Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.TDDServ, Backdoor.tidserv!isd6 Please Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 mablefable

mablefable

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 11 December 2008 - 03:12 PM

Hi there,
I have been wrestling with this problem now for 5 days, so I am hoping you may be able to help. I first noticed the problem when my antivirus software became disabled. I was using Bitdefender security suite and noticed it that it said "Bitdefender services not repsonding". I was also being redirected to websites called go.google and AntiSpyware 2008. So I proceeded to use several antispyware scans including SpyHunter, Spybot Search&Destroy, Ad-Aware, Spyware Doctor, SuperAntiSpyware & Malwarebyte's Anti-Malware. This removed a few viruses and I thought I was in the clear. However, the next day after a reboot I rescanned with Spyware Doctor and it detected Trojan.TDDServ. Everytime I removed it, it would reappear on the next scan after a little while. I did some reading on the internet to solve the problem. I typed the following into Avenger and rebooted:
Drivers to delete:
TDSSserv.sys

On reboot, this forced a second reboot before windows could open and it automatically started a disc check. I got concerneed when Russian-XXX.com appeared repeatedly scrolling down the screen. On the next scan SpyDoctor found Backdoor.tidserv!isd6. Taking further advice from the internet (perhaps foolishly as I would class myself as a beginner/intermediate computer user) I tried again with avenger and typed in the following:

Files to delete:
C:\WINDOWS\brastk.exe
C:\WINDOWS\karna.dat
C:\WINDOWS\system32\karna.dat
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\wini10891.exe
C:\Documents and Settings\Kyle\Local Settings\Temp\TDSSf0a7.tmp
C:\Documents and Settings\Kyle\Local Settings\Temp\TDSSf0b7.tmp
C:\WINDOWS\system32\TDSSfpmp.dll
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\eofn.exe
C:\WINDOWS\dfmlxbpkexw.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\faceback.exe
C:\WINDOWS\system32\symlssdb.exe
C:\WINDOWS\system32\winupdate.exe
C:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\drivers\TDSSmxjt.sys
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\drivers\TDSSpcuu.sys
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
C:\WINDOWS\system32\TDSScfub.dll
C:\WINDOWS\system32\TDSSoeqh.dll
C:\Windows\system32\drivers\tdsserv.sys
C:\WINDOWS\system32\wscmp.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex3.ico
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\System32\sysaudio.sys
C:\windows\inf\ndisprot.inf
C:\windows\system32\drivers\ndisprot.sys
C:\WINDOWS\system32\drivers\msqpdxserv.sys
C:\WINDOWS\system32\TDSSlbqp.dll
C:\WINDOWS\system32\TDSSnrse.dll
C:\WINDOWS\system32\TDSSoiqh.dll
C:\WINDOWS\system32\TDSSoiqt.dll
C:\WINDOWS\system32\TDSSosvn.dll
C:\WINDOWS\system32\TDSSsbhc.log
C:\WINDOWS\system32\drivers\TDSSmqct.sys
C:\WINDOWS\SYSTEM32\TDSScrxx.dll
C:\WINDOWS\SYSTEM32\TDSSoipa.dll
C:\WINDOWS\SYSTEM32\TDSSyavu.dll
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSmxoe.sys
C:\WINDOWS\SYSTEM32\TDSSqxgx.dll
C:\WINDOWS\SYSTEM32\TDSSwkod.log
c:\windows\SYSTEM32\TDSSitpe.dat

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
HKEY_LOCAL_MACHINE\SOFTWARE\tdss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdsserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdsserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_tdss
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_tdsserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_tdssserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISPROT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISPROT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisprot

Folders to delete:
C:\Resycled
D:\Resycled
E:\Resycled
F:\Resycled
G:\Resycled
H:\Resycled
I:\Resycled
C:\program files\tinyproxy
%appdata%\CyberDefender

Drivers to delete:
tdss
tdssserv
TDSSserv.SYS
Service_TDSSSERV.SYS
Legacy_TDSSSERV.SYS
ndisprot
ndisprot.sys
msqpdxserv.sys
msqpdxserv

This action caused my Panda AntiVirus to immediately detect and neutralise a Trojan called Trj/Downloader.MDW. After a reboot, the Avenger log report was not positive. I can't remember exactly what it said but I did not think all the files were removed. When I checked the registry, all keys and values for tdss had gone, except one after a further reboot called "tdss backdoor" so I am convinced the Trojan may remain in some capacity. Plus my web browsing is very very slooooow. Perhaps this is a rootkit problem. I do not want to take any further action without seeking more expert advice. I have posted a RSIT & HiJackThis log.

Thank you for any assistance you are able to provide.


Logfile of random's system information tool 1.04 (written by random/random)
Run by The Anders Family at 2008-12-11 18:49:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (16%) free of 6 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:56, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\The Anders Family\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\The Anders Family.exe
C:\Documents and Settings\The Anders Family\Local Settings\Temp\jkos-The Anders Family\binaries\ScanningProcess.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Program Files\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\WINDOWS\server.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120324428281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135613302781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04765217-3DD9-4954-890C-49A58DAA447C}: NameServer = 212.104.130.9 212.104.130.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{04765217-3DD9-4954-890C-49A58DAA447C}: NameServer = 212.104.130.9 212.104.130.65
O17 - HKLM\System\CS3\Services\Tcpip\..\{04765217-3DD9-4954-890C-49A58DAA447C}: NameServer = 62.241.163.200 158.43.240.4
O20 - AppInit_DLLs: yuxzou.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/THEAND~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 9032 bytes


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2003-06-17 1296384]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE [2008-10-22 869632]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe [2008-07-07 50432]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"muBlinder"=C:\Program Files\muBlinder\muBlinder.exe [2008-09-06 1463808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"server"=C:\WINDOWS\server.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="yuxzou.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoLogoff"=0
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoDriveAutoRun"=FF010000
"NoSharedDocuments"=1
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Disabled:Dr SpeedTouch"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-11 18:50:04 ----DC---- C:\Program Files\trend micro
2008-12-11 18:49:47 ----DC---- C:\rsit
2008-12-11 18:28:20 ----DC---- C:\HijackThis
2008-12-10 19:18:11 ----AC---- C:\WINDOWS\sjvvbh.txt
2008-12-10 16:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 16:02:22 ----DC---- C:\Program Files\Exterminate It!
2008-12-10 13:42:38 ----A---- C:\WINDOWS\system32\ehkkxuad.txt
2008-12-10 13:30:04 ----AC---- C:\avenger.txt
2008-12-10 13:23:25 ----A---- C:\WINDOWS\system32\hcbah.txt
2008-12-10 12:20:24 ----A---- C:\WINDOWS\system32\mrgrpeo.txt
2008-12-10 12:03:37 ----AC---- C:\nlgg.txt
2008-12-10 10:06:02 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 22:01:40 ----DC---- C:\Avenger
2008-12-09 18:36:25 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2008-12-09 18:36:12 ----A---- C:\WINDOWS\system32\TpUtil.dll
2008-12-09 18:36:12 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2008-12-09 18:36:12 ----A---- C:\WINDOWS\system32\PavLspHook.dll
2008-12-09 18:36:12 ----A---- C:\WINDOWS\system32\pavipc.dll
2008-12-09 18:36:11 ----A---- C:\WINDOWS\system32\PavSHook.dll
2008-12-09 18:36:06 ----D---- C:\WINDOWS\system32\PAV
2008-12-09 18:36:06 ----A---- C:\WINDOWS\system32\avldr.dll
2008-12-09 18:36:03 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\Panda Security
2008-12-09 18:36:03 ----DC---- C:\Documents and Settings\All Users\Application Data\Panda Security
2008-12-09 18:25:20 ----DC---- C:\Program Files\Common Files\Panda Security
2008-12-09 14:40:50 ----SHDC---- C:\Config.Msi
2008-12-08 11:58:53 ----SHD---- C:\WINDOWS\CSC
2008-12-08 11:33:24 ----A---- C:\WINDOWS\system32\un2065.txt
2008-12-08 11:33:24 ----A---- C:\WINDOWS\system32\2065.txt
2008-12-08 10:55:52 ----D---- C:\WINDOWS\system32\logs
2008-12-07 17:12:37 ----DC---- C:\Program Files\Panda Antivirus 2008
2008-12-06 13:01:30 ----A---- C:\WINDOWS\system32\638f65c6-.txt
2008-12-06 12:52:35 ----AC---- C:\njbhp.exe
2008-12-06 12:51:25 ----AC---- C:\oamcr.exe
2008-12-05 21:59:33 ----A---- C:\WINDOWS\system32\sipr3260.dll
2008-12-05 21:59:32 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-12-05 21:59:31 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-11-22 19:19:48 ----DC---- C:\Program Files\SUPERAntiSpyware
2008-11-19 17:29:58 ----DC---- C:\Program Files\Enigma Software Group
2008-11-19 10:06:08 ----AHC---- C:\aaw7boot.cmd
2008-11-18 16:12:24 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\dvdcss
2008-11-18 16:11:08 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\vlc
2008-11-18 16:08:26 ----DC---- C:\Program Files\VideoLAN
2008-11-18 14:17:59 ----DC---- C:\Program Files\AVS4YOU
2008-11-13 01:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 01:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 01:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-11 18:57:49 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\Free Download Manager
2008-12-11 18:50:04 ----DC---- C:\Program Files
2008-12-11 18:27:33 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 18:27:11 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-11 18:27:10 ----DC---- C:\WINDOWS\Prefetch
2008-12-11 18:03:06 ----AD---- C:\WINDOWS\Temp
2008-12-11 17:05:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 12:12:24 ----DC---- C:\Program Files\Spyware Doctor
2008-12-11 11:19:37 ----DC---- C:\Program Files\Mozilla Firefox
2008-12-11 11:17:10 ----D---- C:\WINDOWS\system32
2008-12-11 11:15:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 09:48:45 ----DC---- C:\Program Files\Mozilla Thunderbird
2008-12-10 19:19:36 ----DC---- C:\WINDOWS
2008-12-10 17:40:48 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-12-10 17:39:53 ----SHD---- C:\System Volume Information
2008-12-10 16:48:45 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-10 16:39:06 ----SHD---- C:\WINDOWS\Installer
2008-12-10 16:38:47 ----HD---- C:\WINDOWS\inf
2008-12-10 16:38:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-10 16:38:35 ----HDC---- C:\WINDOWS\$hf_mig$
2008-12-10 12:49:03 ----D---- C:\WINDOWS\Debug
2008-12-10 09:43:42 ----SD---- C:\WINDOWS\Tasks
2008-12-09 23:49:54 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 22:51:10 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\uTorrent
2008-12-09 19:24:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:36:03 ----DC---- C:\Program Files\Panda Security
2008-12-09 18:25:40 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-12-09 18:25:20 ----DC---- C:\Program Files\Common Files
2008-12-09 18:16:05 ----DC---- C:\Program Files\BitDefender
2008-12-09 16:14:05 ----AC---- C:\WINDOWS\bdagent.INI
2008-12-09 15:25:12 ----D---- C:\WINDOWS\Registration
2008-12-09 13:44:33 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\Winamp
2008-12-09 13:42:54 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\Auslogics
2008-12-09 13:36:47 ----D---- C:\WINDOWS\system32\config
2008-12-08 20:18:24 ----D---- C:\WINDOWS\WinSxS
2008-12-08 18:46:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-08 17:38:15 ----A---- C:\WINDOWS\system32\txmlutil.dll
2008-12-08 17:07:50 ----RSDC---- C:\WINDOWS\assembly
2008-12-08 14:49:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-08 13:13:05 ----DC---- C:\WINDOWS\SxsCaPendDel
2008-12-06 11:24:13 ----DC---- C:\Documents and Settings\The Anders Family\Application Data\Vso
2008-12-06 11:24:09 ----AC---- C:\Documents and Settings\The Anders Family\Application Data\inst.exe
2008-12-04 19:23:36 ----DC---- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-12-02 21:26:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-22 19:18:20 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-21 16:46:10 ----DC---- C:\Program Files\Defraggler
2008-11-19 10:57:11 ----AC---- C:\WINDOWS\wininit.ini
2008-11-19 01:12:58 ----DC---- C:\Program Files\Spybot - Search & Destroy
2008-11-18 16:19:27 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 14:21:13 ----DC---- C:\Program Files\Common Files\AVSMedia
2008-11-15 19:41:38 ----D---- C:\WINDOWS\Help
2008-11-13 01:10:12 ----AC---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R2 EMMS;IBM EMMS Device Driver; \??\C:\WINDOWS\System32\drivers\EMMS.SYS []
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 Intels51;Intel® 536EP V.92 Modem; C:\WINDOWS\System32\DRIVERS\Intels51.sys [2002-05-10 633220]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\drivers\mohfilt.sys [2002-08-26 35712]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-08-11 27136]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:\WINDOWS\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 S3SAVAGE4;S3SAVAGE4; C:\WINDOWS\system32\DRIVERS\s3savg4m.sys [2000-08-10 84704]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (9); C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2003-01-07 9600]
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 JL2005;JL2005A Camera; C:\WINDOWS\System32\Drivers\toywdm.sys []
S3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-17 802683]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\14E.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-05 47360]
S3 Ptserli;PCTEL Serial Device Driver for INTEL; C:\WINDOWS\System32\DRIVERS\ptserli.sys [2001-08-17 128286]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 RTL8023xp;TRENDnet TE100 PCBUSR PC Card; C:\WINDOWS\system32\DRIVERS\TE100XP.SYS [2006-04-18 78720]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2001-09-10 42880]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-07 611664]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe [2008-07-04 288512]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 PSHost;Panda Host Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe [2008-07-17 157440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

info.txt logfile of random's system information tool 1.04 2008-12-11 18:59:59

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 Lite-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AusLogics BoostSpeed-->"C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Delete FXP Files-->MsiExec.exe /X{77FB26DF-10D9-45FF-BA74-6278DB55130F}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dr SpeedTouch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}\Setup.exe" /l0009 -Control_Panel
DU Meter-->"C:\Program Files\DU Meter\unins001.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
ffdshow [rev 2094] [2008-08-30]-->"C:\Program Files\ffdshow\unins000.exe"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 640c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 640c series
IBM EMMS SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41FF7EE0-5E9D-11D4-9428-00104B37E5FE}\Setup.exe" UninstallFlag
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpD2d-->MsiExec.exe /I{3DFEDE0A-3DBB-4CA4-878D-6935D1A0975F}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus Pro 2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\SETUP.exe" -l0x9 -removeonly
Powertoys For Windows XP-->MsiExec.exe /I{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
S3 Gamma-->s3Uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility-->S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sony Sound Forge 7.0-->MsiExec.exe /I{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}
SoulSeek 157 NS 13-->"C:\Program Files\SoulseekNS\uninstall.exe"
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Network Driver Update-->MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Visual Liturgy 2-->C:\PROGRA~1\VL\UNWISE.EXE C:\PROGRA~1\VL\INSTALL.LOG
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***

======Security center information======

AV: Panda Antivirus Pro 2009 (disabled)
AV: Norton Internet Security (disabled)
FW: Panda Personal Firewall 2009 (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;"C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER";C:\Program Files\Panda Security\Panda Antivirus Pro 2009\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:05 AM

Posted 18 December 2008 - 07:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 mablefable

mablefable
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 18 December 2008 - 10:21 AM

Hi there,

Thank you for your reply. I have, however, resolved the issue and the system is now running well. Thank you for replying and for your offer of help.

Best regards

Edited by mablefable, 18 December 2008 - 10:22 AM.


#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:05 AM

Posted 18 December 2008 - 02:14 PM

Thank you for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users