Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 2:24 am

Hello im chris, i got a tip from someone to use this site as they said it was amazing.
i am okay with computers but a newbie to all this anti-virus malarkie please be patient

i have done countless checks with symantic antivirus and the same virus comes up Backdoor.Tidserv!inf but it is unable to remove clean on qurantine it....and also the Trojan.FakeAV!gen31 pops up every now and again with the same problem of being unable to clean or quarantine it.....my computer is becoming gadually slower and is prone to sudden crashes sending the screen completely blank ..... a massive thanks to anyone who can shed some light on the problem...my computer is my life id hate to have to wipe it again.....please

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 2:27 am

Hello and welcome to GeekPolice.net.

My name is Sneakyone, and I will do my best to help get your problem resolved today.

I am currently a student in GeekPolice Academy, and will be a little delayed on each reply, as my instructors must review and approve each reply.

If you have any questions, please ask, and I will do my best to get to the question promptly.

Please wait here, while I get the first set of instructions for you.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 2:35 am

Hi duck_boi_97,

Welcome to GeekPolice.net!

My username is Sneakyone and I will be assisting you today.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time




Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 4:13 am

this is all the contents of OTL.Txt - Notepad (sent in seperate parts as it was too large to send as a whole)

OTL logfile created on: 30/06/2010 17:14:54 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Linda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 8.80 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
Drive D: | 78.12 Gb Total Space | 3.91 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive E: | 57.11 Gb Total Space | 30.09 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-UKBQQ2GE7I
Current User Name: Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/30 17:14:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
PRC - [2010/06/29 16:26:52 | 000,075,776 | -H-- | M] (Gkkvw) -- C:\WINDOWS\bill113.exe
PRC - [2010/06/14 11:58:15 | 000,031,232 | ---- | M] (Aqnwugr) -- C:\Program Files\webserver\webserver.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/04 18:08:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Philips PhotoFrame Manager\AvqAutorun.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/06 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/06 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/06 17:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/06 14:20:26 | 000,124,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/06 14:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/13 18:31:06 | 000,459,848 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrowser.exe
PRC - [2003/12/09 13:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/10/29 02:35:50 | 000,114,688 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
PRC - [2003/10/29 02:33:18 | 000,057,344 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\opware14.exe
PRC - [2003/09/03 13:16:56 | 000,217,088 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/05/16 00:45:54 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003/05/16 00:41:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2003/04/10 09:36:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/30 17:14:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/29 02:29:10 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro14.0\ophook14.dll
MOD - [2003/03/25 13:39:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/06/14 11:58:15 | 000,031,232 | ---- | M] (Aqnwugr) [Auto | Stopped] -- C:\Program Files\webserver\webserver.exe -- (webserver)
SRV - [2010/06/14 11:53:02 | 000,020,992 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\pdrv.dll -- (ppdrv)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/29 07:40:10 | 000,679,920 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfeeScanAndRepair\McRbScanner.exe -- (McLtScanner)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2004/08/06 17:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/06 17:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/06 17:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/06 16:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/08/06 14:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/08/06 14:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/08/06 10:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2010/06/14 11:53:02 | 000,047,616 | ---- | M] (PDRV) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pdrv.sys -- (PDRV)
DRV - [2010/06/11 09:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100611.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/11 09:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100611.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2004/08/07 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/06 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/06 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/08/06 10:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/06 10:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/07/09 16:58:38 | 000,017,920 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004/07/06 17:44:47 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/06/10 22:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/10/28 15:17:52 | 000,005,273 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/04/11 06:32:36 | 000,502,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/04/07 14:42:18 | 000,007,296 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WBHWDOCT.SYS -- (WBHWDOCT)
DRV - [2003/04/03 03:59:46 | 000,850,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/04/01 13:07:58 | 000,142,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/03/27 05:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/25 13:13:30 | 000,144,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/03/25 13:13:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/25 13:13:02 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/03/25 13:12:54 | 000,190,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/25 13:11:24 | 000,134,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\pfmodnt.sys -- (PfModNT)
DRV - [2002/12/30 05:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2002/10/04 03:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 2A 48 98 35 53 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/10 03:49:36 | 000,000,000 | ---D | M]

[2009/10/22 18:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\extensions
[2009/10/22 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2001/09/04 04:14:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BT Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BT Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}] C:\Program Files\Philips PhotoFrame Manager\AvqAutoRun.exe ()
O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\Less Else.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Opware14] C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysfbtray] C:\WINDOWS\bill113.exe (Gkkvw)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WorkFlowTray] C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA19xx Device Manager.lnk = C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe (KeenHigh Tech.)
O4 - Startup: C:\Documents and Settings\Linda\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire1\FrostWire.exe (FrostWire Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll ()
O9 - Extra 'Tools' menuitem : BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} [You must be registered and logged in to see this link.] (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} [You must be registered and logged in to see this link.] (YAddBook Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/06 20:23:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{afad6b64-f165-11de-9b21-00508df9d877}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found
O33 - MountPoints2\{afad6b64-f165-11de-9b21-00508df9d877}\Shell\verb\command - "" = H:\installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/06 20:23:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {25A4B6D0-CF64-48EF-A4A2-7CD30F44FEEC} - Reg Error: Value error.
ActiveX: {26FCDD66-A1AA-49AF-B65A-069DA3A75221} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4a01a151-e350-4839-a2b8-03dc39d6c8e5} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE734E0A-D6D3-4A92-AF9F-499BE87A025C} - Reg Error: Value error.
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F53CE5EC-1CD8-41EB-A220-F8EA247E3A06} - Reg Error: Value error.
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()


duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 4:14 am

========== Files/Folders - Created Within 90 Days ==========

[2010/06/30 17:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/30 17:14:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda\Desktop\OTL.exe
[2010/06/30 15:32:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/30 15:32:38 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/30 15:32:38 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/30 15:32:38 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/30 15:30:15 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/30 15:30:10 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/30 15:30:10 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/30 15:30:01 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/30 15:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/30 15:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/30 15:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/30 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/29 16:26:52 | 000,075,776 | -H-- | C] (Gkkvw) -- C:\WINDOWS\bill113.exe
[2010/06/29 07:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/06/16 11:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2010/06/14 11:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\webserver
[2010/06/14 11:53:02 | 000,047,616 | ---- | C] (PDRV) -- C:\WINDOWS\System32\drivers\pdrv.sys
[2010/06/14 11:52:19 | 000,073,216 | -H-- | C] (Hloms) -- C:\WINDOWS\bill112.exe
[2010/06/13 18:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\PakkISO
[2010/06/01 21:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\888poker
[2010/06/01 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\PacificPoker
[2010/06/01 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[2010/05/23 22:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\New Folder
[2010/05/18 18:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\PSXMemTool
[2010/05/12 21:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Spotify
[2010/05/12 21:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Spotify
[2010/05/12 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/05/05 02:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\httpstrategywiki.orgwikiThe_Adventures_of_AlundraLars'_Crypt
[2010/04/26 03:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2010/04/25 15:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/16 02:32:30 | 000,000,000 | ---D | C] -- C:\Casino
[2010/04/07 13:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Conduit
[2010/04/07 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Local Settings\Application Data\Messenger_Plus_Live_UK
[2010/04/02 20:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Messenger_Plus_Live_UK
[2004/08/06 21:08:13 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/06/11 01:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

File not found -- C:\WINDOWS\System32\zonedon.reg
File not found -- C:\WINDOWS\System32\zonedoff.reg
File not found -- C:\WINDOWS\System32\zipfldr.dll
File not found -- C:\WINDOWS\Zapotec.bmp
File not found -- C:\WINDOWS\System32\YPcservice.exe
File not found -- C:\WINDOWS\System32\ypclsp.dll
File not found -- C:\WINDOWS\System32\YCRWin32.dll
File not found -- C:\WINDOWS\System32\xpssvcs.dll
File not found -- C:\WINDOWS\System32\xpsshhdr.dll
File not found -- C:\WINDOWS\System32\xpsp4res.dll
File not found -- C:\WINDOWS\System32\xpsp3res.dll
File not found -- C:\WINDOWS\System32\xpsp2res.dll
File not found -- C:\WINDOWS\System32\xpsp1res.dll
File not found -- C:\WINDOWS\System32\xpsp1hfm.exe
File not found -- C:\WINDOWS\System32\xpob2res.dll
File not found -- C:\WINDOWS\System32\xolehlp.dll
File not found -- C:\WINDOWS\System32\xmlprovi.dll
File not found -- C:\WINDOWS\System32\xmlprov.dll
File not found -- C:\WINDOWS\System32\xmllite.dll
File not found -- C:\WINDOWS\System32\xenroll.dll
File not found -- C:\WINDOWS\System32\xcopy.exe
File not found -- C:\WINDOWS\System32\xactsrv.dll
File not found -- C:\WINDOWS\System32\wzcsvc.dll
File not found -- C:\WINDOWS\System32\wzcsapi.dll
File not found -- C:\WINDOWS\System32\wzcdlg.dll
File not found -- C:\WINDOWS\System32\wuweb.dll
File not found -- C:\WINDOWS\System32\wups2.dll
File not found -- C:\WINDOWS\System32\wups.dll
File not found -- C:\WINDOWS\System32\wupdmgr.exe
File not found -- C:\WINDOWS\System32\WUDFx.dll
File not found -- C:\WINDOWS\System32\WudfSvc.dll
File not found -- C:\WINDOWS\System32\WudfPlatform.dll
File not found -- C:\WINDOWS\System32\WudfHost.exe
File not found -- C:\WINDOWS\System32\WUDFCoinstaller.dll
File not found -- C:\WINDOWS\System32\wucltui.dll.mui
File not found -- C:\WINDOWS\System32\wucltui.dll
File not found -- C:\WINDOWS\System32\wuauserv.dll
File not found -- C:\WINDOWS\System32\wuaueng1.dll
File not found -- C:\WINDOWS\System32\wuaueng.dll.mui
File not found -- C:\WINDOWS\System32\wuaueng.dll
File not found -- C:\WINDOWS\System32\wuaucpl.cpl.mui
File not found -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
File not found -- C:\WINDOWS\System32\wuaucpl.cpl
File not found -- C:\WINDOWS\System32\wuauclt1.exe
File not found -- C:\WINDOWS\System32\wuauclt.exe
File not found -- C:\WINDOWS\System32\wuapi.dll.mui
File not found -- C:\WINDOWS\System32\wuapi.dll
File not found -- C:\WINDOWS\System32\wtsapi32.dll
File not found -- C:\WINDOWS\System32\wstrenderer.ax
File not found -- C:\WINDOWS\System32\wstpager.ax
File not found -- C:\WINDOWS\System32\wstdecod.dll
File not found -- C:\WINDOWS\System32\wsock32.dll
File not found -- C:\WINDOWS\System32\wsnmp32.dll
File not found -- C:\WINDOWS\System32\wshtcpip.dll
File not found -- C:\WINDOWS\System32\wshrm.dll
File not found -- C:\WINDOWS\System32\wshom.ocx
File not found -- C:\WINDOWS\System32\wshnetbs.dll
File not found -- C:\WINDOWS\System32\wshisn.dll
File not found -- C:\WINDOWS\System32\wship6.dll
File not found -- C:\WINDOWS\System32\wshext.dll
File not found -- C:\WINDOWS\System32\wshcon.dll
File not found -- C:\WINDOWS\System32\wshbth.dll
File not found -- C:\WINDOWS\System32\wshatm.dll
File not found -- C:\WINDOWS\System32\wsecedit.dll
File not found -- C:\WINDOWS\System32\wscui.cpl
File not found -- C:\WINDOWS\System32\wscsvc.dll
File not found -- C:\WINDOWS\System32\wscript.exe
File not found -- C:\WINDOWS\System32\wscntfy.exe
File not found -- C:\WINDOWS\System32\ws2help.dll
File not found -- C:\WINDOWS\System32\ws2_32.dll
File not found -- C:\WINDOWS\System32\write.exe
File not found -- C:\WINDOWS\System32\wpnpinst.exe
File not found -- C:\WINDOWS\System32\wpdsp.dll
File not found -- C:\WINDOWS\System32\WPDShServiceObj.dll
File not found -- C:\WINDOWS\System32\wpdshextres.dll
File not found -- C:\WINDOWS\System32\wpdshextautoplay.exe
File not found -- C:\WINDOWS\System32\WpdShext.dll
File not found -- C:\WINDOWS\System32\wpdmtpus.dll
File not found -- C:\WINDOWS\System32\wpdmtp.dll
File not found -- C:\WINDOWS\System32\wpdconns.dll
File not found -- C:\WINDOWS\System32\wpd_ci.dll
File not found -- C:\WINDOWS\System32\wpabaln.exe
File not found -- C:\WINDOWS\System32\wpa.dbl
File not found -- C:\WINDOWS\System32\wowfax.dll
File not found -- C:\WINDOWS\System32\wowexec.exe
File not found -- C:\WINDOWS\System32\wowdeb.exe
File not found -- C:\WINDOWS\System32\wow32.dll
File not found -- C:\WINDOWS\System32\WMVXENCD.dll
File not found -- C:\WINDOWS\System32\WMVSENCD.dll
File not found -- C:\WINDOWS\System32\WMVSDECD.dll
File not found -- C:\WINDOWS\System32\WMVENCOD.dll
File not found -- C:\WINDOWS\System32\wmvds32.ax
File not found -- C:\WINDOWS\System32\wmvdmoe2.dll
File not found -- C:\WINDOWS\System32\wmvdmoe.dll
File not found -- C:\WINDOWS\System32\wmvdmod.dll
File not found -- C:\WINDOWS\System32\WMVDECOD.dll
File not found -- C:\WINDOWS\System32\wmvcore2.dll
File not found -- C:\WINDOWS\System32\WMVCore.dll
File not found -- C:\WINDOWS\System32\WMVADVE.DLL
File not found -- C:\WINDOWS\System32\WMVADVD.dll
File not found -- C:\WINDOWS\System32\wmv8ds32.ax
File not found -- C:\WINDOWS\System32\wmv8dmod.dll
File not found -- C:\WINDOWS\WMSysPrx.prx
File not found -- C:\WINDOWS\WMSysPr9.prx
File not found -- C:\WINDOWS\System32\wmstream.dll
File not found -- C:\WINDOWS\System32\WMSPDMOE.dll
File not found -- C:\WINDOWS\System32\wmspdmod.dll
File not found -- C:\WINDOWS\System32\wmsdmoe2.dll
File not found -- C:\WINDOWS\System32\wmsdmoe.dll
File not found -- C:\WINDOWS\System32\wmsdmod.dll
File not found -- C:\WINDOWS\System32\wmpui.dll
File not found -- C:\WINDOWS\System32\wmpstub.exe
File not found -- C:\WINDOWS\System32\wmpsrcwp.dll
File not found -- C:\WINDOWS\System32\wmpshell.dll
File not found -- C:\WINDOWS\System32\wmpscheme.xml
File not found -- C:\WINDOWS\System32\wmpps.dll
File not found -- C:\WINDOWS\System32\wmpns.dll
File not found -- C:\WINDOWS\System32\wmpmde.dll
File not found -- C:\WINDOWS\System32\wmploc.dll
File not found -- C:\WINDOWS\System32\wmpencen.dll
File not found -- C:\WINDOWS\System32\wmpeffects.dll
File not found -- C:\WINDOWS\System32\wmpdxm.dll
File not found -- C:\WINDOWS\System32\wmpcore.dll
File not found -- C:\WINDOWS\System32\wmpcd.dll
File not found -- C:\WINDOWS\System32\wmpasf.dll
File not found -- C:\WINDOWS\System32\wmp.ocx
File not found -- C:\WINDOWS\System32\wmp.dll
File not found -- C:\WINDOWS\System32\WMNetmgr.dll
File not found -- C:\WINDOWS\System32\wmiscmgr.dll
File not found -- C:\WINDOWS\System32\wmiprop.dll
File not found -- C:\WINDOWS\System32\wmimgmt.msc
File not found -- C:\WINDOWS\System32\wmidx.ocx
File not found -- C:\WINDOWS\System32\wmidx.dll
File not found -- C:\WINDOWS\System32\wmi.dll
File not found -- C:\WINDOWS\System32\wmerror.dll
File not found -- C:\WINDOWS\System32\wmerrenu.dll
File not found -- C:\WINDOWS\System32\wmdrmsdk.dll
File not found -- C:\WINDOWS\System32\wmdrmnet.dll
File not found -- C:\WINDOWS\System32\wmdrmdev.dll
File not found -- C:\WINDOWS\System32\wmdmps.dll
File not found -- C:\WINDOWS\System32\wmdmlog.dll
File not found -- C:\WINDOWS\System32\wmasf.dll
File not found -- C:\WINDOWS\System32\WMADMOE.dll
File not found -- C:\WINDOWS\System32\WMADMOD.dll
File not found -- C:\WINDOWS\WLXPGSS.SCR
File not found -- C:\WINDOWS\System32\wlnotify.dll
File not found -- C:\WINDOWS\System32\wldap32.dll
File not found -- C:\WINDOWS\System32\wlanapi.dll
File not found -- C:\WINDOWS\System32\wkssvc.dll
File not found -- C:\WINDOWS\System32\wjview.exe
File not found -- C:\WINDOWS\System32\WISPTIS.EXE
File not found -- C:\WINDOWS\System32\winver.exe
File not found -- C:\WINDOWS\System32\wintrust.dll
File not found -- C:\WINDOWS\System32\winstrm.dll
File not found -- C:\WINDOWS\System32\winsta.dll
File not found -- C:\WINDOWS\System32\winspool.exe
File not found -- C:\WINDOWS\System\winspool.drv
File not found -- C:\WINDOWS\winnt256.bmp
File not found -- C:\WINDOWS\winnt.bmp
File not found -- C:\WINDOWS\winhlp32.exe
File not found -- C:\WINDOWS\winhelp.exe
File not found -- C:\WINDOWS\WindowsShell.Manifest
File not found -- C:\Documents and Settings\Linda\Desktop\Windows Messenger.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\Windows Live Messenger .lnk
File not found -- C:\WINDOWS\win.ini
File not found -- C:\Documents and Settings\All Users\Desktop\William Hill Poker.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\William Hill Casino.lnk
File not found -- C:\WINDOWS\System\WFWNET.DRV
File not found -- C:\WINDOWS\VPC32.INI
File not found -- C:\WINDOWS\VO63QJ2E.ocx
File not found -- C:\WINDOWS\vmmreg32.dll
File not found -- C:\WINDOWS\System\VGA.DRV
File not found -- C:\WINDOWS\System\VER.DLL
File not found -- C:\WINDOWS\vbaddin.ini
File not found -- C:\WINDOWS\vb.ini
File not found -- C:\WINDOWS\Updreg.EXE
File not found -- C:\WINDOWS\UnsetupBT Openworld Broadband ICM4.1.exe
File not found -- C:\WINDOWS\UNNeroVision.exe
File not found -- C:\WINDOWS\UNNeroVision.cfg
File not found -- C:\WINDOWS\UDB.zip
File not found -- C:\WINDOWS\twunk_32.exe
File not found -- C:\WINDOWS\twunk_16.exe
File not found -- C:\WINDOWS\twain_32.dll
File not found -- C:\WINDOWS\twain.dll
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Titan Poker.lnk
File not found -- C:\WINDOWS\System\TIMER.DRV
File not found -- C:\WINDOWS\TASKMAN.EXE
File not found -- C:\WINDOWS\System\TAPI.DLL
File not found -- C:\WINDOWS\system.ini
File not found -- C:\WINDOWS\System\SYSTEM.DRV
File not found -- C:\WINDOWS\System\stdole.tlb
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\Spotify.lnk
File not found -- C:\WINDOWS\System\SOUND.DRV
File not found -- C:\WINDOWS\Soap Bubbles.bmp
File not found -- C:\WINDOWS\slrundll.exe
File not found -- C:\WINDOWS\SlantAdj.dll
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
File not found -- C:\Documents and Settings\Linda\Desktop\Shortcut to art pictures.lnk
File not found -- C:\WINDOWS\System\SHELL.DLL
File not found -- C:\WINDOWS\SGDetectionTool.dll
File not found -- C:\WINDOWS\System\setup.inf
File not found -- C:\WINDOWS\setdebug.exe
File not found -- C:\WINDOWS\SBWIN.INI
File not found -- C:\WINDOWS\Santa Fe Stucco.bmp
File not found -- C:\WINDOWS\tasks\SA.DAT
File not found -- C:\WINDOWS\River Sumida.bmp
File not found -- C:\WINDOWS\Rhododendron.bmp
File not found -- C:\WINDOWS\REGULOCS.OLD
File not found -- C:\WINDOWS\RegSDImport.xml
File not found -- C:\WINDOWS\REGLOCS.OLD
File not found -- C:\WINDOWS\RegISSImport.xml
File not found -- C:\WINDOWS\regedit.exe
File not found -- C:\WINDOWS\READREG.EXE
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
File not found -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
File not found -- C:\WINDOWS\PSCONV.EXE
File not found -- C:\WINDOWS\Prairie Wind.bmp
File not found -- C:\WINDOWS\pp.enc
File not found -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\PhotoImpact XL.lnk
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA19xx Device Manager.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Philips SA19xx Device Manager.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Philips PhotoFrame Manager.lnk
File not found -- C:\WINDOWS\PCTBDRes.dll
File not found -- C:\WINDOWS\PCTBDCore.dll.old
File not found -- C:\WINDOWS\PCTBDCore.dll
File not found -- C:\WINDOWS\pcdlib32.dll
File not found -- C:\Documents and Settings\Linda\Desktop\PartyPoker.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
File not found -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
File not found -- C:\WINDOWS\tasks\ParetoLogic Registration.job
File not found -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\OTL.exe
File not found -- C:\Documents and Settings\All Users\Desktop\OmniPage Pro 14.0.lnk
File not found -- C:\WINDOWS\System\OLESVR.DLL
File not found -- C:\WINDOWS\System\OLECLI.DLL
File not found -- C:\WINDOWS\tasks\OGALogon.job
File not found -- C:\WINDOWS\oeuninst.exe
File not found -- C:\WINDOWS\ODBCINST.INI
File not found -- C:\WINDOWS\ODBC.INI
File not found -- C:\WINDOWS\O83PPKBG.ocx
File not found -- C:\WINDOWS\NWQNADHB.ocx
File not found -- C:\Documents and Settings\Linda\ntuser.pol
File not found -- C:\Documents and Settings\All Users\ntuser.pol
File not found -- C:\Documents and Settings\Linda\ntuser.ini
File not found -- C:\Documents and Settings\Linda\NTUSER.DAT
File not found -- C:\Documents and Settings\All Users\NTUSER.DAT
File not found -- C:\WINDOWS\notepad.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
File not found -- C:\WINDOWS\NeroDigital.ini
File not found -- C:\Documents and Settings\All Users\Desktop\Nero Recode.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM.lnk
File not found -- C:\WINDOWS\muninst.exe
File not found -- C:\WINDOWS\System\MSVIDEO.DLL
File not found -- C:\Documents and Settings\Linda\My Documents\MsgPlusLive-482.exe
File not found -- C:\WINDOWS\msdfmap.ini
File not found -- C:\WINDOWS\System\MOUSE.DRV
File not found -- C:\WINDOWS\System\MMTASK.TSK
File not found -- C:\WINDOWS\System\mmsystem.dll
File not found -- C:\WINDOWS\MIDIDEF.EXE
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Publisher 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office PowerPoint 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2003.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Microsoft AutoRoute.lnk
File not found -- C:\WINDOWS\System\MCIWAVE.DRV
File not found -- C:\WINDOWS\System\MCISEQ.DRV
File not found -- C:\WINDOWS\System\MCIAVI.DRV
File not found -- C:\WINDOWS\MAXLINK.INI
File not found -- C:\WINDOWS\System\LZEXPAND.DLL
File not found -- C:\WINDOWS\lgo
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File not found -- C:\WINDOWS\System\KEYBOARD.DRV
File not found -- C:\WINDOWS\jautoexp.dat
File not found -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
File not found -- C:\WINDOWS\IsUninst.exe
File not found -- C:\WINDOWS\isnooker.INI
File not found -- C:\WINDOWS\INRES.DLL
File not found -- C:\WINDOWS\imsins.BAK
File not found -- C:\WINDOWS\ieuninst.exe
File not found -- C:\WINDOWS\IDB.zip
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\IconCache.db
File not found -- C:\WINDOWS\hh.exe
File not found -- C:\WINDOWS\Greenstone.bmp
File not found -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
File not found -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
File not found -- C:\WINDOWS\Gone Fishing.bmp
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File not found -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
File not found -- C:\WINDOWS\fs1235.dat
File not found -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\FrostWire On Startup.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\FrostWire 4.18.3.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.17.2.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\FlashFXP.lnk
File not found -- C:\WINDOWS\firstrun.vbs
File not found -- C:\WINDOWS\Firstrun.exe
File not found -- C:\WINDOWS\FeatherTexture.bmp
File not found -- C:\WINDOWS\fdgg34353edfgdfdf
File not found -- C:\WINDOWS\F9B5D4PH.ocx
File not found -- C:\WINDOWS\explorer.scf
File not found -- C:\WINDOWS\explorer.exe
File not found -- C:\Program Files\EULA.eng
File not found -- C:\Documents and Settings\Linda\Desktop\ePSXe.lnk
File not found -- C:\WINDOWS\EPSTPLOG.BAK
File not found -- C:\Documents and Settings\All Users\Desktop\DVD X Copy Platinum RF.lnk
File not found -- C:\WINDOWS\tasks\DriverCure.job
File not found -- C:\Documents and Settings\Linda\My Documents\Doc1.doc
File not found -- C:\Documents and Settings\Linda\Desktop\DivX Movies.lnk
File not found -- C:\WINDOWS\DEVREG.DLL
File not found -- C:\WINDOWS\d3dx.dat
File not found -- C:\WINDOWS\CTRES.DLL
File not found -- C:\WINDOWS\CTDVAUDY.CDF
File not found -- C:\WINDOWS\CTDCRES.DLL
File not found -- C:\WINDOWS\CTCCW.DLL
File not found -- C:\Documents and Settings\All Users\Desktop\Creature Attack Pinball.lnk
File not found -- C:\WINDOWS\control.ini
File not found -- C:\WINDOWS\COMP.BMP
File not found -- C:\WINDOWS\System\COMMDLG.DLL
File not found -- C:\WINDOWS\Coffee Bean.bmp
File not found -- C:\Documents and Settings\All Users\Desktop\Clone DVD.lnk
File not found -- C:\WINDOWS\clock.avi
File not found -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Messenger.lnk
File not found -- C:\WINDOWS\BQSHYJ2R.ocx
File not found -- C:\WINDOWS\bootstat.dat
File not found -- C:\WINDOWS\Blue Lace 16.bmp
File not found -- C:\WINDOWS\bk23567.dat
File not found -- C:\WINDOWS\bk20856.dat
File not found -- C:\WINDOWS\bill113.exe
File not found -- C:\WINDOWS\bill112.exe
File not found -- C:\WINDOWS\BDTSupport.dll.old
File not found -- C:\WINDOWS\BDTSupport.dll
File not found -- C:\WINDOWS\System\AVIFILE.DLL
File not found -- C:\WINDOWS\System\AVICAP.DLL
File not found -- C:\Documents and Settings\All Users\Desktop\ARCADE GAMES.lnk
File not found -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
File not found -- C:\WINDOWS\Ade001.bin
File not found -- C:\WINDOWS\ADE.DLL
File not found -- C:\WINDOWS\AC3API.INI
File not found -- C:\WINDOWS\tasks\A21E998D9185167D.job
File not found -- C:\Documents and Settings\Linda\Desktop\888poker.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
File not found -- C:\Documents and Settings\Linda\Desktop\2010%20Group%20Fitness%20Programme.pdf
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0995154505553.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\097101524998102.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0554999559954.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535748485197.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535049569854.xxe
File not found -- C:\Documents and Settings\Linda\Local Settings\Application Data\05154484910053.xxe
File not found -- C:\Documents and Settings\Linda\Desktop\µTorrent.lnk
File not found -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
File not found -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
File not found -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-10071102}.CDF
File not found -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-10071102}.BAK
File not found -- C:\WINDOWS\_default.pif
[2010/06/30 17:01:26 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,132 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,030,132 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000004-10071102}.rfx
[2010/06/30 17:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/30 17:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/30 17:01:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
[2010/06/30 17:01:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
[2010/06/18 12:44:41 | 000,522,726 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/18 12:44:41 | 000,443,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/18 12:44:41 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/14 11:53:02 | 000,047,616 | ---- | M] (PDRV) -- C:\WINDOWS\System32\drivers\pdrv.sys
[2010/06/14 11:53:02 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\pdrv.dll
[2010/06/10 11:00:25 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 17:17:42 | 000,008,259 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
[2010/06/30 17:12:34 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
[2010/06/30 15:33:48 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010/06/30 15:32:40 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/30 15:32:40 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/30 15:32:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/30 15:32:39 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/30 15:32:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/30 15:32:38 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/30 15:30:15 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/30 15:30:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/30 15:30:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/30 15:30:05 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/30 15:30:01 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/29 22:11:53 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
[2010/06/29 21:30:17 | 000,012,732 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
[2010/06/29 21:24:10 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
[2010/06/29 16:41:25 | 000,012,234 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
[2010/06/29 16:35:10 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
[2010/06/29 16:28:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0554999559954.xxe
[2010/06/29 16:27:28 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
[2010/06/20 13:35:58 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
[2010/06/18 12:54:11 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
[2010/06/18 12:48:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\097101524998102.xxe
[2010/06/18 12:47:19 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
[2010/06/16 11:51:48 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/16 11:51:48 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/06/15 20:59:21 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
[2010/06/15 20:43:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\05154484910053.xxe
[2010/06/15 20:42:40 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
[2010/06/14 23:08:52 | 000,000,039 | ---- | C] () -- C:\WINDOWS\bk20856.dat
[2010/06/14 11:58:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo
[2010/06/14 11:58:37 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/06/14 11:58:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/06/14 11:58:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535748485197.xxe
[2010/06/14 11:58:17 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0995154505553.xxe
[2010/06/14 11:58:05 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\0535049569854.xxe
[2010/06/14 11:53:02 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\pdrv.dll
[2010/06/10 17:53:43 | 000,049,143 | ---- | C] () -- C:\Program Files\EULA.eng
[2010/06/01 21:33:24 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2010/06/01 21:33:24 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\888poker.lnk
[2010/05/26 15:47:31 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to art pictures.lnk
[2010/05/12 21:25:42 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Spotify.lnk
[2010/05/01 09:56:09 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\ePSXe.lnk
[2010/04/16 02:32:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\William Hill Casino.lnk
[2010/04/08 05:48:13 | 000,450,560 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Doc1.doc
[2010/04/05 12:21:47 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\William Hill Poker.lnk
[2010/02/23 05:57:31 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/22 22:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isnooker.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/09/17 10:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/08/07 16:58:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/08/07 16:51:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/08/07 16:35:41 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/08/07 11:05:22 | 000,000,430 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/08/07 09:40:42 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2004/08/07 09:40:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2004/08/07 09:39:37 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/08/07 09:39:37 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/08/07 09:38:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2004/08/07 09:38:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2004/08/07 09:38:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2004/08/06 22:16:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/06 21:10:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/06 21:08:45 | 000,068,908 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/08/06 21:08:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/06 21:08:23 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/08/06 21:08:23 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/08/06 21:06:17 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/06 20:58:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/06 20:52:10 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/08/06 20:52:08 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys
[2004/06/10 22:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 02:08:28 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys

========== LOP Check ==========

File not found -- C:\Documents and Settings\All Users\Application Data\BVRP Software
File not found -- C:\Documents and Settings\All Users\Application Data\DriverCure
File not found -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
File not found -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
File not found -- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
File not found -- C:\Documents and Settings\All Users\Application Data\ScanSoft
File not found -- C:\Documents and Settings\All Users\Application Data\TEMP
File not found -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
File not found -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
File not found -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
File not found -- C:\Documents and Settings\Linda\Application Data\FrostWire
File not found -- C:\Documents and Settings\Linda\Application Data\info joy ford
File not found -- C:\Documents and Settings\Linda\Application Data\Microgaming
File not found -- C:\Documents and Settings\Linda\Application Data\PacificPoker
File not found -- C:\Documents and Settings\Linda\Application Data\ScanSoft
File not found -- C:\Documents and Settings\Linda\Application Data\Spotify
File not found -- C:\Documents and Settings\Linda\Application Data\Ulead Systems
File not found -- C:\Documents and Settings\Linda\Application Data\uTorrent
File not found -- C:\WINDOWS\Tasks\A21E998D9185167D.job
File not found -- C:\WINDOWS\Tasks\DriverCure.job
File not found -- C:\WINDOWS\Tasks\OGALogon.job
File not found -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
File not found -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-10 03:05:03


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\LastGood\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 00:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/09/04 04:12:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/09/04 04:12:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\imm32.dll

< MD5 for: KERNEL32.DLL >
[2004/08/04 00:56:44 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[2009/03/21 14:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:56:56 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 03:41:10 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:56:46 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\sp2gdr\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\sp2qfe\spoolsv.exe
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/06 11:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 4:17 am

it only opened one notepad .. (OTL.Txt - Notepad) the othe Extras.Txt did not appear

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 4:37 am

Hi duck_boi_97,

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

=====

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 4:56 am

this is the log created from the Lop S&D scan

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Linda ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 9.0.0.1400 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:78 Go (Free:3 Go)
E:\ (Local Disk) - NTFS - Total:57 Go (Free:30 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 30/06/2010|18:44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Tasks\A21E998D9185167D.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool\Less Else.dat
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool\Less Else.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\Beep Fast Okay Hope.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\cdromstupidtime.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\Online Noun Dumb.exe
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1\yilbzemk.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_b25c.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f16b.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f508.exe
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@d2.advertserve[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@adultfriendfinder[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@ads.adultadvertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising.sheknows[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[10].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[11].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[6].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[7].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[8].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@advertising[9].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@ero-advertising[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@bigpoint[6].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.darkorbit.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.darkorbit.bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@en.seafight.bigpoint[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@uk.farmerama.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@uk.farmerama.bigpoint[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@xblaster.bigpoint[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@pacificpoker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@pacificpoker[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[5].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@partypoker[7].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@las-vegas-nevada[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegas.williamhill[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegas.williamhill[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegasred[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@vegasred[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@[You must be registered and logged in to see this link.]
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888casino[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888games[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888ladies[4].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888poker[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888sport[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[1].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[2].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[3].txt
Deleted! - C:\DOCUME~1\Linda\Cookies\linda@888[4].txt
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bis1A.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bisDC.exe
Deleted! - C:\DOCUME~1\Linda\LOCALS~1\Temp\bisDF.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ping Sign Byte Tool
Deleted! - C:\DOCUME~1\Ian\APPLIC~1\infojo~1
Deleted! - C:\DOCUME~1\Linda\APPLIC~1\infojo~1
Deleted! - C:\Program Files\infojo~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[06/08/2004|21:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[07/08/2004|09:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
[06/08/2004|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/08/2004|21:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[06/08/2004|23:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[07/08/2004|11:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[06/08/2004|20:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[22/10/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[01/12/2009|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[07/08/2004|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[22/10/2009|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/10/2009|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/12/2009|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[06/08/2004|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[30/06/2010|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverCure
[07/08/2004|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[27/12/2009|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/06/2010|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[21/10/2009|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[18/11/2009|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[31/01/2010|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[30/12/2009|22:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
[30/06/2010|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[07/08/2004|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[17/09/2005|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[30/06/2010|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01/04/2010|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[07/08/2004|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[26/10/2009|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[06/08/2004|20:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/11/2009|22:20] C:\DOCUME~1\Ian\APPLIC~1\Adobe
[30/12/2009|14:10] C:\DOCUME~1\Ian\APPLIC~1\Apple Computer
[07/08/2004|09:45] C:\DOCUME~1\Ian\APPLIC~1\ArcSoft
[07/08/2004|12:52] C:\DOCUME~1\Ian\APPLIC~1\CyberLink
[30/12/2009|22:31] C:\DOCUME~1\Ian\APPLIC~1\DriverCure
[07/08/2004|12:28] C:\DOCUME~1\Ian\APPLIC~1\EPSON
[20/03/2010|04:00] C:\DOCUME~1\Ian\APPLIC~1\FrostWire
[06/08/2004|23:29] C:\DOCUME~1\Ian\APPLIC~1\Identities
[21/03/2010|21:12] C:\DOCUME~1\Ian\APPLIC~1\LittlewoodsPoker
[07/08/2004|09:55] C:\DOCUME~1\Ian\APPLIC~1\Macromedia
[31/03/2010|22:55] C:\DOCUME~1\Ian\APPLIC~1\Microgaming
[27/11/2009|19:59] C:\DOCUME~1\Ian\APPLIC~1\Microsoft
[29/04/2010|21:33] C:\DOCUME~1\Ian\APPLIC~1\MSN6
[18/02/2010|02:12] C:\DOCUME~1\Ian\APPLIC~1\Office Genuine Advantage
[30/06/2010|15:29] C:\DOCUME~1\Ian\APPLIC~1\PC Tools
[07/08/2004|11:05] C:\DOCUME~1\Ian\APPLIC~1\ScanSoft
[09/06/2010|21:48] C:\DOCUME~1\Ian\APPLIC~1\Spotify
[25/04/2010|15:36] C:\DOCUME~1\Ian\APPLIC~1\Sun
[17/09/2005|10:17] C:\DOCUME~1\Ian\APPLIC~1\Symantec
[07/08/2004|12:28] C:\DOCUME~1\Ian\APPLIC~1\Ulead Systems
[30/06/2010|17:00] C:\DOCUME~1\Ian\APPLIC~1\uTorrent

[29/10/2009|19:43] C:\DOCUME~1\Linda\APPLIC~1\Adobe
[24/12/2009|14:20] C:\DOCUME~1\Linda\APPLIC~1\Apple Computer
[30/06/2010|17:08] C:\DOCUME~1\Linda\APPLIC~1\FrostWire
[06/08/2004|23:54] C:\DOCUME~1\Linda\APPLIC~1\Identities
[25/12/2009|18:51] C:\DOCUME~1\Linda\APPLIC~1\InstallShield
[07/08/2004|17:15] C:\DOCUME~1\Linda\APPLIC~1\Macromedia
[17/03/2010|18:44] C:\DOCUME~1\Linda\APPLIC~1\Microgaming
[02/12/2009|00:32] C:\DOCUME~1\Linda\APPLIC~1\Microsoft
[22/10/2009|18:42] C:\DOCUME~1\Linda\APPLIC~1\Mozilla
[03/06/2010|17:53] C:\DOCUME~1\Linda\APPLIC~1\MSN6
[28/02/2010|14:45] C:\DOCUME~1\Linda\APPLIC~1\Office Genuine Advantage
[01/06/2010|21:35] C:\DOCUME~1\Linda\APPLIC~1\PacificPoker
[07/08/2004|12:16] C:\DOCUME~1\Linda\APPLIC~1\ScanSoft
[30/06/2010|12:31] C:\DOCUME~1\Linda\APPLIC~1\Spotify
[22/10/2009|21:15] C:\DOCUME~1\Linda\APPLIC~1\Sun
[07/08/2004|12:18] C:\DOCUME~1\Linda\APPLIC~1\Ulead Systems
[30/06/2010|17:12] C:\DOCUME~1\Linda\APPLIC~1\uTorrent

[26/01/2010|23:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/08/2004|20:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[30/06/2010 17:03][--a------] C:\WINDOWS\tasks\OGALogon.job
[30/06/2010 17:50][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[30/06/2010 17:03][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[30/06/2010 18:00][--a------] C:\WINDOWS\tasks\ParetoLogic Registration.job
[28/06/2010 04:31][--a------] C:\WINDOWS\tasks\DriverCure.job
[26/06/2010 03:38][--a------] C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[25/06/2010 20:22][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[30/06/2010 17:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/09/2001 04:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000


--------------------\\ Listing Folders in C:\Program Files

[06/08/2004|23:09] C:\Program Files\321Studios
[06/08/2004|23:13] C:\Program Files\321StudiosRF
[06/08/2004|20:55] C:\Program Files\ABIT
[06/08/2004|21:11] C:\Program Files\Adobe
[07/08/2004|11:41] C:\Program Files\Ahead
[22/10/2009|18:20] C:\Program Files\Apple Software Update
[07/08/2004|09:42] C:\Program Files\ArcSoft
[29/11/2009|23:35] C:\Program Files\Ask Search Assistant
[22/10/2009|18:42] C:\Program Files\AskBarDis
[06/08/2004|21:01] C:\Program Files\ATI Technologies
[22/10/2009|18:20] C:\Program Files\Bonjour
[07/08/2004|16:58] C:\Program Files\BT Openworld Broadband ICM
[07/08/2004|16:54] C:\Program Files\BTopenworld NetHelp
[23/02/2010|03:52] C:\Program Files\Circle Devlopement
[06/08/2004|23:27] C:\Program Files\CloneDVD
[30/06/2010|15:29] C:\Program Files\Common Files
[06/08/2004|20:21] C:\Program Files\ComPlus Applications
[28/03/2010|15:36] C:\Program Files\Conduit
[06/08/2004|21:10] C:\Program Files\Creative
[06/08/2004|22:08] C:\Program Files\CyberLink
[26/04/2010|03:39] C:\Program Files\Delta
[06/01/2010|01:12] C:\Program Files\DivX
[07/08/2004|09:44] C:\Program Files\EPSON
[07/08/2004|17:09] C:\Program Files\FlashFXP
[22/10/2009|21:22] C:\Program Files\FrostWire
[22/10/2009|22:06] C:\Program Files\FrostWire1
[30/06/2010|18:27] C:\Program Files\Full Tilt Poker
[06/01/2010|01:13] C:\Program Files\Google
[21/03/2010|14:09] C:\Program Files\InstallShield Installation Information
[06/08/2004|20:52] C:\Program Files\Intel
[10/06/2010|11:00] C:\Program Files\Internet Explorer
[13/02/2010|22:10] C:\Program Files\iPod
[13/02/2010|22:11] C:\Program Files\iTunes
[22/10/2009|21:22] C:\Program Files\Java
[07/08/2004|14:59] C:\Program Files\Lavasoft
[10/06/2010|17:54] C:\Program Files\LittlewoodsPoker
[16/06/2010|11:51] C:\Program Files\McAfeeScanAndRepair
[28/03/2010|15:36] C:\Program Files\Messenger Plus! Live
[22/05/2010|17:32] C:\Program Files\Messenger_Plus_Live_UK
[21/10/2009|17:47] C:\Program Files\Microsoft
[06/08/2004|22:15] C:\Program Files\Microsoft ActiveSync
[07/08/2004|10:56] C:\Program Files\Microsoft AutoRoute
[23/10/2009|02:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/08/2004|20:23] C:\Program Files\microsoft frontpage
[06/08/2004|21:17] C:\Program Files\Microsoft IntelliPoint
[06/08/2004|21:16] C:\Program Files\Microsoft IntelliType Pro
[07/08/2004|10:55] C:\Program Files\Microsoft Office
[21/10/2009|17:46] C:\Program Files\Microsoft Office Outlook Connector
[07/08/2004|10:53] C:\Program Files\Microsoft Plus!
[06/06/2010|13:02] C:\Program Files\Microsoft Silverlight
[21/10/2009|17:42] C:\Program Files\Microsoft SQL Server Compact Edition
[21/10/2009|17:43] C:\Program Files\Microsoft Sync Framework
[06/08/2004|22:15] C:\Program Files\Microsoft Visual Studio
[23/10/2009|02:48] C:\Program Files\Microsoft Works
[06/08/2004|22:15] C:\Program Files\Microsoft.NET
[07/08/2004|16:53] C:\Program Files\Motive
[10/03/2010|22:56] C:\Program Files\Movie Maker
[22/10/2009|18:42] C:\Program Files\Mozilla Firefox
[24/10/2009|17:17] C:\Program Files\MSBuild
[06/11/2009|00:35] C:\Program Files\MSN
[06/08/2004|20:20] C:\Program Files\MSN Gaming Zone
[21/10/2009|17:34] C:\Program Files\MSN Toolbar
[19/10/2009|18:42] C:\Program Files\MSXML 4.0
[19/10/2009|18:25] C:\Program Files\NetMeeting
[06/08/2004|20:21] C:\Program Files\Online Services
[12/05/2010|03:01] C:\Program Files\Outlook Express
[01/06/2010|21:33] C:\Program Files\PacificPoker
[13/06/2010|18:08] C:\Program Files\PakkISO
[30/12/2009|22:30] C:\Program Files\ParetoLogic
[04/06/2010|14:50] C:\Program Files\PartyGaming
[25/12/2009|18:51] C:\Program Files\Philips
[06/12/2009|15:25] C:\Program Files\Philips PhotoFrame Manager
[15/06/2010|15:08] C:\Program Files\PokerStars
[18/05/2010|22:58] C:\Program Files\PSXMemTool
[01/12/2009|23:27] C:\Program Files\QuickTime
[24/10/2009|17:17] C:\Program Files\Reference Assemblies
[07/08/2004|11:03] C:\Program Files\ScanSoft
[06/08/2004|23:23] C:\Program Files\SlySoft
[07/06/2010|18:43] C:\Program Files\Spotify
[30/06/2010|16:38] C:\Program Files\Spyware Doctor
[17/09/2005|10:39] C:\Program Files\Symantec
[30/06/2010|17:06] C:\Program Files\Symantec AntiVirus
[06/08/2004|20:43] C:\Program Files\SymNetDrv
[07/08/2004|09:58] C:\Program Files\Ulead Systems
[06/08/2004|21:29] C:\Program Files\Uninstall Information
[22/10/2009|18:41] C:\Program Files\uTorrent
[14/06/2010|11:58] C:\Program Files\webserver
[06/08/2004|21:50] C:\Program Files\Wildfire Studios
[21/10/2009|17:46] C:\Program Files\Windows Live
[21/10/2009|17:40] C:\Program Files\Windows Live SkyDrive
[01/11/2009|05:26] C:\Program Files\Windows Media Connect 2
[01/11/2009|05:26] C:\Program Files\Windows Media Player
[19/10/2009|18:25] C:\Program Files\Windows NT
[17/09/2005|10:39] C:\Program Files\WindowsUpdate
[07/08/2004|00:07] C:\Program Files\WinRAR
[06/08/2004|20:23] C:\Program Files\xerox
[07/08/2004|16:52] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[21/10/2009|17:10] C:\Program Files\Common Files\Adobe
[06/08/2004|22:21] C:\Program Files\Common Files\Ahead
[13/02/2010|22:10] C:\Program Files\Common Files\Apple
[06/08/2004|22:15] C:\Program Files\Common Files\DESIGNER
[06/01/2010|01:12] C:\Program Files\Common Files\DivX Shared
[07/08/2004|09:38] C:\Program Files\Common Files\EPSON
[07/08/2004|11:02] C:\Program Files\Common Files\InstallShield
[22/10/2009|21:21] C:\Program Files\Common Files\Java
[06/08/2004|22:16] C:\Program Files\Common Files\L&H
[30/06/2010|15:29] C:\Program Files\Common Files\Microsoft Shared
[07/08/2004|16:54] C:\Program Files\Common Files\Motive
[06/08/2004|20:21] C:\Program Files\Common Files\MSSoap
[06/08/2004|21:14] C:\Program Files\Common Files\ODBC
[30/12/2009|22:30] C:\Program Files\Common Files\ParetoLogic
[30/06/2010|15:32] C:\Program Files\Common Files\PC Tools
[07/08/2004|09:40] C:\Program Files\Common Files\Python
[07/08/2004|11:04] C:\Program Files\Common Files\Scansoft Shared
[06/08/2004|20:22] C:\Program Files\Common Files\Services
[06/08/2004|21:14] C:\Program Files\Common Files\SpeechEngines
[17/09/2005|10:40] C:\Program Files\Common Files\Symantec Shared
[21/10/2009|17:46] C:\Program Files\Common Files\System
[07/08/2004|09:58] C:\Program Files\Common Files\Ulead Systems
[21/10/2009|17:35] C:\Program Files\Common Files\Windows Live

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 18:51:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Linda\My Documents\Downloads\Various Artists - Blalock's Indie Rock Playlist May 2010\017 - Tahiti 80 - Crack Up.mp3


[F:4003][D:97]-> C:\DOCUME~1\Linda\LOCALS~1\Temp
[F:4661][D:0]-> C:\DOCUME~1\Linda\Cookies
[F:4289][D:51]-> C:\DOCUME~1\Linda\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 30/06/2010|18:54 - Option : [2]

--------------------\\ Scan completed at 18:54:30

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 5:10 am

it says:
ComboFix has detected the following real time scanner(s) to be active:

antivirus: symantec antivirus corperate edition

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.




I have right clicked the icon in the bottom right hand side of the desktop and Dis-Enabled auto-protect and this still comes up.......what should i do

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 5:20 am

i continued anyway and then this came up........

(a '!' in a yellow triangle in the bottom right with a note saying)
----------------------------------------------
NirCmd.cfxxe - Corrupt File

D:\RECYCLER is corrupt and unreadable
please run Chkdsk utility

--------------------------------------------
(when the computer gets turned on it goes to a Chkdsk screen but i have never let it run through as it appears to take forever and a day and if i remember rightly stayed on one bit for over 5 minutes...

I ALSO HAVE TO HIT F1 AT THE LOADING SCREEN BEFORE LOGIN (litrally the first screen that comes up when i turn the computer on)

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 5:26 am

i will leave commy.exe running untill you tell me otherwise......... but it is saying its ''preparing to run'' and is staying liek that for a long time....and everytime i start commy.exe again the yellow triangle with the corrupt file warning come up in the bottom right hand corner

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 6:19 am

Hi,

Please boot into safe-mode and run ComboFix, you can do this by rebooting your computer and tapping F8 until it prompts you to choose which one. Please choose Safe-mode with Networking, once you are logged in please run ComboFix.exe and post that log here in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 7:29 am

i tryed to use commy.exe again and this time it worked it restarted computer automatically ....Here is the log from the commy.exe and the log from the Lop S&D has already been posted.....

ComboFix 10-06-29.04 - Linda 30/06/2010 20:28:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.421 [GMT 1:00]
Running from: c:\documents and settings\Linda\Desktop\commy.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Linda\Local Settings\Application Data\05154484910053.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0535049569854.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0535748485197.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0554999559954.xxe
c:\documents and settings\Linda\Local Settings\Application Data\097101524998102.xxe
c:\documents and settings\Linda\Local Settings\Application Data\0995154505553.xxe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276630956.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276631959.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276861635.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1276862048.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277037356.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277825246.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277825703.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277826082.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277843048.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277843416.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277845910.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277914351.exe
c:\documents and settings\Linda\Local Settings\Application Data\rdr_1277914660.exe
c:\program files\webserver
c:\program files\webserver\webserver.exe
c:\windows\bill112.exe
c:\windows\bill113.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\lgo
c:\windows\system32\drivers\pdrv.sys
c:\windows\system32\pdrv.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PDRV
-------\Legacy_PPDRV
-------\Legacy_WEBSERVER
-------\Service_PDRV
-------\Service_ppdrv
-------\Service_webserver


((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 17:43 . 2010-06-30 17:54 -------- d-----w- C:\Lop SD
2010-06-30 16:23 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\Threat Expert
2010-06-30 16:22 . 2010-06-30 16:23 37524 ----a-w- c:\windows\fs1235.dat
2010-06-30 14:32 . 2010-06-23 04:01 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-30 14:32 . 2010-06-23 04:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-30 14:32 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-30 14:32 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-30 14:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-30 14:30 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-30 14:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-30 14:30 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-30 14:29 . 2010-06-30 14:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 14:29 . 2010-06-30 15:38 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 14:29 . 2010-06-30 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 14:29 . 2010-06-30 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 06:50 . 2010-06-29 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-16 10:51 . 2010-06-16 10:51 -------- d-----w- c:\program files\McAfeeScanAndRepair
2010-06-14 22:08 . 2010-06-30 10:46 39 ----a-w- c:\windows\bk20856.dat
2010-06-13 17:08 . 2010-06-13 17:08 -------- d-----w- c:\program files\PakkISO
2010-06-09 02:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 20:32 . 2010-06-01 20:35 -------- d-----w- c:\documents and settings\Linda\Application Data\PacificPoker
2010-06-01 20:32 . 2010-06-01 20:33 -------- d-----w- c:\program files\PacificPoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 20:04 . 2009-10-22 17:41 -------- d-----w- c:\documents and settings\Linda\Application Data\uTorrent
2010-06-30 20:03 . 2009-10-22 21:06 -------- d-----w- c:\documents and settings\Linda\Application Data\FrostWire
2010-06-30 20:01 . 2005-09-17 09:39 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 17:27 . 2009-11-01 22:00 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-30 14:21 . 2009-12-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-30 11:31 . 2010-05-12 20:25 -------- d-----w- c:\documents and settings\Linda\Application Data\Spotify
2010-06-15 14:08 . 2010-03-04 19:06 -------- d-----w- c:\program files\PokerStars
2010-06-10 16:54 . 2010-03-21 20:10 -------- d-----w- c:\program files\LittlewoodsPoker
2010-06-07 17:43 . 2010-05-12 20:25 -------- d-----w- c:\program files\Spotify
2010-06-06 12:02 . 2009-10-21 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 13:50 . 2010-03-18 00:44 -------- d-----w- c:\program files\PartyGaming
2010-06-03 16:53 . 2009-10-21 16:10 -------- d-----w- c:\documents and settings\Linda\Application Data\MSN6
2010-05-26 20:36 . 2010-06-10 16:53 49143 ----a-w- c:\program files\EULA.eng
2010-05-22 16:32 . 2010-03-28 14:36 -------- d-----w- c:\program files\Messenger_Plus_Live_UK
2010-05-18 21:58 . 2010-05-18 17:15 -------- d-----w- c:\program files\PSXMemTool
2010-05-06 10:41 . 2004-02-06 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 01:14 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-09-04 03:12 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-05-22 16:32 2515552 ----a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-01-20 1531904]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-12 270336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-10-29 139363]
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-10-29 57344]
"OpScheduler"="c:\program files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-10-29 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-06 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-06 124112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}"="c:\program files\Philips PhotoFrame Manager\AvqAutoRun.exe" [2009-05-04 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\documents and settings\Linda\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire1\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetHelp.lnk - c:\program files\BTopenworld NetHelp\bin\matcli.exe [2004-8-7 204800]
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-25 119296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire1\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:pdrv

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/06/2010 15:30 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/06/2010 15:32 198608]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [06/08/2004 21:08 12160]
S2 gupdate1ca8e64ed51f805;Google Update Service (gupdate1ca8e64ed51f805);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 01:12 133104]
S3 McLtScanner;McLtScanner;c:\program files\McAfeeScanAndRepair\McRbScanner.exe [29/01/2010 07:40 679920]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [06/08/2004 16:18 169192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2010 15:29 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-28 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-06-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-26 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
AddRemove-Ladbrokes Poker - c:\microg~1\Poker\LADBRO~1\LADBRO~1\UNWISE.EXE
AddRemove-MsgPlus! Plugin - c:\program files\MessengerPlus! 3\MsgPlus.exe
AddRemove-UT2004 - e:\games\UT2004\System\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPagePro14.0\OpHook14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\browser\ybrowser.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
.
**************************************************************************
.
Completion time: 2010-06-30 21:14:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 20:14

Pre-Run: 13,599,518,720 bytes free
Post-Run: 17,283,899,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 56773AEE8A0B02DC87D7C0C389284882

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 7:57 am

Hi duck_boi_97,

Please be more careful when installing things as the LOP infection came from Messenger Plus, we still have a couple more things to do before you are all clean.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\fs1235.dat
    c:\windows\bk20856.dat

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


======

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 8:38 am

commy.exe log after dragging CFScript.txt into the commy.exe

ComboFix 10-06-29.04 - Linda 30/06/2010 22:07:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.485 [GMT 1:00]
Running from: c:\documents and settings\Linda\Desktop\commy.exe
Command switches used :: c:\documents and settings\Linda\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\bk20856.dat"
"c:\windows\fs1235.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bk20856.dat
c:\windows\fs1235.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 20:48 . 2010-06-30 20:48 -------- d-----w- c:\windows\LastGood
2010-06-30 17:43 . 2010-06-30 17:54 -------- d-----w- C:\Lop SD
2010-06-30 16:23 . 2010-06-30 16:23 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\Threat Expert
2010-06-30 14:32 . 2010-06-23 04:01 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-30 14:32 . 2010-06-23 04:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-30 14:32 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-30 14:32 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-06-30 14:32 . 2010-06-23 04:01 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-30 14:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-30 14:30 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-30 14:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-30 14:30 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-30 14:29 . 2010-06-30 14:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 14:29 . 2010-06-30 15:38 -------- d-----w- c:\program files\Spyware Doctor
2010-06-30 14:29 . 2010-06-30 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 14:29 . 2010-06-30 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 06:50 . 2010-06-29 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-06-16 10:51 . 2010-06-16 10:51 -------- d-----w- c:\program files\McAfeeScanAndRepair
2010-06-13 17:08 . 2010-06-13 17:08 -------- d-----w- c:\program files\PakkISO
2010-06-09 02:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-01 20:32 . 2010-06-01 20:35 -------- d-----w- c:\documents and settings\Linda\Application Data\PacificPoker
2010-06-01 20:32 . 2010-06-01 20:33 -------- d-----w- c:\program files\PacificPoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 21:04 . 2005-09-17 09:39 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-30 20:04 . 2009-10-22 17:41 -------- d-----w- c:\documents and settings\Linda\Application Data\uTorrent
2010-06-30 20:03 . 2009-10-22 21:06 -------- d-----w- c:\documents and settings\Linda\Application Data\FrostWire
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 19:46 . 2004-08-06 20:12 292 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000004-10071102}.dat
2010-06-30 17:27 . 2009-11-01 22:00 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-30 14:21 . 2009-12-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-06-30 11:31 . 2010-05-12 20:25 -------- d-----w- c:\documents and settings\Linda\Application Data\Spotify
2010-06-15 14:08 . 2010-03-04 19:06 -------- d-----w- c:\program files\PokerStars
2010-06-10 16:54 . 2010-03-21 20:10 -------- d-----w- c:\program files\LittlewoodsPoker
2010-06-07 17:43 . 2010-05-12 20:25 -------- d-----w- c:\program files\Spotify
2010-06-06 12:02 . 2009-10-21 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 13:50 . 2010-03-18 00:44 -------- d-----w- c:\program files\PartyGaming
2010-06-03 16:53 . 2009-10-21 16:10 -------- d-----w- c:\documents and settings\Linda\Application Data\MSN6
2010-05-26 20:36 . 2010-06-10 16:53 49143 ----a-w- c:\program files\EULA.eng
2010-05-22 16:32 . 2010-03-28 14:36 -------- d-----w- c:\program files\Messenger_Plus_Live_UK
2010-05-18 21:58 . 2010-05-18 17:15 -------- d-----w- c:\program files\PSXMemTool
2010-05-12 20:25 . 2010-05-12 20:25 655360 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 20:25 . 2010-05-12 20:25 282624 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 20:25 . 2010-05-12 20:25 208896 ----a-w- c:\documents and settings\Linda\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-06 10:41 . 2004-02-06 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 01:14 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-09-04 03:12 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-05-22 16:32 2515552 ----a-w- c:\program files\Messenger_Plus_Live_UK\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{77F40091-495B-4C46-9068-2B24C4133157}"= "c:\program files\Messenger_Plus_Live_UK\tbMes1.dll" [2010-05-22 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-01-20 1531904]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2004-07-12 270336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"WorkFlowTray"="c:\program files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe" [2003-10-29 139363]
"Opware14"="c:\program files\ScanSoft\OmniPagePro14.0\Opware14.exe" [2003-10-29 57344]
"OpScheduler"="c:\program files\ScanSoft\OmniPagePro14.0\OpScheduler.exe" [2003-10-29 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-06 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-06 124112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}"="c:\program files\Philips PhotoFrame Manager\AvqAutoRun.exe" [2009-05-04 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\documents and settings\Linda\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire1\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetHelp.lnk - c:\program files\BTopenworld NetHelp\bin\matcli.exe [2004-8-7 204800]
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2009-12-25 119296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire1\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/06/2010 15:30 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [30/06/2010 15:32 198608]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [06/08/2004 21:08 12160]
S2 gupdate1ca8e64ed51f805;Google Update Service (gupdate1ca8e64ed51f805);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 01:12 133104]
S3 McLtScanner;McLtScanner;c:\program files\McAfeeScanAndRepair\McRbScanner.exe [29/01/2010 07:40 679920]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [06/08/2004 16:18 169192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/06/2010 15:29 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-28 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 00:12]

2010-06-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-06-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-06-26 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-30 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(668)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-06-30 22:33:45
ComboFix-quarantined-files.txt 2010-06-30 21:33
ComboFix2.txt 2010-06-30 20:14

Pre-Run: 17,310,703,616 bytes free
Post-Run: 17,284,517,888 bytes free

- - End Of File - - ACCC463724DB34D2A8CB9CDA724D917C

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 9:34 am

it has been an hour scanning on Malwarebytes i shall leave it scanning and send you the logg when its done ..... jsut to let you know

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 11:53 am

here is the log from the Malwarebytes scan....(the scanner has succefully removed all threats it found)

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/07/2010 01:48:51
mbam-log-2010-07-01 (01-48-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 279885
Time elapsed: 3 hour(s), 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276630956.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276631959.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276861635.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1276862048.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277037356.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\webserver\webserver.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\bill112.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\bill113.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pdrv.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP272\A0153077.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157439.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157440.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157441.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157442.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157449.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157450.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157451.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157452.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157453.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_b25c.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f16b.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Lop SD\Backup-Lop\DOCUME~1\Linda\LOCALS~1\Temp\msgpl_f508.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Poker\Titan Poker\_SetupPoker_6d28f9.exe (Adware.Casino) -> Quarantined and deleted successfully.
D:\Chris' music files\music\SetupPoker_6d28f9.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ian\Favorites\Free Porn Videos & Pussy Movies- Sex Videos, Porno, Porn Tube, XXX and Pussy Porn..url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ian\Local Settings\Application Data\rdr_1277907699.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Thu 01 Jul 2010, 11:54 am

i am restarting the computer now (the malware scanner gave me the option to restart my computer so i am doing)

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Thu 01 Jul 2010, 2:36 pm

Hi duck_boi_97,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri 02 Jul 2010, 12:20 am

just to let you know....im still getting Backdoor.Tidserv!inf's being found by my symantec antivirus .........even as the ESET online scanner is working.....the problem is as i get rid of say 24 - 50 threats im getting another 1 or 2 backdoor.tidserv!inf's and when i restart the comp they all end up rebooting dont they? even if their is only one left....(i did some research on the tidserv virus online)

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri 02 Jul 2010, 12:48 am

this is the log from the ESET online scan (can you read my last post about the backdoor.tidserv!inf's please and tell me if i have a problem that can or cant be fixed)

ESET Online Scan Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f3701a28d590a34292cc5d6b1a2263be
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-01 01:31:55
# local_time=2010-07-01 02:31:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3585 16777173 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 210 210 0 0
# scanned=145744
# found=19
# cleaned=19
# scan_time=5716
C:\Casino\William Hill Casino\_SetupCasino.exe_e7f.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\PUHT0E3L\p[1].exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Poker\William Hill Poker\_SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825246.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277825703.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277843048.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277845910.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Linda\Local Settings\Application Data\rdr_1277914351.exe.vir a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157443.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157444.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157446.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP273\A0157448.exe a variant of Win32/Tinxy.BY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157747.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157748.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A34D20E3-A229-4F3C-9CDD-AD344EC7D034}\RP274\A0157749.exe probably a variant of Win32/Adware.Agent application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\Music\SetupCasino.exe_e7f.exe probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Chris' music files\music\Music\SetupPoker.exe Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sneakyone on Fri 02 Jul 2010, 2:45 am

Hi duck_boi_97,

I see you have P2P software Frostwire, and uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=====

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


=======

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=======


Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri 02 Jul 2010, 3:00 am

what are the best free firewalls and antivirus gear i can get online ?....to help to to prevent getting infected again....

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri 02 Jul 2010, 3:02 am

im sorry but the Backdoor.Tidserv!inf is still being found by my antivirus software.....it has found over 5 in the last 5 minutes .......i am still infected

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by duck_boi_97 on Fri 02 Jul 2010, 3:03 am

they are just constantly popping up every 3 seconds.....my computer is riddled with tidserv infections...please help ...please

duck_boi_97

Rookie Surfer
Rookie Surfer

Posts : 60
Joined : 2010-07-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: Unable to remove Backdoor.Tidserv!inf and FakeAV!gen31

Post by Sponsored content Today at 11:15 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum