Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HTTPS Tidserv request 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 12th, 2010, 9:37 am

Norton is switched back on.
I Don't have a link for RSIT Scanner
Please can you provide it for me.
(By the way when do you find time to play Golf, when you are sorting out everybody's problems, I play as well , although badly)
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm
Advertisement
Register to Remove

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 12th, 2010, 10:34 am

Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe

Since your have run this once before, it will most likely only produce one log, named log.txt.

Everyone has to take some time away from logs every week, or their brain will fry (at least mine will).
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 3:42 am

Am about to download the scanner.
When I turned the computer on, a Norton Message has popped up advising that a Backdoor.tidserv.inf requires manual removal and to get help. This is the first time this message has come up.
Hopefully from your last message, we are on the way of getting rid of this Virus.
Will post the next log.
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 3:48 am

Here is the log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Lee at 2010-05-13 08:45:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (23%) free of 76 GB
Total RAM: 991 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:45:32, on 13/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Lee\Desktop\RSIT.exe
C:\Program Files\trend micro\Lee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.endeavour.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.18/uploader2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2229050421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://selectworld.squarespace.com/univ ... Upload.ocx
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl ... signed.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9423 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{898C5654-CDAC-482F-B8DF-430F31E4F8DA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-04-23 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\IPSBHO.DLL [2010-02-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-31 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2009-12-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-31 279664]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"SiSPower"=SiSPower.dll,ModeAgent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-18 98304]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-23 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2005-06-29 1346560]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-31 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Lee\Start Menu\Programs\Startup
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll [2008-04-26 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-05-13 08:45:18 ----D---- C:\rsit
2010-05-13 08:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-13 08:16:08 ----D---- C:\WINDOWS\LastGood
2010-05-12 13:07:47 ----SHD---- C:\RECYCLER
2010-05-12 12:56:01 ----A---- C:\ComboFix.txt
2010-05-09 14:49:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-06 14:27:44 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_14.27.44_log.txt
2010-05-05 13:25:47 ----A---- C:\Boot.bak
2010-05-05 13:25:37 ----RASHD---- C:\cmdcons
2010-05-05 13:21:51 ----A---- C:\WINDOWS\zip.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\SWSC.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\SWREG.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\sed.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\PEV.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\MBR.exe
2010-05-05 13:21:51 ----A---- C:\WINDOWS\grep.exe
2010-05-05 13:21:28 ----D---- C:\WINDOWS\ERDNT
2010-05-05 13:17:40 ----D---- C:\Qoobox
2010-05-04 15:15:21 ----A---- C:\TDSSKiller.2.2.8.1_04.05.2010_15.15.21_log.txt
2010-05-01 08:54:25 ----D---- C:\Program Files\Hijack this log
2010-04-30 17:59:23 ----D---- C:\Program Files\Trend Micro
2010-04-30 17:56:16 ----D---- C:\Documents and Settings\Lee\Application Data\Malwarebytes
2010-04-30 17:55:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-30 17:55:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-29 13:45:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-29 13:44:58 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-04-29 13:44:22 ----D---- C:\Program Files\Windows Sidebar
2010-04-29 13:44:09 ----D---- C:\Program Files\NortonInstaller
2010-04-29 13:44:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-04-29 13:11:11 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-23 15:07:35 ----D---- C:\Program Files\Common Files\xing shared
2010-04-15 08:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 08:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 08:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-15 08:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 08:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 08:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 08:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 08:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-03-24 11:11:46 ----D---- C:\Documents and Settings\Lee\Application Data\Facebook
2010-03-16 10:02:55 ----D---- C:\Documents and Settings\Lee\Application Data\Unity
2010-03-13 14:54:09 ----A---- C:\WINDOWS\system32\ZipDll.dll
2010-03-13 14:54:09 ----A---- C:\WINDOWS\system32\UnzDLL.dll
2010-03-13 14:54:08 ----D---- C:\Program Files\Common Files\Borland Shared
2010-03-13 14:54:08 ----D---- C:\k9ped
2010-03-13 14:53:43 ----A---- C:\WINDOWS\uninst.exe
2010-03-11 09:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-04 14:40:37 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-03-01 09:29:03 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-02-28 11:12:45 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-25 09:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 3 months======

2010-05-13 08:45:21 ----D---- C:\WINDOWS\Temp
2010-05-13 08:44:28 ----D---- C:\WINDOWS\Prefetch
2010-05-13 08:18:39 ----SHD---- C:\WINDOWS\Installer
2010-05-13 08:18:01 ----HD---- C:\WINDOWS\inf
2010-05-13 08:17:57 ----D---- C:\WINDOWS
2010-05-13 08:17:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-13 08:17:50 ----D---- C:\WINDOWS\system32
2010-05-13 08:17:50 ----D---- C:\Program Files\Outlook Express
2010-05-13 08:16:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-13 08:13:12 ----A---- C:\iwctrllog.txt
2010-05-13 08:11:42 ----SHD---- C:\System Volume Information
2010-05-12 15:04:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-12 13:21:41 ----D---- C:\WINDOWS\system32\drivers
2010-05-12 12:44:59 ----A---- C:\WINDOWS\system.ini
2010-05-12 12:39:03 ----D---- C:\WINDOWS\AppPatch
2010-05-12 12:38:57 ----D---- C:\Program Files\Common Files
2010-05-12 12:29:36 ----D---- C:\WINDOWS\system32\config
2010-05-12 08:09:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 17:37:09 ----A---- C:\WINDOWS\Wm98.INI
2010-05-05 13:52:28 ----D---- C:\Program Files
2010-05-05 13:25:47 ----RASH---- C:\boot.ini
2010-05-01 08:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-30 19:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-29 13:55:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-29 13:47:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-29 13:44:59 ----D---- C:\Program Files\Symantec
2010-04-29 13:44:22 ----D---- C:\Program Files\Norton 360
2010-04-29 13:00:04 ----D---- C:\Program Files\FireTrust
2010-04-29 13:00:03 ----D---- C:\Documents and Settings\Lee\Application Data\MailWasherPro
2010-04-27 08:45:55 ----D---- C:\Program Files\Mozilla Firefox
2010-04-23 15:09:27 ----A---- C:\WINDOWS\cdplayer.ini
2010-04-23 15:08:10 ----D---- C:\Program Files\Google
2010-04-23 15:07:22 ----D---- C:\Program Files\Common Files\Real
2010-04-23 15:07:17 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-04-23 15:07:00 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-04-23 15:07:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-04-23 15:06:56 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-04-23 15:06:56 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-04-16 08:41:50 ----D---- C:\BANCG
2010-04-16 08:30:04 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-15 12:26:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-15 08:39:36 ----D---- C:\Program Files\Common Files\Adobe
2010-04-15 08:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-04-15 08:38:31 ----D---- C:\Program Files\Adobe
2010-04-15 08:34:23 ----A---- C:\WINDOWS\imsins.BAK
2010-04-02 08:25:38 ----D---- C:\WINDOWS\system32\en-US
2010-04-02 08:25:38 ----D---- C:\Program Files\Internet Explorer
2010-04-02 08:25:27 ----D---- C:\WINDOWS\ie7updates
2010-04-01 14:38:04 ----D---- C:\Documents and Settings\Lee\Application Data\deskUNPDF
2010-03-26 16:08:09 ----SD---- C:\WINDOWS\Tasks
2010-03-24 19:23:33 ----A---- C:\WINDOWS\VFO.INI
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll
2010-03-11 13:38:54 ----A---- C:\WINDOWS\system32\wininet.dll
2010-03-11 13:38:54 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 13:38:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 13:38:53 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 13:38:53 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 13:38:53 ----N---- C:\WINDOWS\system32\msrating.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 13:38:53 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 13:38:52 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 13:38:52 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 13:38:52 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 13:38:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 13:38:52 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 13:38:52 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 13:38:51 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 13:38:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 13:38:51 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 13:38:51 ----A---- C:\WINDOWS\system32\corpol.dll
2010-03-11 13:38:51 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-11 09:07:53 ----D---- C:\Program Files\Movie Maker
2010-03-10 14:18:21 ----A---- C:\WINDOWS\system32\ieudinit.exe
2010-03-10 14:18:20 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-03-09 12:09:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-02-23 06:18:28 ----N---- C:\WINDOWS\system32\ieakui.dll
2010-02-16 15:08:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 14:25:04 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-16 12:39:30 ----D---- C:\VGER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-26 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-01-09 12160]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS [2010-02-27 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS [2010-02-27 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS [2010-02-04 362032]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 188416]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-10-28 38528]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2005-02-10 62976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100505.001\IDSxpx86.sys []
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100512.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100512.022\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-01-09 242688]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\zzz\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2006-05-11 247808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 N360;Norton 360; C:\Program Files\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-26 126392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe [2008-04-26 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 13th, 2010, 6:02 am

kemsing,
--------------------------------------------
TDSSKiller
  • Double-click the tdsskiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy (Ctrl+C) the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste (Ctrl+V) the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply
--------------------------------------------
Please download this file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".
Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.
Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click OK.
Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.
Finally, please open this report with Notepad, and post it here.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 6:11 am

As mentioned above
When I turned the computer on this morning, a Norton Message has popped up advising that a Backdoor.tidserv.inf requires manual removal and to get help. This is the first time this message has come up.
The Computer certainly seems to be better and not re-directing like before. I really appreciate your time and help.
Here is the log from Hijack this.


Able2Extract Professional v5.0
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced PDF to HTML converter 1.9.9.6
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CTCS, ActiveX Viewdata Emulation (v2.0)
CTCS, ActiveX Viewdata Emulation (v2.1)
deskPDF 2.5 Professional Edition
deskPDF 2.5 Standard Edition
deskUNPDF 3 Professional
deskUNPDF 3 Professional
deskUNPDF Standard
DiscAPI (Studio 10)
DivX
Docudesk GPL Ghostscript 8.15
DVD Ripper Platinum 4
EPSON Printer Software
Fastrak2000 Viewdata
Flickr Uploadr 2.3
Flock (Photobucket Edition) 0.7
Free Photo Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.508
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Color LaserJet 3600
HP Color LaserJet 3600
HP Software Update
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 7
JpegSizer 6.4.1
K9-Ped
Magic Swf2Avi 3.12
Malwarebytes' Anti-Malware
Max DVD to MPEG Converter 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Office XP Small Business
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Nvu 1.0
PDF-to-HTML 1.1 Demo
Picasa 3
Pinnacle Hollywood FX 4.6
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
Pinnacle Studio MediaSuite
PowerDVD
PrimoPDF
PrimoPDF Redistribution Package
proDAD Heroglyph 2.0
QuickTime
RAPID (Studio 10)
RealPlayer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Serif DrawPlus 7.0
Serif DrawPlus 7.0 Design CD
Serif PagePlus 10.0
Serif PagePlus 10.0 Resource CD-ROM
SiS VGA Utilities
SiSAGP driver
SmartSound Quicktracks Plugin
SopCast 1.0.1
Spelling Dictionaries Support For Adobe Reader 8
Studio 10
Studio 10 Bonus DVD
Studio MediaSuite Recording
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WaveLab Lite
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format Runtime
Windows XP Service Pack 3
WinHTTP QFE
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 13th, 2010, 6:17 am

I edited my previous post.
Thanks for the installed programs list.

Please read my revised instruction and do that sequence.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 6:30 am

Went to tdskiller, it came up with the black box and then said press any key, did this and it just closed but didn't seem to scan?
There is the text box so hopefully these are the results? I Will wait until you get back before i download the second half of your post.
Here is the log from tdskiller:
11:24:38:531 2564 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
11:24:38:531 2564 ================================================================================
11:24:38:531 2564 SystemInfo:

11:24:38:531 2564 OS Version: 5.1.2600 ServicePack: 3.0
11:24:38:531 2564 Product type: Workstation
11:24:38:531 2564 ComputerName: SELECT-09
11:24:38:546 2564 UserName: Lee
11:24:38:546 2564 Windows directory: C:\WINDOWS
11:24:38:546 2564 Processor architecture: Intel x86
11:24:38:546 2564 Number of processors: 2
11:24:38:546 2564 Page size: 0x1000
11:24:38:546 2564 Boot type: Normal boot
11:24:38:546 2564 ================================================================================
11:24:38:546 2564 UnloadDriverW: NtUnloadDriver error 2
11:24:38:546 2564 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
11:24:38:640 2564 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
11:24:38:640 2564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:24:38:640 2564 wfopen_ex: Trying to KLMD file open
11:24:38:640 2564 wfopen_ex: File opened ok (Flags 2)
11:24:38:640 2564 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
11:24:38:640 2564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:24:38:640 2564 wfopen_ex: Trying to KLMD file open
11:24:38:640 2564 wfopen_ex: File opened ok (Flags 2)
11:24:38:640 2564 Initialize success
11:24:38:640 2564
11:24:38:640 2564 Scanning Services ...
11:24:38:968 2564 Raw services enum returned 351 services
11:24:38:984 2564
11:24:38:984 2564 Scanning Kernel memory ...
11:24:38:984 2564 Devices to scan: 2
11:24:38:984 2564
11:24:38:984 2564 Driver Name: Disk
11:24:38:984 2564 IRP_MJ_CREATE : F75DABB0
11:24:38:984 2564 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:24:38:984 2564 IRP_MJ_CLOSE : F75DABB0
11:24:38:984 2564 IRP_MJ_READ : F75D4D1F
11:24:38:984 2564 IRP_MJ_WRITE : F75D4D1F
11:24:38:984 2564 IRP_MJ_QUERY_INFORMATION : 804F4562
11:24:38:984 2564 IRP_MJ_SET_INFORMATION : 804F4562
11:24:38:984 2564 IRP_MJ_QUERY_EA : 804F4562
11:24:38:984 2564 IRP_MJ_SET_EA : 804F4562
11:24:38:984 2564 IRP_MJ_FLUSH_BUFFERS : F75D52E2
11:24:38:984 2564 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:24:38:984 2564 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:24:38:984 2564 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:24:38:984 2564 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:24:38:984 2564 IRP_MJ_DEVICE_CONTROL : F75D53BB
11:24:38:984 2564 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D8F28
11:24:38:984 2564 IRP_MJ_SHUTDOWN : F75D52E2
11:24:38:984 2564 IRP_MJ_LOCK_CONTROL : 804F4562
11:24:38:984 2564 IRP_MJ_CLEANUP : 804F4562
11:24:38:984 2564 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:24:38:984 2564 IRP_MJ_QUERY_SECURITY : 804F4562
11:24:38:984 2564 IRP_MJ_SET_SECURITY : 804F4562
11:24:38:984 2564 IRP_MJ_POWER : F75D6C82
11:24:38:984 2564 IRP_MJ_SYSTEM_CONTROL : F75DB99E
11:24:38:984 2564 IRP_MJ_DEVICE_CHANGE : 804F4562
11:24:38:984 2564 IRP_MJ_QUERY_QUOTA : 804F4562
11:24:38:984 2564 IRP_MJ_SET_QUOTA : 804F4562
11:24:39:000 2564 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
11:24:39:000 2564
11:24:39:000 2564 Driver Name: atapi
11:24:39:000 2564 IRP_MJ_CREATE : F74016F2
11:24:39:000 2564 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
11:24:39:000 2564 IRP_MJ_CLOSE : F74016F2
11:24:39:000 2564 IRP_MJ_READ : 804F4562
11:24:39:000 2564 IRP_MJ_WRITE : 804F4562
11:24:39:000 2564 IRP_MJ_QUERY_INFORMATION : 804F4562
11:24:39:000 2564 IRP_MJ_SET_INFORMATION : 804F4562
11:24:39:000 2564 IRP_MJ_QUERY_EA : 804F4562
11:24:39:000 2564 IRP_MJ_SET_EA : 804F4562
11:24:39:000 2564 IRP_MJ_FLUSH_BUFFERS : 804F4562
11:24:39:000 2564 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
11:24:39:000 2564 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
11:24:39:000 2564 IRP_MJ_DIRECTORY_CONTROL : 804F4562
11:24:39:000 2564 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
11:24:39:000 2564 IRP_MJ_DEVICE_CONTROL : F7401712
11:24:39:000 2564 IRP_MJ_INTERNAL_DEVICE_CONTROL : F73FD852
11:24:39:000 2564 IRP_MJ_SHUTDOWN : 804F4562
11:24:39:000 2564 IRP_MJ_LOCK_CONTROL : 804F4562
11:24:39:000 2564 IRP_MJ_CLEANUP : 804F4562
11:24:39:000 2564 IRP_MJ_CREATE_MAILSLOT : 804F4562
11:24:39:000 2564 IRP_MJ_QUERY_SECURITY : 804F4562
11:24:39:000 2564 IRP_MJ_SET_SECURITY : 804F4562
11:24:39:015 2564 IRP_MJ_POWER : F740173C
11:24:39:015 2564 IRP_MJ_SYSTEM_CONTROL : F7408336
11:24:39:015 2564 IRP_MJ_DEVICE_CHANGE : 804F4562
11:24:39:015 2564 IRP_MJ_QUERY_QUOTA : 804F4562
11:24:39:015 2564 IRP_MJ_SET_QUOTA : 804F4562
11:24:39:015 2564 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
11:24:39:015 2564
11:24:39:015 2564 Completed
11:24:39:015 2564
11:24:39:015 2564 Results:
11:24:39:015 2564 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
11:24:39:015 2564 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:24:39:015 2564 File objects infected / cured / cured on reboot: 0 / 0 / 0
11:24:39:015 2564
11:24:39:015 2564 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
11:24:39:015 2564 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
11:24:39:062 2564 KLMD(ARK) unloaded successfully
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 7:10 am

see my Post above.
As it looks as the tdskiller report has come up, I went to download Rootrepeal.exe and downloaded it to the desktop, but I think Norton has blocked it and Quarantined it as it has disappeared from my Desktop.
Should I disable Norton and try again?
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 13th, 2010, 7:15 am

Yes, please do.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 7:25 am

Here is the Rootrepael text.

ROOTREPEAL (c) AD, 2007-2010
==================================================
Report Save Time: 2010/05/13 12:21
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP3
==================================================

STEALTH CODE
-------------------
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 13th, 2010, 7:46 am

kemsing,
Right now, the tools I have are not showing any active TidServ infection.
If there are any details at all in any Norton message about TidServ (file name, locations, other specifics etc.), please note them down and let me know.

You have an obsolete Java installed. We can fix that now.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Java(TM) 6 Update 7
Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Older versions of Java have been vulnerable to malware infections in the past. It is important to install the newest version and make sure all older ones have been removed.
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 20 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
----------------------------------------------
Run Temp File Cleaner
Double click TFC.exe on your desktop to run it.
If you have removed it, the download is here: http://oldtimer.geekstogo.com/TFC.exe
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Let's check whether a separate scan detects any leftover files on your system. This can take quite a while (could be several hours), so please be patient.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of any infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 13th, 2010, 8:23 am

Norton says A0147961.sys contains threat backdoor.tidserv inf Manual removal required.
norton looks as though it has picked up other threats with e-mail scanner such as this one my_resume_5213.exe containdthreat Trojan.sasfis, High risk, origin not available, Actions performed 1.


Will perform the actions now in your latest post.
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 13th, 2010, 8:53 am

That infection is stored in an old System Restore file. It's harmless unless you do a System Restore.
Thanks for the info. That's encouraging, actually, if that's all it is.
We will clean out all old System Restore files before letting you go.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 14th, 2010, 7:24 am

Here are the results from the Kaspersky website Scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, May 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, May 14, 2010 04:34:06
Records in database: 4111428
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 134493
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:45:32


File name / Threat / Threats count
C:\Documents and Settings\Lee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Dropper.Win32.Agent.catk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dmload.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP951\A0147961.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP954\A0153419.sys Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 164 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware