Thanks. I found and disabled TDSSserv.sys and followed the rest of the instructions. Here is the report:
SDFix: Version 1.236 Run by Mark Girard on Wed 12/17/2008 at 09:19 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-17 21:40:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f0,c6,9e,f3,27,10,77,aa,6f,f3,cd,5e,12,a6,12,0b,ec,3f,08,5a,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,cb,be,20,09,31,df,e8,f7,87,e1,82,35,66,d0,7f,e5,..
"khjeh"=hex:4c,b4,2b,4d,16,03,92,21,b9,32,29,4e,ea,82,36,14,d7,d9,e0,cd,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,47,0a,1f,a1,d7,e4,5e,72,e5,8d,16,f4,c7,7e,74,04,bc,d9,19,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpaxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpaxt.sys"
"TDSSl"="\systemroot\system32\TDSSofxh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSnrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSScfum.dll"
"tdssinit"="\systemroot\system32\TDSSfxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f0,c6,9e,f3,27,10,77,aa,6f,f3,cd,5e,12,a6,12,0b,ec,3f,08,5a,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,cb,be,20,09,31,df,e8,f7,87,e1,82,35,66,d0,7f,e5,..
"khjeh"=hex:4c,b4,2b,4d,16,03,92,21,b9,32,29,4e,ea,82,36,14,d7,d9,e0,cd,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,47,0a,1f,a1,d7,e4,5e,72,e5,8d,16,f4,c7,7e,74,04,bc,d9,19,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpaxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpaxt.sys"
"TDSSl"="\systemroot\system32\TDSSofxh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSnrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSScfum.dll"
"tdssinit"="\systemroot\system32\TDSSfxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f0,c6,9e,f3,27,10,77,aa,6f,f3,cd,5e,12,a6,12,0b,ec,3f,08,5a,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,cb,be,20,09,31,df,e8,f7,87,e1,82,35,66,d0,7f,e5,..
"khjeh"=hex:4c,b4,2b,4d,16,03,92,21,b9,32,29,4e,ea,82,36,14,d7,d9,e0,cd,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,47,0a,1f,a1,d7,e4,5e,72,e5,8d,16,f4,c7,7e,74,04,bc,d9,19,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpaxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpaxt.sys"
"TDSSl"="\systemroot\system32\TDSSofxh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSnrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSScfum.dll"
"tdssinit"="\systemroot\system32\TDSSfxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f0,c6,9e,f3,27,10,77,aa,6f,f3,cd,5e,12,a6,12,0b,ec,3f,08,5a,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,43,cb,be,20,09,31,df,e8,f7,87,e1,82,35,66,d0,7f,e5,..
"khjeh"=hex:4c,b4,2b,4d,16,03,92,21,b9,32,29,4e,ea,82,36,14,d7,d9,e0,cd,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,47,0a,1f,a1,d7,e4,5e,72,e5,8d,16,f4,c7,7e,74,04,bc,d9,19,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpaxt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpaxt.sys"
"TDSSl"="\systemroot\system32\TDSSofxh.dll"
"tdssservers"="\systemroot\system32\TDSSosvd.dat"
"tdssmain"="\systemroot\system32\TDSSnrsr.dll"
"tdsslog"="\systemroot\system32\TDSSriqp.dll"
"tdssadw"="\systemroot\system32\TDSScfum.dll"
"tdssinit"="\systemroot\system32\TDSSfxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhym.log"
"TDSSproc"="\systemroot\system32\TDSStkdv.log"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LIvVE\\System\\mIC.exe"="C:\\Program Files\\LIvVE\\System\\mIC.exe:*:Enabled:mIC"
"C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe"="C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe:*:Enabled:LiveUpdate Microsoft
?"
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"="C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe"="C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe:*:Enabled:GameSpy Poker by Jeff Anderson"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
Files with Hidden Attributes :
Sun 31 Dec 2006 0 A.SH. --- "C:\RECYCLER\S-1-5-18\Dc44.tmp"
Fri 25 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri 25 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\ntiembed.dll"
Fri 8 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 15 Mar 2008 228,383 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Finished!