\ScanSoft
[06/08/2004|23:23] C:\Program Files\SlySoft
[07/06/2010|18:43] C:\Program Files\Spotify
[30/06/2010|16:38] C:\Program Files\Spyware Doctor
[17/09/2005|10:39] C:\Program Files\Symantec
[30/06/2010|17:06] C:\Program Files\Symantec AntiVirus
[06/08/2004|20:43] C:\Program Files\SymNetDrv
[07/08/2004|09:58] C:\Program Files\Ulead Systems
[06/08/2004|21:29] C:\Program Files\Uninstall Information
[22/10/2009|18:41] C:\Program Files\uTorrent
[14/06/2010|11:58] C:\Program Files\webserver
[06/08/2004|21:50] C:\Program Files\Wildfire Studios
[21/10/2009|17:46] C:\Program Files\Windows Live
[21/10/2009|17:40] C:\Program Files\Windows Live SkyDrive
[01/11/2009|05:26] C:\Program Files\Windows Media Connect 2
[01/11/2009|05:26] C:\Program Files\Windows Media Player
[19/10/2009|18:25] C:\Program Files\Windows NT
[17/09/2005|10:39] C:\Program Files\WindowsUpdate
[07/08/2004|00:07] C:\Program Files\WinRAR
[06/08/2004|20:23] C:\Program Files\xerox
[07/08/2004|16:52] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[21/10/2009|17:10] C:\Program Files\Common Files\Adobe
[06/08/2004|22:21] C:\Program Files\Common Files\Ahead
[13/02/2010|22:10] C:\Program Files\Common Files\Apple
[06/08/2004|22:15] C:\Program Files\Common Files\DESIGNER
[06/01/2010|01:12] C:\Program Files\Common Files\DivX Shared
[07/08/2004|09:38] C:\Program Files\Common Files\EPSON
[07/08/2004|11:02] C:\Program Files\Common Files\InstallShield
[22/10/2009|21:21] C:\Program Files\Common Files\Java
[06/08/2004|22:16] C:\Program Files\Common Files\L&H
[30/06/2010|15:29] C:\Program Files\Common Files\Microsoft Shared
[07/08/2004|16:54] C:\Program Files\Common Files\Motive
[06/08/2004|20:21] C:\Program Files\Common Files\MSSoap
[06/08/2004|21:14] C:\Program Files\Common Files\ODBC
[30/12/2009|22:30] C:\Program Files\Common Files\ParetoLogic
[30/06/2010|15:32] C:\Program Files\Common Files\PC Tools
[07/08/2004|09:40] C:\Program Files\Common Files\Python
[07/08/2004|11:04] C:\Program Files\Common Files\Scansoft Shared
[06/08/2004|20:22] C:\Program Files\Common Files\Services
[06/08/2004|21:14] C:\Program Files\Common Files\SpeechEngines
[17/09/2005|10:40] C:\Program Files\Common Files\Symantec Shared
[21/10/2009|17:46] C:\Program Files\Common Files\System
[07/08/2004|09:58] C:\Program Files\Common Files\Ulead Systems
[21/10/2009|17:35] C:\Program Files\Common Files\Windows Live

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 18:51:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Linda\My Documents\Downloads\Various Artists - Blalock's Indie Rock Playlist May 2010\017 - Tahiti 80 - Crack Up.mp3


[F:4003][D:97]-> C:\DOCUME~1\Linda\LOCALS~1\Temp
[F:4661][D:0]-> C:\DOCUME~1\Linda\Cookies
[F:4289][D:51]-> C:\DOCUME~1\Linda\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 30/06/2010|18:54 - Option : [2]

--------------------\\ Scan completed at 18:54:30

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 6:10 pm

it says:
ComboFix has detected the following real time scanner(s) to be active:

antivirus: symantec antivirus corperate edition

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.




I have right clicked the icon in the bottom right hand side of the desktop and Dis-Enabled auto-protect and this still comes up.......what should i do

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 6:20 pm

i continued anyway and then this came up........

(a '!' in a yellow triangle in the bottom right with a note saying)
----------------------------------------------
NirCmd.cfxxe - Corrupt File

D:\RECYCLER is corrupt and unreadable
please run Chkdsk utility

--------------------------------------------
(when the computer gets turned on it goes to a Chkdsk screen but i have never let it run through as it appears to take forever and a day and if i remember rightly stayed on one bit for over 5 minutes...

I ALSO HAVE TO HIT F1 AT THE LOADING SCREEN BEFORE LOGIN (litrally the first screen that comes up when i turn the computer on)

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 6:26 pm

i will leave commy.exe running untill you tell me otherwise......... but it is saying its ''preparing to run'' and is staying liek that for a long time....and everytime i start commy.exe again the yellow triangle with the corrupt file warning come up in the bottom right hand corner

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 30th June 2010, 7:19 pm

Hi, Smile

Please boot into safe-mode and run ComboFix, you can do this by rebooting your computer and tapping F8 until it prompts you to choose which one. Please choose Safe-mode with Networking, once you are logged in please run ComboFix.exe and post that log here in your next reply.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 8:29 pm

i tryed to use commy.exe again and this time it worked Smile it restarted computer automatically ....Here is the log from the commy.exe and the log from the Lop S&D has already been posted.....Smile

ComboFix 10-06-29.04 - Linda 30/06/2010 20:28:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.421 [GMT 1:00]
Running from: c:\documents and settings\Linda\Desktop\commy.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Linda\Local Settings\Application Data\05154484910053.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0535049569854.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0535748485197.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0554999559954.xxe
c:\documents and settings\Linda\Local Settings\Application Data\097101524998102.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0995154505553.xxe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
c:\program files\webserver
c:\program files\webserver\webserver.exe
c:\windows\bill112.exe
c:\windows\bill113.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\lgo
c:\windows\system32\drivers\pdrv.sys
c:\windows\system32\pdrv.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PDRV
-------\Legacy_PPDRV
-------\Legacy_WEBSERVER
-------\Service_PDRV
-------\Service_ppdrv
-------\Service_webserver


((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 17:43 . 2010-06-30 17:54 -------- d-----w- C:\Lop SD
2010-06-30 16:23 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\Threat Expert
2010-06-30 16:22 . 2010-06-30 16:23 37524 ----a-w- c:\windows\fs1235.dat
2010-06-30 14:32 . 2010-06-23 04:01 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-30 14:32 . 2010-06-23 04:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-30 14:32 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-30 14:32 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-30 14:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-30 14:30 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-30 14:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-30 14:30 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-30 14:29 . 2010-06-30 14:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 14:29 . 2010-06-30 15:38 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 14:29 . 2010-06-30 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 14:29 . 2010-06-30 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 06:50 . 2010-06-29 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-16 10:51 . 2010-06-16 10:51 -------- d-----w- c:\program files\McAfeeScanAndRepair
2010-06-14 22:08 . 2010-06-30 10:46 39 ----a-w- c:\windows\bk20856.dat
2010-06-13 17:08 . 2010-06-13 17:08 -------- d-----w- c:\program files\PakkISO
2010-06-09 02:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 20:32 . 2010-06-01 20:35 -------- d-----w- c:\documents and settings\Linda\Application Data\PacificPoker
2010-06-01 20:32 . 2010-06-01 20:33 -------- d-----w- c:\program files\PacificPoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 20:04 . 2009-10-22 17:41 -------- d-----w- c:\documents and settings\Linda\Application Data\uTorrent
2010-06-30 20:03 . 2009-10-22 21:06 -------- d-----w- c:\documents and settings\Linda\Application Data\FrostWire
2010-06-30 20:01 . 2005-09-17 09:39 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 17:27 . 2009-11-01 22:00 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-30 14:21 . 2009-12-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-30 11:31 . 2010-05-12 20:25 -------- d-----w- c:\documents and settings\Linda\Application Data\Spotify
2010-06-15 14:08 . 2010-03-04 19:06 -------- d-----w- c:\program files\PokerStars
2010-06-10 16:54 . 2010-03-21 20:10 -------- d-----w- c:\program files\LittlewoodsPoker
2010-06-07 17:43 . 2010-05-12 20:25 -------- d-----w- c:\program files\Spotify
2010-06-06 12:02 . 2009-10-21 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 13:50 . 2010-03-18 00:44 -------- d-----w- c:\program files\PartyGaming
2010-06-03 16:53 . 2009-10-21 16:10 -------- d-----w- c:\documents and settings\Linda\Application Data\MSN6
2010-05-26 20:36 . 2010-06-10 16:53 49143 ----a-w- c:\program files\EULA.eng
2010-05-22 16:32 . 2010-03-28 14:36 -------- d-----w- c:\program files\Messenger_Plus_Live_UK
2010-05-18 21:58 . 2010-05-18 17:15 -------- d-----w- c:\program files\PSXMemTool
2010-05-06 10:41 . 2004-02-06 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 01:14 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-09-04 03:12 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-05-22 16:32 2515552 ----a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-01-20 1531904]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-12 270336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-10-29 139363]
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-10-29 57344]
"OpScheduler"="c:\program files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-10-29 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-06 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-06 124112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}"="c:\program files\Philips PhotoFrame Manager\AvqAutoRun.exe" [2009-05-04 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\documents and settings\Linda\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire1\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetHelp.lnk - c:\program files\BTopenworld NetHelp\bin\matcli.exe [2004-8-7 204800]
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-25 119296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire1\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:pdrv

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/06/2010 15:30 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/06/2010 15:32 198608]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [06/08/2004 21:08 12160]
S2 gupdate1ca8e64ed51f805;Google Update Service (gupdate1ca8e64ed51f805);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 01:12 133104]
S3 McLtScanner;McLtScanner;c:\program files\McAfeeScanAndRepair\McRbScanner.exe [29/01/2010 07:40 679920]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [06/08/2004 16:18 169192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2010 15:29 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-28 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-06-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-26 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
AddRemove-Ladbrokes Poker - c:\microg~1\Poker\LADBRO~1\LADBRO~1\UNWISE.EXE
AddRemove-MsgPlus! Plugin - c:\program files\MessengerPlus! 3\MsgPlus.exe
AddRemove-UT2004 - e:\games\UT2004\System\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPagePro14.0\OpHook14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\browser\ybrowser.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
.
**************************************************************************
.
Completion time: 2010-06-30 21:14:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 20:14

Pre-Run: 13,599,518,720 bytes free
Post-Run: 17,283,899,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 56773AEE8A0B02DC87D7C0C389284882

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 30th June 2010, 8:57 pm

Hi duck_boi_97, Smile

Please be more careful when installing things as the LOP infection came from Messenger Plus, we still have a couple more things to do before you are all clean. Right On!

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\fs1235.dat
    c:\windows\bk20856.dat

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


======

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 9:38 pm

commy.exe log after dragging CFScript.txt into the commy.exe

ComboFix 10-06-29.04 - Linda 30/06/2010 22:07:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.485 [GMT 1:00]
Running from: c:\documents and settings\Linda\Desktop\commy.exe
Command switches used :: c:\documents and settings\Linda\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\bk20856.dat"
"c:\windows\fs1235.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bk20856.dat
c:\windows\fs1235.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 20:48 . 2010-06-30 20:48 -------- d-----w- c:\windows\LastGood
2010-06-30 17:43 . 2010-06-30 17:54 -------- d-----w- C:\Lop SD
2010-06-30 16:23 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\Threat Expert
2010-06-30 14:32 . 2010-06-23 04:01 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-30 14:32 . 2010-06-23 04:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-30 14:32 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-30 14:32 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-30 14:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-30 14:30 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-30 14:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-30 14:30 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-30 14:29 . 2010-06-30 14:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 14:29 . 2010-06-30 15:38 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 14:29 . 2010-06-30 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 14:29 . 2010-06-30 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 06:50 . 2010-06-29 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-16 10:51 . 2010-06-16 10:51 -------- d-----w- c:\program files\McAfeeScanAndRepair
2010-06-13 17:08 . 2010-06-13 17:08 -------- d-----w- c:\program files\PakkISO
2010-06-09 02:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 20:32 . 2010-06-01 20:35 -------- d-----w- c:\documents and settings\Linda\Application Data\PacificPoker
2010-06-01 20:32 . 2010-06-01 20:33 -------- d-----w- c:\program files\PacificPoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 21:04 . 2005-09-17 09:39 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-30 20:04 . 2009-10-22 17:41 -------- d-----w- c:\documents and settings\Linda\Application Data\uTorrent
2010-06-30 20:03 . 2009-10-22 21:06 -------- d-----w- c:\documents and settings\Linda\Application Data\FrostWire
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 17:27 . 2009-11-01 22:00 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-30 14:21 . 2009-12-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-30 11:31 . 2010-05-12 20:25 -------- d-----w- c:\documents and settings\Linda\Application Data\Spotify
2010-06-15 14:08 . 2010-03-04 19:06 -------- d-----w- c:\program files\PokerStars
2010-06-10 16:54 . 2010-03-21 20:10 -------- d-----w- c:\program files\LittlewoodsPoker
2010-06-07 17:43 . 2010-05-12 20:25 -------- d-----w- c:\program files\Spotify
2010-06-06 12:02 . 2009-10-21 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 13:50 . 2010-03-18 00:44 -------- d-----w- c:\program files\PartyGaming
2010-06-03 16:53 . 2009-10-21 16:10 -------- d-----w- c:\documents and settings\Linda\Application Data\MSN6
2010-05-26 20:36 . 2010-06-10 16:53 49143 ----a-w- c:\program files\EULA.eng
2010-05-22 16:32 . 2010-03-28 14:36 -------- d-----w- c:\program files\Messenger_Plus_Live_UK
2010-05-18 21:58 . 2010-05-18 17:15 -------- d-----w- c:\program files\PSXMemTool
2010-05-12 20:25 . 2010-05-12 20:25 655360 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 20:25 . 2010-05-12 20:25 282624 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 20:25 . 2010-05-12 20:25 208896 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-06 10:41 . 2004-02-06 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 01:14 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-09-04 03:12 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-05-22 16:32 2515552 ----a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-01-20 1531904]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-12 270336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-10-29 139363]
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-10-29 57344]
"OpScheduler"="c:\program files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-10-29 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-06 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-06 124112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}"="c:\program files\Philips PhotoFrame Manager\AvqAutoRun.exe" [2009-05-04 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\documents and settings\Linda\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire1\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetHelp.lnk - c:\program files\BTopenworld NetHelp\bin\matcli.exe [2004-8-7 204800]
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-25 119296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire1\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/06/2010 15:30 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/06/2010 15:32 198608]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [06/08/2004 21:08 12160]
S2 gupdate1ca8e64ed51f805;Google Update Service (gupdate1ca8e64ed51f805);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 01:12 133104]
S3 McLtScanner;McLtScanner;c:\program files\McAfeeScanAndRepair\McRbScanner.exe [29/01/2010 07:40 679920]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [06/08/2004 16:18 169192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2010 15:29 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-28 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-06-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-26 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-06-30 22:33:45
ComboFix-quarantined-files.txt 2010-06-30 21:33
ComboFix2.txt 2010-06-30 20:14

Pre-Run: 17,310,703,616 bytes free
Post-Run: 17,284,517,888 bytes free

- - End Of File - - ACCC463724DB34D2A8CB9CDA724D917C

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 30th June 2010, 10:34 pm

it has been an hour scanning on Malwarebytes i shall leave it scanning and send you the logg when its done ..... jsut to let you know Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 12:53 am

here is the log from the Malwarebytes scan....(the scanner has succefully removed all threats it found)

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/07/2010 01:48:51
mbam-log-2010-07-01 (01-48-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 279885
Time elapsed: 3 hour(s), 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\webserver\webserver.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\bill112.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\bill113.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pdrv.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP272\A0153077.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157439.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157440.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157441.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157442.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157449.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157450.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157451.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157452.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157453.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_b25c.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f16b.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f508.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Poker\Titan Poker\_SetupPoker_6d28f9.exe (Adware.Casino) -> Quarantined and deleted successfully.
D:\Chris' music files\music\SetupPoker_6d28f9.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ian\Favorites\Free Porn Videos & Pussy Movies- Sex Videos, Porno, Porn Tube, XXX and Pussy Porn..url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ian\Local Settings\Application Data\rdr_1277907699.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 12:54 am

i am restarting the computer now (the malware scanner gave me the option to restart my computer so i am doing) Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 3:36 am

Hi duck_boi_97, Smile

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 1:20 pm

just to let you know....im still getting Backdoor.Tidserv!inf's being found by my symantec antivirus .........even as the ESET online scanner is working.....the problem is as i get rid of say 24 - 50 threats im getting another 1 or 2 backdoor.tidserv!inf's and when i restart the comp they all end up rebooting dont they? even if their is only one left....(i did some research on the tidserv virus online)

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 1:48 pm

this is the log from the ESET online scan (can you read my last post about the backdoor.tidserv!inf's please and tell me if i have a problem that can or cant be fixed) Smile

ESET Online Scan Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f3701a28d590a34292cc5d6b1a2263be
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-01 01:31:55
# local_time=2010-07-01 02:31:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3585 16777173 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 210 210 0 0
# scanned=145744
# found=19
# cleaned=19
# scan_time=5716
C:\Casino\William Hill Casino\_SetupCasino.exe_e7f.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\PUHT0E3L\p[1].exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Poker\William Hill Poker\_SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157443.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157444.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157446.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157448.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157747.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157748.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157749.exe probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\Music\SetupCasino.exe_e7f.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\Music\SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 3:45 pm

Hi duck_boi_97, Smile

I see you have P2P software Frostwire, and uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=====

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


=======

Update Programs
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=======


Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.]

9. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] to keep you more safe.

10. Always keep your [You must be registered and logged in to see this link.] and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 4:00 pm

what are the best free firewalls and antivirus gear i can get online ?....to help to to prevent getting infected again....

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 4:02 pm

im sorry but the Backdoor.Tidserv!inf is still being found by my antivirus software.....it has found over 5 in the last 5 minutes .......i am still infected

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 4:03 pm

they are just constantly popping up every 3 seconds.....my computer is riddled with tidserv infections...please help ...please

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 4:04 pm

Reboot and see if it still detects them, also follow instructions for removing the tools as it will detect some of them and quarantined files.


=====
Here are some recommendations:

Free Antivirus programs:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]
3. [You must be registered and logged in to see this link.]

Free firewalls:
1. [You must be registered and logged in to see this link.]
2. [You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 4:05 pm

C:\WINDOWS\system32\drivers .....that is the location of all of them that pop up

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 4:06 pm

Hmmm, what are the file names that it detects?

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 5:44 pm

Hi,

Please remove what it finds and reboot and see if that solves it.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 5:47 pm

i think all of the fakeAV!gen31's are gone.......thanks.....and sorry for the delay ...i restarted my comp....logged in.....and 8 Backdoor.Tidserv!inf's came up in as many seconds.....6 are in the file ''C:\WINDOWS\system32\drivers\isapnp.sys'' and 2 are in ''C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys'' what should i do.....i have not updated system restore or removed the tools or updated any programmes yet as these threats came up one after another.....

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 5:51 pm

just to let you know....symantic antivirus was finding Backdoor.Tidserv!gen31's as i was doing the malware scan, the commy.exe scan, and the online ECET scan.... in other words i think that as i am getting rid of them ....more are just coming along for the party as i do Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 5:58 pm

Hi,

Please end all the scans you are doing as it will only make matters worse, I have a specific fix to get rid of this infection, I am waiting for it to be approved.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 5:58 pm

what im thinking is.....should i update all my stuff....(you tell me what i need to update and i will), and get the Microsoft Security Essentials and Tallemu Online Armour and get rid of Internet Explorer and get Firefox, get Mcafee siteadvisor and update the Java and Adobe then run all the scans again? wont this like ehlp to prevent them from getting back in once im scanning to deleat them?....

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 5:59 pm

oh okay...thank you ill wait for your specific fix Smile cheers...i wont do anything untill you tell me to ......Smile

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 6:00 pm

Hi duck_boi_97, Smile

Please read the following through carefully so that you understand what to do.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 6:24 pm

here is the TDSKiller.txt:

19:05:15:812 3780 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:05:15:812 3780 ================================================================================
19:05:15:812 3780 SystemInfo:

19:05:15:812 3780 OS Version: 5.1.2600 ServicePack: 3.0
19:05:15:812 3780 Product type: Workstation
19:05:15:812 3780 ComputerName: HOME-UKBQQ2GE7I
19:05:15:812 3780 UserName: Linda
19:05:15:812 3780 Windows directory: C:\WINDOWS
19:05:15:812 3780 System windows directory: C:\WINDOWS
19:05:15:812 3780 Processor architecture: Intel x86
19:05:15:812 3780 Number of processors: 2
19:05:15:812 3780 Page size: 0x1000
19:05:15:828 3780 Boot type: Normal boot
19:05:15:828 3780 ================================================================================
19:05:16:187 3780 Initialize success
19:05:16:187 3780
19:05:16:187 3780 Scanning Services ...
19:05:16:750 3780 Raw services enum returned 371 services
19:05:16:765 3780
19:05:16:765 3780 Scanning Drivers ...
19:05:17:843 3780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:05:17:921 3780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:05:17:984 3780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:05:18:046 3780 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:05:18:093 3780 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:05:18:203 3780 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
19:05:18:250 3780 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
19:05:18:343 3780 AnyDVD (217608997692abced29c10eaecaed9ac) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:05:18:406 3780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:05:18:500 3780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:05:18:562 3780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:05:18:703 3780 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:05:18:812 3780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:05:18:906 3780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:05:18:984 3780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:05:19:046 3780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:05:19:093 3780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:05:19:156 3780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:05:19:187 3780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:05:19:218 3780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:05:19:312 3780 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
19:05:19:312 3780 Suspicious file (NoAccess): C:\Program Files\321Studios\Shared\CDRPDACC.SYS. md5: 30b37c18e1725eb9f25039e9a1fb9b7e
19:05:19:421 3780 ctac32k (85e83e05f4e39139ee91826db0e2d615) C:\WINDOWS\system32\drivers\ctac32k.sys
19:05:19:468 3780 ctaud2k (03cad57b596c4c73dfd71a291b378f47) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:05:19:531 3780 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:05:21:234 3780 ctgame (bfc40092329cf4ab838cc4a6f2fad659) C:\WINDOWS\system32\DRIVERS\ctgame.sys
19:05:21:343 3780 ctprxy2k (125440243b009f52f58a4e3c3b3d2d1c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:05:21:375 3780 ctsfm2k (cd223ea8bebbcd70681f351ba0dd450f) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:05:21:437 3780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:05:21:515 3780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:05:21:562 3780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:05:21:593 3780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:05:21:609 3780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:05:21:656 3780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:21:703 3780 ElbyCDIO (0f8fc7267da4d70e054f17c6a8c5eaba) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:05:21:750 3780 emupia (0821c2daa7a420f163421fd11522d2ac) C:\WINDOWS\system32\drivers\emupia2k.sys
19:05:21:781 3780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:21:796 3780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:05:21:828 3780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:21:843 3780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:05:21:906 3780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:05:21:953 3780 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:05:21:984 3780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:22:000 3780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:22:031 3780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:05:22:046 3780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:22:125 3780 ha10kx2k (e522be391cab1a8152e355b625a55402) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:05:22:203 3780 hap16v2k (eb5cc31ffe54d84e0f49f51a85c89cac) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:05:22:234 3780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:05:22:281 3780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:22:328 3780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:22:343 3780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:22:406 3780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:05:22:437 3780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:05:22:484 3780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:22:515 3780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:22:546 3780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:22:593 3780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:22:625 3780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:22:656 3780 isapnp (2b28ce7784de97af2e281ef4aa07e750) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:22:750 3780 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\isapnp.sys. md5: 2b28ce7784de97af2e281ef4aa07e750
19:05:22:750 3780 File "C:\WINDOWS\system32\DRIVERS\isapnp.sys" infected by TDSS rootkit ... 19:05:24:500 3780 Backup copy found, using it..
19:05:24:531 3780 will be cured on next reboot
19:05:24:718 3780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:24:812 3780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:05:24:890 3780 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:05:24:937 3780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:25:015 3780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:25:125 3780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:25:203 3780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:25:234 3780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:25:343 3780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:05:25:437 3780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:25:500 3780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:25:625 3780 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:25:718 3780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:25:765 3780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:25:796 3780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:25:890 3780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:26:000 3780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:26:031 3780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:05:26:078 3780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:05:26:156 3780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:05:26:328 3780 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\naveng.sys
19:05:26:406 3780 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\navex15.sys
19:05:26:562 3780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:26:640 3780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:05:26:703 3780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:26:765 3780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:26:828 3780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:26:890 3780 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:26:937 3780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:26:968 3780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:27:031 3780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:05:27:078 3780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:27:234 3780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:27:281 3780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:27:343 3780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:27:375 3780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:27:406 3780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:05:27:468 3780 ossrv (e0731d7dd52c029166d889a230ae2b34) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:05:27:500 3780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:27:531 3780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:27:609 3780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:27:656 3780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:27:703 3780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:27:734 3780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:27:828 3780 Pcouffin (c3224a794b4fe2f6d0d5434a9fcad26d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
19:05:28:000 3780 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
19:05:28:203 3780 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\PfModNT.sys
19:05:28:250 3780 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
19:05:28:328 3780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:28:390 3780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:05:28:468 3780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:28:656 3780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:28:828 3780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:29:046 3780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:29:078 3780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:29:109 3780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:29:140 3780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:29:171 3780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:29:203 3780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:29:328 3780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:29:390 3780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:29:468 3780 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:05:29:593 3780 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
19:05:29:687 3780 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
19:05:29:953 3780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:30:031 3780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:30:109 3780 Serial (92a997632090cc691d1c65d905ffe5cb) C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:30:265 3780 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\serial.sys. md5: 92a997632090cc691d1c65d905ffe5cb
19:05:30:265 3780 File "C:\WINDOWS\system32\DRIVERS\serial.sys" infected by TDSS rootkit ... 19:05:31:984 3780 Backup copy found, using it..
19:05:32:015 3780 will be cured on next reboot
19:05:32:187 3780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:32:281 3780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:05:32:343 3780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:32:375 3780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:32:437 3780 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:32:484 3780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:05:32:562 3780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:32:609 3780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:32:921 3780 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS
19:05:33:031 3780 SYMREDRV (8ddb430ea48468c156db872a214178fc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
19:05:33:062 3780 SYMTDI (ec1a39493fb104d317e8271162a74b94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
19:05:33:156 3780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:33:218 3780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:33:281 3780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:33:328 3780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:33:375 3780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:33:437 3780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:33:531 3780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:33:625 3780 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:05:33:687 3780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:33:765 3780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:33:796 3780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:33:859 3780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:33:921 3780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:05:33:984 3780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:34:046 3780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:34:093 3780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:34:140 3780 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:05:34:171 3780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:34:234 3780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:34:265 3780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:34:312 3780 WBHWDOCT (28c06318589be222b3df3eb025c5d158) C:\WINDOWS\system32\drivers\WBHWDOCT.sys
19:05:34:375 3780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:34:421 3780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:05:34:468 3780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:05:34:531 3780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:05:34:593 3780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:05:34:609 3780 Reboot required for cure complete..
19:05:35:234 3780 Cure on reboot scheduled successfully
19:05:35:234 3780
19:05:35:234 3780 Completed
19:05:35:234 3780
19:05:35:234 3780 Results:
19:05:35:234 3780 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:05:35:234 3780 File objects infected / cured / cured on reboot: 2 / 0 / 2
19:05:35:234 3780
19:05:35:250 3780 KLMD(ARK) unloaded successfully

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 6:38 pm

Hi duck_boi_97, Smile

TDSS is gone now (Gunsmoke), one last check.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 6:42 pm

i still have malwarebytes Anti-Malware on the computer.....can i use it or should i re-install it again?

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 6:45 pm

You can use it, just do a quick scan and post the log here. Smile

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 7:14 pm

This is the log from the Malwarebytes' Anti-Malware Quick Scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/07/2010 19:59:21
mbam-log-2010-07-01 (19-59-21).txt

Scan type: Quick scan
Objects scanned: 150265
Time elapsed: 12 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 7:30 pm

Hi duck_boi_97, Smile

Alrighty, I see no more malware on your computer, so please follow the instructions here: [You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 7:43 pm

i am very sorry ....i know this is becoming a pain but one more Backdoor.Tidserv!inf has jsut popped up as being found by the stmantic anti-virus.....it is in the file '' C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys''

i am so sorry for this messing about Sad tearing

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 7:44 pm

That is in your system restore point, like I said follow the instructions first for clearing your system restore points and that will be gone. Right On!

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 1st July 2010, 7:59 pm

oh okay mate cheers...and thanks a million for everything......ill give you another post when ive followed the instrustions.......youll be a technition in no time **thumbs up**

duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 1st July 2010, 8:06 pm

You're welcome, glad to help out Smile

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on 2nd July 2010, 1:21 pm

hi again sorry to carry on lol.....but i just logged into the second user (have one under the name Linda.....and one under the name Ian...yesterday i was on Linda now i am on Ian) and 18 notifications have popped up telling me of tidserv's again.....these are the files they are in.....

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP260\A0147086.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0147097.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0150077.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP261\A0150088.sys

C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP262\A0150098.sys

i dont know what to do or how to get rid of them and i thought its best to ask you rather than try and sort it out and make it worse....otherwise all of yesterday and the night before that would be wasted...cheers Smile







duck_boi_97
Intermediate
Intermediate

Posts Posts : 60
Joined Joined : 2010-06-30
OS OS : Windows XP
Points Points : 24261
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on 2nd July 2010, 4:09 pm

Hi, Smile

Have you reset your restore points?

They are not actually existing on your computer, but if you use system restore you will reinfect yourself.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum