W32.Tidserv plus other

View previous topic View next topic Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:15 pm

DDS (Version 1.1.0) - NTFSx86
Run by Yadu at 22:39:55.66 on 03-01-2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.91.1033.18.3070.1632 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Yadu\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\yadu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\yadu\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\assassin's creed\register\RegistrationReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\yadu\appdata\roaming\mozilla\firefox\profiles\ipok5p5r.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:15 pm

============= SERVICES / DRIVERS ===============

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-8-2 28464]

=============== Created Last 30 ================

2009-01-03 22:35 --d----- c:\program files\NVIDIA Corporation
2009-01-03 22:32 --d----- c:\program files\NVIDIA nTune Performance Application
2009-01-03 21:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-03 21:53 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-03 21:53 --d----- c:\windows\system32\drivers\Avg
2009-01-03 21:53 --d----- c:\programdata\avg8
2009-01-03 21:53 --d----- c:\program files\AVG
2009-01-03 21:53 --d----- c:\progra~2\avg8
2009-01-03 20:13 --d----- c:\users\yadu\appdata\roaming\Symantec
2009-01-03 20:08 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-03 20:08 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-03 20:08 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 17:33 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-02 17:33 --d----- C:\Intel
2009-01-02 17:31 303,616 a------- c:\windows\system32\drivers\yk60x86.sys
2009-01-02 17:24 -cd-h--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-02 17:24 -cd-h--- c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-02 17:08 --d----- c:\programdata\DriverScanner
2009-01-02 17:08 --d----- c:\progra~2\DriverScanner
2009-01-02 17:05 --d----- c:\users\yadu\appdata\roaming\Uniblue
2009-01-02 17:05 --d----- c:\program files\Uniblue
2009-01-02 16:57 -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-02 16:57 -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-02 16:18 -cd-h--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-02 16:18 -cd-h--- c:\progra~2\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-02 16:14 --d----- c:\programdata\POPWWPROFILES
2009-01-02 16:14 --d----- c:\progra~2\POPWWPROFILES
2009-01-02 16:12 --d----- c:\users\yadu\Uniblue 2009
2009-01-02 16:12 --d----- c:\users\yadu\Uniblue Performans Programs
2009-01-02 16:06 --d----- c:\users\yadu\pop2
2009-01-02 15:46 --d----- c:\programdata\WinZip
2009-01-01 20:24 --d----- c:\users\yadu\appdata\roaming\Ubisoft
2009-01-01 20:06 --d----- c:\programdata\Ubisoft
2008-12-29 11:43 509,448 a------- c:\windows\system32\XAudio2_2.dll
2008-12-29 11:43 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2008-12-29 11:43 238,088 a------- c:\windows\system32\xactengine3_2.dll
2008-12-29 11:43 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2008-12-29 11:43 467,984 a------- c:\windows\system32\d3dx10_39.dll
2008-12-29 11:43 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2008-12-29 11:43 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-29 11:43 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-29 11:42 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-29 11:42 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-29 11:42 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-29 11:42 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-29 11:42 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-27 20:07 --d----- C:\ComboFix
2008-12-27 18:07 161,792 a------- c:\windows\SWREG.exe
2008-12-27 18:07 98,816 a------- c:\windows\sed.exe
2008-12-26 09:03 244,848,842 a------- C:\SYM_REGISTRY_BACKUP.reg
2008-12-25 21:52 297,548,003 a------- c:\windows\MEMORY.DMP
2008-12-25 21:46 --d----- c:\program files\Microsoft Visual Studio 8
2008-12-24 15:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-23 21:38 --d----- c:\windows\EasyDecrypter v1.12
2008-12-23 21:34 --d----- c:\programdata\Google Updater
2008-12-22 15:08 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2008-12-22 15:08 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2008-12-22 15:08 11,776 a------- c:\windows\system32\msshooks.dll
2008-12-22 15:08 34,816 a------- c:\windows\system32\msscb.dll
2008-12-22 14:49 147,456 a------- c:\windows\system32\Faultrep.dll
2008-12-22 14:49 125,952 a------- c:\windows\system32\wersvc.dll
2008-12-22 14:49 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-12-22 14:38 --d----- c:\users\yadu\appdata\roaming\Windows Live Writer
2008-12-22 14:09 --d----- C:\PerfLogs
2008-12-22 12:08 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-12-22 12:07 175,104 a------- c:\windows\system32\dot3svc.dll
2008-12-22 12:06 257,024 a------- c:\windows\system32\VAN.dll
2008-12-22 12:05 505,344 a------- c:\windows\system32\qedit.dll
2008-12-22 12:04 101,376 a------- c:\windows\system32\wmpshell.dll
2008-12-22 12:03 20,992 a------- c:\windows\system32\drivers\tdi.sys
2008-12-22 12:02 120,458 a------- c:\windows\system32\secpol.msc
2008-12-22 12:02 145,455 a------- c:\windows\system32\perfmon.msc
2008-12-22 12:02 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-12-22 12:02 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-22 11:09 357,888 a------- c:\windows\system32\wbemcomn.dll
2008-12-22 11:09 704,512 a------- c:\windows\system32\SmiEngine.dll
2008-12-22 11:09 139,264 a------- c:\windows\system32\SmiInstaller.dll
2008-12-22 11:09 129,536 a------- c:\windows\system32\sqmapi.dll
2008-12-22 11:08 218,624 a------- c:\windows\system32\wdscore.dll
2008-12-22 11:08 130,560 a------- c:\windows\system32\PkgMgr.exe
2008-12-22 11:08 246,784 a------- c:\windows\system32\drvstore.dll
2008-12-22 11:08 258,560 a------- c:\windows\system32\dpx.dll
2008-12-22 11:08 35,328 a------- c:\windows\system32\mspatcha.dll
2008-12-22 11:08 305,152 a------- c:\windows\system32\msdelta.dll
2008-12-22 01:50 --d----- c:\program files\Microsoft Office Outlook Connector
2008-12-22 01:49 55,264 a------- c:\windows\system32\drivers\fssfltr.sys
2008-12-22 01:45 --d----- c:\program files\Windows Live SkyDrive
2008-12-18 18:40 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-18 06:59 108,336 a------- c:\windows\system32\Mswinsck.ocx
2008-12-18 06:59 64,000 a------- c:\windows\system32\wiaaut.oca
2008-12-18 06:59 132,880 a------- c:\windows\system32\MSINET.OCX
2008-12-18 06:59 102,400 a------- c:\windows\system32\DinkITXPUIMenus.ocx
2008-12-18 06:59 65,536 a------- c:\windows\system32\EnhSliderOcx.ocx
2008-12-17 12:26 --d----- c:\program files\Norton Internet Security
2008-12-17 12:20 --d----- c:\programdata\PCSettings
2008-12-17 12:20 --d----- c:\progra~2\PCSettings
2008-12-17 12:20 --d----- c:\programdata\Norton
2008-12-17 12:20 --d----- c:\progra~2\Norton
2008-12-17 11:51 --d----- c:\programdata\NortonInstaller
2008-12-17 11:51 --d----- c:\progra~2\NortonInstaller
2008-12-17 10:53 --d----- c:\windows\pss
2008-12-17 10:47 --d----- c:\users\yadu\.jagex_cache_32
2008-12-15 19:09 --d----- c:\users\yadu\appdata\roaming\My Battle for Middle-earth(tm) II Files
2008-12-13 16:03 31 a------- c:\users\yadu\jagex_runescape_preferences.dat
2008-12-13 16:03 --d----- C:\.jagex_cache_32
2008-12-12 20:13 269,312 a------- c:\windows\system32\es.dll
2008-12-12 20:11 6,656 a------- c:\windows\system32\kbd106n.dll
2008-12-12 20:11 988,216 a------- c:\windows\system32\winload.exe
2008-12-12 20:11 927,288 a------- c:\windows\system32\winresume.exe
2008-12-12 20:11 615,992 a------- c:\windows\system32\ci.dll
2008-12-12 20:11 378,368 a------- c:\windows\system32\srcore.dll
2008-12-12 20:11 318,464 a------- c:\windows\system32\rstrui.exe
2008-12-12 20:11 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-12-12 20:11 40,960 a------- c:\windows\system32\srclient.dll
2008-12-12 20:11 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-12 20:11 14,848 a------- c:\windows\system32\srdelayed.exe
2008-12-12 20:07 --d----- c:\windows\SQL9_KB954606_ENU
2008-12-12 00:25 --d----- c:\program files\BitLocker
2008-12-11 22:35 1,820 a------- c:\windows\system32\rasctrnm.h
2008-12-11 22:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-11 22:34 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-11 22:34 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-11 22:33 428,544 a------- c:\windows\system32\EncDec.dll
2008-12-11 22:33 217,088 a------- c:\windows\system32\psisrndr.ax
2008-12-11 22:33 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-12-11 22:33 80,896 a------- c:\windows\system32\MSNP.ax
2008-12-11 22:33 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2008-12-11 22:33 293,376 a------- c:\windows\system32\psisdecd.dll
2008-12-11 22:33 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-12-11 22:29 233,888 a------- c:\windows\system32\DreamScene.dll
2008-12-11 22:26 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-11 22:26 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-11 22:26 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-11 22:25 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2008-12-11 22:25 711 a------- c:\windows\system32\CPSOKBTasks.xml
2008-12-11 22:24 678,408 a------- c:\windows\system32\gpprefcl.dll
2008-12-11 22:19 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-11 18:40 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-11 18:40 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-11 18:40 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-11 18:40 272,896 a------- c:\windows\system32\polstore.dll
2008-12-11 18:37 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-11 18:35 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-12-11 18:33 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-11 18:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-11 18:32 1,695,744 a------- c:\windows\system32\gameux.dll
2008-12-11 18:32 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-11 18:31 2,032,640 a------- c:\windows\system32\win32k.sys
2008-12-11 18:30 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-12-11 18:30 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-11 18:20 2,048 a------- c:\windows\system32\tzres.dll
2008-12-11 18:16 2,927,104 a------- c:\windows\explorer.exe
2008-12-11 18:13 827,392 a------- c:\windows\system32\wininet.dll
2008-12-11 18:08 4,497,408 a------- c:\windows\system32\NlsData0019.dll
2008-12-11 18:06 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 18:06 443,392 a------- c:\windows\system32\win32spl.dll
2008-12-11 18:06 37,888 a------- c:\windows\system32\printcom.dll
2008-12-11 18:05 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2008-12-11 18:05 14,848 a------- c:\windows\system32\wshrm.dll
2008-12-11 18:04 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-11 18:04 98,816 a------- c:\windows\system32\mfps.dll
2008-12-11 18:04 53,248 a------- c:\windows\system32\rrinstaller.exe
2008-12-11 18:04 24,576 a------- c:\windows\system32\mfpmp.exe
2008-12-11 18:04 2,048 a------- c:\windows\system32\mferror.dll
2008-12-11 18:04 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-11 18:04 94,720 a------- c:\windows\system32\logagent.exe
2008-12-11 18:02 738,304 a------- c:\windows\system32\inetcomm.dll
2008-12-11 18:02 84,480 a------- c:\windows\system32\INETRES.dll
2008-12-11 18:02 1,314,816 a------- c:\windows\system32\quartz.dll
2008-12-11 18:00 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-11 18:00 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-12-11 17:59 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-12-11 17:59 2,048 a------- c:\windows\system32\msxml6r.dll
2008-12-11 16:11 --d----- c:\program files\common files\Steam
2008-12-11 14:23 --d----- c:\program files\common files\Control Panels
2008-12-11 14:19 --d----- c:\programdata\ALM
2008-12-11 14:19 --d----- c:\progra~2\ALM
2008-12-11 13:46 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2008-12-11 13:19 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2008-12-11 13:19 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-11 12:22 --d----- c:\program files\Steam
2008-12-10 12:01 --d----- c:\users\yadu\appdata\roaming\Internet Chess Club
2008-12-10 12:01 --d----- c:\program files\Internet Chess Club
2008-12-10 00:43 40 a---h--- c:\windows\system32\ivireg.ivr
2008-12-10 00:32 --d----- c:\program files\Symantec
2008-12-10 00:32 --d----- c:\programdata\Symantec
2008-12-10 00:32 --d----- c:\progra~2\Symantec
2008-12-10 00:31 --d----- c:\program files\common files\Symantec Shared
2008-12-10 00:22 --d----- c:\program files\common files\InterVideo
2008-12-10 00:21 --d----- c:\program files\InterVideo
2008-12-10 00:09 201,728 a------- c:\windows\system32\Spiderman 3.scr
2008-12-10 00:09 --d----- c:\windows\system32\Spiderman 3 dir
2008-12-10 00:09 155,648 a------- c:\windows\system32\SonyAIwo.dll

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:16 pm

2008-12-10 00:09 147,456 a------- c:\windows\system32\SonyAIds.dll
2008-12-10 00:09 86,016 a------- c:\windows\system32\SonyAIwd.dll
2008-12-10 00:08 344,064 a------- c:\windows\system32\SSMSIppCustom.dll
2008-12-10 00:08 135,168 a------- c:\windows\system32\CddbLangRUSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangITSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangFRSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangESSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangDESony.dll
2008-12-10 00:08 77,824 a------- c:\windows\system32\CddbLangJASony.dll
2008-12-10 00:08 69,632 a------- c:\windows\system32\CddbLangZHSony.dll
2008-12-10 00:05 --d----- c:\programdata\Sonic
2008-12-10 00:05 --d----- c:\program files\Roxio
2008-12-10 00:05 --d----- c:\program files\common files\Sonic Shared
2008-12-10 00:00 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FZ290U.mrk
2008-12-09 23:58 --d----- c:\programdata\Corel
2008-12-09 23:58 --d----- c:\progra~2\Corel
2008-12-09 23:58 --d----- c:\program files\common files\Corel
2008-12-09 23:58 --d----- c:\program files\Corel
2008-12-09 23:57 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-09 23:57 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-09 23:57 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-09 23:57 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-09 23:56 --d----- c:\program files\Microsoft Small Business
2008-12-09 23:54 --d----- c:\program files\Microsoft SQL Server
2008-12-09 23:54 --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-09 23:54 --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-09 23:54 --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-09 23:53 --d----- c:\windows\PCHEALTH
2008-12-09 23:52 --d----- c:\programdata\Microsoft Help
2008-12-09 23:45 --d----- c:\programdata\LF
2008-12-09 23:45 --d----- c:\progra~2\LF
2008-12-09 23:45 --d----- c:\windows\Downloaded Installations
2008-12-09 23:44 --d----- c:\program files\Crackle
2008-12-09 23:43 --d----- c:\program files\Sony Picture Games
2008-12-09 23:40 770,048 a------- c:\windows\system32\CDDBUISony.dll
2008-12-09 23:40 655,360 a------- c:\windows\system32\CDDBControlSony.dll
2008-12-09 23:40 589,824 a------- c:\windows\system32\CddbMusicIDSony.dll
2008-12-09 23:35 --d----- c:\programdata\FLEXnet
2008-12-09 23:35 --d----- c:\program files\common files\Macrovision Shared
2008-12-09 23:32 1,933,312 a------- c:\windows\system32\cdintf251.dll
2008-12-09 23:32 --d----- c:\program files\common files\supportsoft
2008-12-09 23:31 --d----- c:\program files\common files\AnswerWorks 4.0
2008-12-09 23:31 --d----- c:\programdata\Intuit
2008-12-09 23:31 --d----- c:\program files\Intuit
2008-12-09 23:31 --d----- c:\program files\common files\Intuit
2008-12-09 23:31 --d----- c:\progra~2\Intuit
2008-12-09 23:31 --d----- c:\programdata\COMMON FILES
2008-12-09 23:31 --d----- c:\progra~2\COMMON FILES
2008-12-09 23:30 --d----- c:\windows\system32\URTTEMP
2008-12-09 23:29 --d----- c:\program files\common files\AOL
2008-12-09 23:29 345 a---h--- C:\IPH.PH
2008-12-09 23:29 --d----- c:\program files\Online Services
2008-12-09 23:24 --d----- c:\program files\CONEXANT
2008-12-09 23:23 985,600 a------- c:\windows\system32\drivers\HSX_DPV.sys
2008-12-09 23:23 659,968 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2008-12-09 23:23 386,560 a------- c:\windows\system32\drivers\XAudio.exe
2008-12-09 23:23 207,360 a------- c:\windows\system32\drivers\HSXHWAZL.sys
2008-12-09 23:23 176,128 a------- c:\windows\system32\UCI32M16.dll
2008-12-09 23:23 140,914 a------- c:\windows\system32\drivers\SnyHDAN.cty
2008-12-09 23:23 94,208 a------- c:\windows\system32\mdmxsdk.dll
2008-12-09 23:23 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2008-12-09 23:23 8,192 a------- c:\windows\system32\drivers\XAudio.sys
2008-12-09 22:08 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-09 22:08 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 22:08 183,112 a------- c:\windows\system32\PnkBstrB.exe
2008-12-09 21:43 --d----- c:\programdata\Electronic Arts
2008-12-09 21:43 --d----- c:\progra~2\Electronic Arts
2008-12-09 21:42 1,180 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-09 21:23 479,752 a------- c:\windows\system32\XAudio2_0.dll
2008-12-09 21:23 --d----- c:\program files\EA Games
2008-12-09 21:23 238,088 a------- c:\windows\system32\xactengine3_0.dll
2008-12-09 21:23 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2008-12-09 21:22 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2008-12-09 21:22 462,864 a------- c:\windows\system32\d3dx10_37.dll
2008-12-09 21:22 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2008-12-09 21:22 267,272 a------- c:\windows\system32\xactengine2_10.dll
2008-12-09 21:22 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2008-12-09 21:22 444,776 a------- c:\windows\system32\d3dx10_36.dll
2008-12-09 21:22 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2008-12-09 21:22 267,112 a------- c:\windows\system32\xactengine2_9.dll
2008-12-09 21:22 266,088 a------- c:\windows\system32\xactengine2_8.dll
2008-12-09 21:22 17,928 a------- c:\windows\system32\X3DAudio1_2.dll
2008-12-09 21:22 261,480 a------- c:\windows\system32\xactengine2_7.dll
2008-12-09 21:22 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2008-12-09 20:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-09 20:52 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-09 20:52 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-09 20:51 --d----- c:\program files\iPod
2008-12-09 20:51 --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 20:51 --d----- c:\program files\iTunes
2008-12-09 20:51 --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 20:50 --d----- c:\program files\Bonjour
2008-12-09 20:49 --d----- c:\programdata\Apple Computer
2008-12-09 20:47 --d----- c:\programdata\Apple
2008-12-09 20:35 27,240 a------- c:\users\yadu\appdata\roaming\nvModes.dat
2008-12-09 20:18 --d----- c:\users\yadu\Tracing
2008-12-09 14:12 --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-12-09 14:11 --d----- c:\program files\Microsoft
2008-12-09 13:45 --d----- c:\program files\common files\Windows Live
2008-12-09 13:37 -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-09 13:36 --d----- c:\programdata\WLInstaller
2008-12-09 13:09 249,856 a------- c:\windows\system32\Lachesis.cpl
2008-12-09 13:09 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2008-12-09 13:09 --d----- c:\programdata\Razer
2008-12-09 13:08 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2008-12-09 12:44 --d----- c:\program files\VideoLAN
2008-12-09 12:27 --d----- c:\program files\Unreal Tournament 3
2008-12-09 12:27 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2008-12-09 12:27 444,776 a------- c:\windows\system32\d3dx10_35.dll
2008-12-09 12:27 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2008-12-09 12:27 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2008-12-09 12:27 443,752 a------- c:\windows\system32\d3dx10_34.dll
2008-12-09 12:27 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2008-12-09 12:27 81,768 a------- c:\windows\system32\xinput1_3.dll
2008-12-09 12:27 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2008-12-09 12:27 443,752 a------- c:\windows\system32\d3dx10_33.dll
2008-12-09 12:27 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2008-12-09 12:27 --d----- c:\windows\system32\AGEIA
2008-12-09 12:27 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-09 11:19 --d----- c:\users\Yadu
2008-12-09 11:18 --dsh--- c:\programdata\Documents
2008-12-09 11:18 --dsh--- C:\Documents and Settings
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR

==================== Find3M ====================

2009-01-03 20:10 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-03 20:10 86,016 a------- c:\windows\inf\infstor.dat
2009-01-03 20:10 86,016 a------- c:\windows\inf\infpub.dat
2008-12-22 14:21 174 a--sh--- c:\program files\desktop.ini
2008-12-22 14:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-22 13:35 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-22 13:35 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-11 18:33 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-11 18:32 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-12-11 18:32 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-11 18:32 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-12-11 18:32 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-11 18:32 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-12-11 18:08 2,599,936 a------- c:\windows\system32\NlsData0001.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-02 20:26 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:43:04.64 ===============

Sorry the log was too big!

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 5:47 pm

Doesn't appear to be any malware showing in the log, not exactly sure why stuff won't update, but lets run a rootkit scan.

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:49 pm

How long does this take? Its been on for quite some time now.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 8:50 pm

Not quite sure. LMBO or ROFL
If it's taking too long, just exit it and we'll use something else.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:55 pm

It just says posted message is too big!, any suggestions, or should I break it up into lots of replies.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:58 pm

---- System - GMER 1.0.14 ----

SSDT 87206AE8 ZwAlertResumeThread
SSDT 84E6E5C8 ZwAlertThread
SSDT 8546ED90 ZwAllocateVirtualMemory
SSDT 89B0F3F8 ZwAlpcConnectPort
SSDT 84D4F8A0 ZwCreateMutant
SSDT 897DF4C8 ZwCreateThread
SSDT 89505718 ZwDebugActiveProcess
SSDT 86693238 ZwFreeVirtualMemory
SSDT A180CB50 ZwImpersonateAnonymousToken
SSDT 85255300 ZwImpersonateThread
SSDT 86638720 ZwMapViewOfSection
SSDT 84DDFA48 ZwOpenEvent
SSDT A18290E0 ZwOpenProcessToken
SSDT 86792538 ZwOpenSection
SSDT 866688B0 ZwOpenThreadToken
SSDT 85277158 ZwResumeThread
SSDT 863D82D8 ZwSetContextThread
SSDT 86677368 ZwSetInformationProcess
SSDT 84E10788 ZwSetInformationThread
SSDT 84DF22F8 ZwSuspendProcess
SSDT 84E06988 ZwSuspendThread
SSDT 85245FD0 ZwTerminateProcess
SSDT 863C26F8 ZwTerminateThread
SSDT 84D22110 ZwUnmapViewOfSection
SSDT 85497388 ZwWriteVirtualMemory

Code 88BDB2D0 ZwEnumerateKey
Code 88B092D0 ZwFlushInstructionCache
Code 88BCB358 ZwQueryValueKey
Code 88D569A5 IofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 82301914 8 Bytes CALL 4AB73983
.text ntkrnlpa.exe!KeSetTimerEx + 364 82301928 4 Bytes [ 90, ED, 46, 85 ]
.text ntkrnlpa.exe!KeSetTimerEx + 370 82301934 4 Bytes [ F8, F3, B0, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 823019EC 4 Bytes [ A0, F8, D4, 84 ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 82301A18 4 Bytes [ C8, F4, 7D, 89 ]
.text ...
.text ntkrnlpa.exe!IofCallDriver 82304F6F 5 Bytes JMP 88D569AA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 823FB30B 5 Bytes JMP 88B092D4
PAGE ntkrnlpa.exe!ZwQueryValueKey 8244EB57 5 Bytes JMP 88BCB35C
PAGE ntkrnlpa.exe!ZwEnumerateKey 82450BB4 5 Bytes JMP 88BDB2D4

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[536] ADVAPI32.dll!RegOpenKeyExA 774CD4E8 5 Bytes JMP 0021F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] kernel32.dll!HeapFree 7772C55B 5 Bytes JMP 009E43A2
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxIndirectParamW 7764BD25 5 Bytes JMP 6E8A5BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxParamW 77661FD5 5 Bytes JMP 6E8A5B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxParamA 776880B2 5 Bytes JMP 6E8A5BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxIndirectParamA 776883DD 5 Bytes JMP 6E8A5C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxIndirectA 7769D471 5 Bytes JMP 6E8A5B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxIndirectW 7769D56B 5 Bytes JMP 6E8A5AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxExA 7769D5D1 5 Bytes JMP 6E8A5ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxExW 7769D5F5 5 Bytes JMP 6E8A5A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] SHELL32.dll!SHRestricted + DFD 768B8390 4 Bytes [ 99, 0B, 3D, 74 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] SHELL32.dll!SHRestricted + E05 768B8398 8 Bytes [ A7, 0A, 3D, 74, A4, 32, 3C, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] WININET.dll!HttpSendRequestA 765D08C5 5 Bytes JMP 009E46E9
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] WININET.dll!HttpSendRequestW 765DD2F1 5 Bytes JMP 009E4726

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:58 pm

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [743BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [743BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [743BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [743BA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [743B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [743B8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [743BBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [743BFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [743BFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [743BEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [743B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [743BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 8:59 pm

Please upload it to here:
savefile.com
or here:
sendspace.com


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:01 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [743BCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [743CC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [743CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [743CDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [743CE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [743CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [743BA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [743BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [743BA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [743BAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [743BC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [743B9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [743BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [743B9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [743B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [743BA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [743BEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [743BE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [743B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:01 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [743BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [743B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [743B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [743B9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [743BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [743BC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [743BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [743BCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [743CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [743CC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [743CC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [743C91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [743B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [743B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [743CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [743CD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [743CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [743CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
I

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [743C5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [743C5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [743C4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [743C50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [743C519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [743C40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [743C5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [743C619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [743C53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [743C61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [743C3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\msqpdxeesrvygm.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules@msqpdxl

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

\\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4CA5BC292CC21349A0143EE2DC8EB9D@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5924F58F6E7A874E816AB1DE15F9F7C@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtGui4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B735216B433B8F34A81A6E89F85D717B@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtXml4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C4A06A39C01C449817BC017E94DEE1@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\ScannerAdaptor.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B975EB55AABC09148A87B6CCC7A90AA2@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C241E19332FA27F4ABB6EB66D4A25653@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\imageformats\qgif4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C39A0F4B8CB5C4F488F967713EBC930E@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtDesignerComponents4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3E3A106629ABEF4B8A0F94DC112E618@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\license\x32\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C980E3B4A4EFBDF4B97F17185862A7CB@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\UpdatePluginView.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA9CDE8CC04E4A64F90149DB41FAC59F@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\difxapi.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9224D78493F8D74187CF05DC6124BE4@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\PresenterCommon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9DA02561D1FA094D855759E23E53335@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\ProgramData\DriverScanner\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E504031568555E34C818A79D77AE8DC7@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\license\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E88BE3605DBFD94418AABF90DBEC4F77@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtCore4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8A9E949CC997F84CBFB25ABAA31E404@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\MessageWindowPlugin.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFDB172BAEE7FB04E872F99FF7A7CE8F@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\ProgramData\DriverScanner\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3F5031F38808B64DAB318624C733F25@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\LicenseManager.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA3DE3B4A27D9A149AD065CB72F73584@647E724C9CE4C3E4AABC6CBBF117D4F7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB5C59EA90561624C9FD98F4330D8FB9@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtDesigner4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FEATURE_ID j&^pX@{Quou8MkbIdFwU53^pXAtQuou8MkbIdFwUpR^pXI`Quo*9MkbIdFwUpR^pXI`Quou8MkbIdFwU7y)eW8l7_e?9MkbIdFwU,i4sY(ibi(*9MkbIdFwU,i4sY(ibi(u8MkbIdFwUpR^pXI`Quoe8MkbIdFwU7y)eW8l7_eO9MkbIdFwUr$^pX.}Quou8MkbIdFwUv!^pXW}Quou8MkbIdFwU53^pXAtQuo*9MkbIdFwU^)^pX$zQuou8MkbIdFwUb(^pXMzQuou8MkbIdFwUv!^pXW}Quo*9MkbIdFwUn%^pXe{Quou8MkbIdFwUf'^pXrzQuou8MkbIdFwUr$^pX.}Quo*9MkbIdFwUn%^pXe{Quo*9MkbIdFwUj&^pX@{Quo*9MkbIdFwU8_IsYU6Oi(u8MkbIdFwUOy!sY(Vti(u8MkbIdFwUf'^pXrzQuo*9MkbIdFwUVOAsYKAXi(u8MkbIdFwUb(^pXMzQuo*9MkbIdFwU1-,sY3Oki(u8MkbIdFwU^)^pX$zQuo*9MkbIdFwUg6,sYGKki(u8MkbIdFwU8_IsYU6Oi(*9MkbIdFwUVOAsYKAXi(*9MkbIdFwU1-,sY3Oki(*9MkbIdFwUOy!sY(Vti(*9MkbIdFwUg6,sYGKki(*9MkbIdFwU_j0,Y]s!Soe8MkbIdFwUv$f.Z@}4G(*9MkbIdFwUv$f.Z@}4G(u8MkbIdFwU%9YbWIfIbe?9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU_j0,Y]s!So*9MkbIdFwU!N0,YT,$So*9MkbIdFwU!N0,YT,$Sou8MkbIdFwUa@0,YF5$So*9MkbIdFwUe?0,Yk5$So*9MkbIdFwU]A0,Yx4$So*9MkbIdFwUe?0,Yk5$Sou8MkbIdFwUa@0,YF5$Sou8MkbIdFwUXB0,YS4$So*9MkbIdFwU]A0,Yx4$Sou8MkbIdFwUTC0,Y*4$So*9MkbIdFwUPD0,Ya3$So*9MkbIdFwUXB0,YS4$Sou8MkbIdFwU&vv
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6B2A8A6 vhL$AQ-a9?yRGAylGkg2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8DEAF39A sitta,s],9NY*ntSD1zK6*g)$i}j{?H.-P2CqI)`
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF1897F9F 9-WjOri45@wz-j`$XE4z5XazmWnN6AR$$fe6yE7(
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC60DE725 _ZuEb8lpm8x&I7y^CC!yefeB*-A50=Z!EBVC=LHv
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFD1656D7 ?TvhG$ZycAQQ0?z{QoJzN-dRH?$NP?Lt]~s?hygB
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6FE30BB8 ^`ND!1Sx_?]_~Q]$tms4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F9DACA9B5 ECqvkNvs^9Qrs_Yr'(Um
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F73D847E1 s%@keg9Gy@qf6K.)tdgX
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD70C401C *WKWCq@3)9'PTdj`8Ud1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF9CE0092 LcQNzv*)+@YGg`yPOZM-
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F5C40AA7E 2MUWA?]wk9GNP5lM(M8*
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FDEE1DFE0 T2lMm4=0c8'c0]@@aka6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F1BB9B162 ur1{+C,K0@JT83@B_.&_
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2439B37E cUc}QruQo=u?+*l@^1j^
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2C9F73B6 DUc`S}Ll*?Ve[Pmd3+AA
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F908170D7 [$&G^yA@+=T)nI(fWtx,
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F83AD0D7 WXKG2t[GW9ZRNWuvLU}n
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F7306E53D WWkiCp0w]8f6QVd)4}AL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6FDDF195 OuVFgTGEf@jO'(zI-FTD
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFA57B377 9{Lcw6-PM?*&mKsIxIA.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:03 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FE6866DFD VOjAK1w^R?2D!]7+{IS+
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2AC187FE grYafYT@79R8^r+6ufqp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F4D290516 _W[!%,8V'=Yhf5&w4)WN
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F90E3D279 G~O,a6MMD9!~uWAlE}-Z
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2C7BD434 _'*1c9!EQA.M~U*G![(q
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F224783AD ~nO'S9jK~=OjUJlSI.?i
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF47E0415 ]IEcZKr)5A_,dRGRXvRc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F296E106F kT~ScL~up9$,*0Y]Zupc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF05C1C0F D[CM@buDY@knw`phuWUJ
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F88873419 )x&JElFSo@qNYb1f5_iP
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF2C19C1F tmu2mj@ED=M?`~jBXdE%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FE2AC25AF ump'p,[cs@OVopI*dD4H
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F3FBA627D ^.tNs?&m-9E]pMAD.CxS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F65B78854 E0jJV'^TX@&ut3LCz3sl
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FBED01DD8 0A4tJ2BQ^?!ABqVbaD8J
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FEA2504B Q!lB%D.PX=0tBKM%?VgH
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8B955EE1 wxT8u_ie[?^TOk4B$A3M
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F73656A05 V_U3@GsaaAYMA[Qaw}Xe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FB5B3987C ksHF6h_LUAt(q$I6=d15
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FA909892F hTifkht^]8?m[3VHW1Le
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F54D1470C I=_Im*WHQ=&@ch0gH{qc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FB215C3EA n7ke8o3Pd8oke43n,A$.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F54D54877 H=}*B(Dpn917?un1gc-P
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F7B2ED497 s6KtF.~DcA-+YDmU^tZQ
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC1D95179 *E-jWzVHN?]B0tdu~ga8
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F22B3D1EB U,1YiY+wd=%+)xeB,A0y
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC9C361F7 YLPi'`e,@?]P5GC2y(ZP
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8D289B8A 14$TkV~V`8v~}XbP_sK!
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD448DE11 BR3a2Q0Dh@,D4DYpoV,P
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6831B702 *Xqp4HK=[8Si'*-6K-[k
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FCD77AC88 CD&~Lk?)R??k.cG=~{jW
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F3E39C89 `$ApXd(Fs9BRm(F%O{+h
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F1B226F95 lb4`At4S.@YuZ_!DIGWH
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD518D1CC mN~TC@,S)@BDC,*8Ichi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFF8BB06 9'%RQs3]K=9UFLP_?n4k
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F64AF6C9B u2{$p{6a.AtX@`vvp1Q`
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F4B257860 y`IblEG$3@wyJ-BPYETO
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FCD104459 =C$Tv^gzf=d=vG0kq+aB
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FAFC3D893 aS0PwW^EZ9F3$B0pzH}p
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD5895295 lSkE5=}4~9-v(LMKMQO]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F15AD50CE 1p]3@kOq+9GR.Uek!s8?
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:03 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@RegOwner Yadu
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@RegCompany
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@ProductID none
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@LocalPackage C:\Windows\Installer\4a44b20.msi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@DisplayVersion 2.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@HelpLink
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallDate 20090102
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallSource C:\Users\Yadu\AppData\Local\Temp\mia1\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@EstimatedSize 25822
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@VersionMajor 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Version 33554432
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Language 1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Patches
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Patches@AllPatches
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Usage
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@DisplayIcon C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@UninstallString "C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@ModifyPath C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Contact FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@HelpLink [You must be registered and logged in to see this link.]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@URLUpdateInfo FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Comments FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@DisplayVersion 2.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@HelpLink
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallDate 20090102

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:04 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallSource C:\Users\Yadu\AppData\Local\Temp\mia1\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@EstimatedSize 25822
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@VersionMajor 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Version 33554432
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Language 1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@UninstallString C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1752023980-703857170-1721892435-1005@RefCount 14
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 253
Reg HKLM\SOFTWARE\Classes\Installer\Features\b25099274a207264182f8181add555d0@VC_Redist
Reg HKLM\SOFTWARE\Classes\Installer\Features\b25099274a207264182f8181add555d0@Servicing_Key
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@ProductName Microsoft Visual C++ 2005 Redistributable
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@PackageCode ECF0C5769D85D534A98DCACD5B08A8A3
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Language 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Version 134274064
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Assignment 1
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@AdvertiseFlags 388
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@InstanceType 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@AuthorizedLUAApp 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@DeploymentFlags 3
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Clients :?
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList@PackageName vcredist.msi
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList@LastUsedSource n;2;C:\Users\Yadu\AppData\Local\Temp\7zS9F8B.tmp\
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@DiskPrompt [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@1 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@2 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@3 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@4 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@5 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@6 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@7 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@8 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@9 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@10 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 9:04 pm

Please stop posting now, it got the rootkit.
If you have seen this post, respond without more parts of the GMER log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:05 pm

Saw it! Sorry! What should I do now?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29030
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 9:08 pm

Please read carefully, do not miss any part of these instructions.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
msqpdxserv.sys

Files to delete:
C:\Windows\system32\drivers\msqpdxeesrvygm.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found" <======== DO NOT miss this part
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Doctor Inferno on 21st February 2009, 10:00 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum