Tidserv

View previous topic View next topic Go down

Tidserv

Post by The Engineer on Sat Jun 06, 2009 9:29 pm

Like an idiot I've downloaded an avi file which when run in Windows Media Player requested a new codec. When the codec was installed Norton reported that it has detected ( and removed) Tidserv ( w32.Tidserv.G and Backdoor Tidserv, etc.)
I am still infected ( IE crashes all the time now whilst it worked well just before the codec download)
Here is the scan result by Highjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:39, on 06/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\temp\37992140.tmp
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adrian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Adrian\Documents\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D55EA24-83FE-401D-A431-02726B23B758}: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F90C8B-9ADF-4BE6-997A-EEE93AC52877}: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB3A45B3-E211-4BC4-B9A0-5FB07058625A}: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98614aa1c4272) (gupdate1c98614aa1c4272) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12325 bytes

I would be very grateful for help with this ..Best Regards.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by Belahzur on Sat Jun 06, 2009 9:38 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following if present

    iWin
    iWin Games

  • Click on the Uninstall/Change button at the top.

Next,

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O17 - HKLM\System\CCS\Services\Tcpip\..\{5D55EA24-83FE-401D-A431-02726B23B758}: NameServer = 85.255.112.11,85.255.112.139
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72F90C8B-9ADF-4BE6-997A-EEE93AC52877}: NameServer = 85.255.112.11,85.255.112.139
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FB3A45B3-E211-4BC4-B9A0-5FB07058625A}: NameServer = 85.255.112.11,85.255.112.139
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.11,85.255.112.139


  • Press "Fix Checked"
  • Close Hijack This.

Next,

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Sun Jun 07, 2009 10:02 am

Many thanks for your help.

I have :

1. made a donnation of $10 via Paypal
2. run through your instructions above one by one.

The results are :

Combofix detected "rootkit activity" and had to reboot midway through scan. It then displayed 3 file names as follows :

c: \windows\system32\drivers\gxvxctfopttwytctotvcxkwfqmniwbsxirdyf.sys
c: \windows\system32\drivers\gxvxcldirxjlevecrcgtdwqkixfrhimwpcxqp.dll
c: \windows\system32\drivers\gxvxctbaqmupyuaspuceqbhsiepohcwmbpcua.dll

After reboot Combo fix continued happily and saved a text scan log which I am unable to paste here as I get a message saying my Reply is "too long"
I was also unable to find a way to attach the text file to this reply.

I look forward to your further instructions,Best Regards.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Sun Jun 07, 2009 2:28 pm

Actually, looks like your highjack and combo fix have solved it , apparently.
I was now able to use Malwarebytes and Spydoctor to scan ( I was not able to scan with anything before including Norton) and remove a series of threats and infections notably a DNSChanger. After these scans things appear normal but please let me know how to send the combo fix report to you anyway, many thanks.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by Belahzur on Sun Jun 07, 2009 6:45 pm

Just split it up into more than one post and post the Combofix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Sun Jun 07, 2009 7:26 pm

Ok here it goes
1st part:

ComboFix 09-06-06.03 - Adrian 07/06/2009 10:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3581.2768 [GMT 1:00]
Running from: c:\users\Adrian\Documents\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxctfopttwytctotvcxkwfqmniwbsxirdyf.sys
c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\gxvxcldirxjlevecrcgtdwqkixfrhimwpcxqp.dll
c:\windows\system32\gxvxctbaqmupyuaspuceqbhsiepohcwmbpcua.dll
c:\windows\system32\PIXAPS.DLL
c:\windows\system32\PIXBBN.DLL
c:\windows\system32\PIXDFLTN.DLL
c:\windows\system32\PIXDLGN.DLL
c:\windows\system32\PIXJBGN.DLL
c:\windows\system32\PIXLOCN.DLL
c:\windows\system32\PIXLZWN.DLL
c:\windows\system32\PIXMDLGN.DLL
c:\windows\system32\PIXMDLN.DLL
c:\windows\system32\PIXMPN.DLL
c:\windows\system32\PIXNAMEN.DLL
c:\windows\system32\PIXNOTEN.DLL
c:\windows\system32\PIXPANN.DLL
c:\windows\system32\PIXPERMN.DLL
c:\windows\system32\PIXRAMN.DLL
c:\windows\system32\PIXSLN.DLL
c:\windows\system32\PIXTIFFN.DLL
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 09:22 . 2009-06-07 09:23 -------- d-----w- c:\users\Adrian\AppData\Local\temp
2009-06-07 09:22 . 2009-06-07 09:22 -------- d-----w- C:\temp
2009-06-07 09:22 . 2009-06-07 09:22 -------- d-----w- \temp
2009-06-07 09:02 . 2009-06-07 09:23 -------- d-s---w- \Combo-Fix
2009-06-07 09:01 . 2009-06-07 09:02 -------- d-----w- \Qoobox
2009-06-07 08:08 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 08:08 . 2009-06-07 08:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-07 08:08 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 08:04 . 2009-02-26 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\EECTRL.SYS
2009-06-07 08:04 . 2009-02-26 09:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\CCERASER.DLL
2009-06-07 08:04 . 2009-02-26 09:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\ERASER.SYS
2009-06-07 08:04 . 2009-02-21 09:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVENG.SYS
2009-06-07 08:04 . 2009-02-21 09:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVEX15.SYS
2009-06-07 08:04 . 2009-02-21 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVENG32.DLL
2009-06-07 08:04 . 2009-02-21 09:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\NAVEX32A.DLL
2009-06-07 08:04 . 2008-11-22 09:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.039\ECMSVR32.DLL
2009-06-07 07:59 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-07 07:59 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-07 07:59 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-07 07:59 . 2009-06-07 08:00 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-07 07:59 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-07 07:58 . 2009-06-07 07:58 -------- d-----w- c:\users\Adrian\AppData\Roaming\PC Tools
2009-06-07 07:58 . 2009-06-07 07:58 -------- d-----w- c:\programdata\PC Tools
2009-06-07 07:53 . 2009-06-07 09:09 3756044288 --sha-w- \hiberfil.sys
2009-06-06 21:13 . 2009-06-07 07:24 -------- d-sh--w- \Config.Msi
2009-06-06 12:11 . 2009-06-06 12:11 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF0F9.tmp.exe
2009-06-06 12:05 . 2009-06-06 12:05 -------- d-----w- c:\program files\Western Digital
2009-06-05 16:43 . 2009-06-06 15:36 -------- d-----w- c:\users\Adrian\AppData\Roaming\GoodSync
2009-06-05 16:43 . 2009-06-05 16:43 -------- d-----w- c:\program files\Siber Systems
2009-05-31 08:05 . 2009-05-31 08:05 -------- d-----w- c:\users\Adrian\AppData\Roaming\HiT-MM
2009-05-31 08:01 . 2009-05-31 08:02 -------- d-----w- c:\program files\Hidden in Time - Mirror Mirror
2009-05-31 07:53 . 2009-05-31 07:53 -------- d-----w- c:\program files\bfgclient
2009-05-31 07:52 . 2009-05-31 08:07 -------- d-----w- C:\BigFishGamesCache
2009-05-31 07:52 . 2009-05-31 08:07 -------- d-----w- \BigFishGamesCache
2009-05-29 18:46 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-05-29 18:46 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys
2009-05-29 18:46 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-05-29 18:46 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-05-29 18:46 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys
2009-05-18 18:01 . 2009-05-18 18:01 -------- d-----w- c:\users\Adrian\AppData\Roaming\LinkManager 4.0
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\program files\ScanSoft
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\windows\Pixtran
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\program files\Visioneer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 09:23 . 2008-02-01 18:32 -------- d-----w- c:\programdata\Kontiki
2009-06-07 09:09 . 2009-06-07 07:53 3756044288 --sha-w- \hiberfil.sys
2009-06-07 09:09 . 2008-01-09 21:42 3215982592 --sha-w- \pagefile.sys
2009-06-07 09:07 . 2008-01-09 14:13 3308 ----a-w- c:\windows\bthservsdp.dat
2009-06-07 08:48 . 2008-01-19 21:44 -------- d-----w- c:\programdata\iWin Games
2009-06-07 08:42 . 2008-06-01 06:14 -------- d-----w- c:\programdata\Google Updater
2009-06-07 08:08 . 2008-02-27 22:26 -------- d-----w- c:\program files\RegCure
2009-06-06 21:17 . 2008-04-08 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 21:09 . 2008-12-20 10:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-06 18:13 . 2008-03-06 18:29 -------- d-----w- c:\users\Adrian\AppData\Roaming\uTorrent
2009-06-03 17:42 . 2008-01-11 14:32 182070 ----a-w- c:\users\Adrian\AppData\Roaming\nvModes.dat
2009-05-31 20:17 . 2008-01-12 12:48 -------- d-----w- c:\users\Adrian\AppData\Roaming\Skype
2009-05-31 16:24 . 2008-01-12 12:49 -------- d-----w- c:\users\Adrian\AppData\Roaming\skypePM
2009-05-25 19:44 . 2008-01-11 13:51 86896 ----a-w- c:\users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-09 14:44 -------- d-----w- c:\program files\Google
2009-05-13 18:03 . 2008-01-09 14:40 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 18:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 19:41 . 2008-02-01 18:32 -------- d-----w- c:\program files\Kontiki
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\users\Adrian\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-29 19:34 . 2009-04-29 19:37 38208 ----a-w- c:\users\Adrian\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-12 21:33 . 2009-04-12 21:33 390664 ----a-w- c:\users\Adrian\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-04-12 21:33 . 2009-04-12 21:33 390664 ----a-w- c:\users\Adrian\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-11 07:50 . 2009-04-11 07:49 -------- d-----w- c:\program files\QuickTime
2009-04-11 07:49 . 2009-04-11 07:49 -------- d-----w- c:\programdata\Apple Computer
2009-04-11 07:46 . 2009-04-11 07:46 -------- d-----w- c:\program files\Apple Software Update
2009-04-11 07:46 . 2009-04-11 07:46 -------- d-----w- c:\programdata\Apple
2009-03-24 17:33 . 2009-03-24 17:33 237264 ----a-w- c:\users\Adrian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-21 16:18 . 2008-11-23 10:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 19:27 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 19:27 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2008-01-09 14:32 . 2008-01-09 14:32 76 --sh--r- c:\windows\CT4CET.bin
2008-01-09 22:05 . 2008-01-09 21:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-9 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Sun Jun 07, 2009 7:26 pm

Second part:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Adrian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{839345E8-D8FC-43ED-B7F0-D40A84BA5584}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D55DA0B-54BE-49DC-BD88-E3CAC6FC912D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0CE36EAA-073C-4680-BA69-02EE8A1EE72D}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{E80030B6-F5C7-458B-9272-48C3D66C44C0}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B45A1858-ACAE-4E27-B4EA-61633D1ADD96}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0A10CA65-A71C-4F9D-ADAA-A26E195B171D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{85C17E0C-9980-4ED6-96AF-77F78F16C928}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{BDCA94B9-8024-43B1-B035-8E6FEA048EC4}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B6571099-6B6D-4CAA-BA0E-6EA2C9B45622}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A76F33CA-B1CE-4A13-9C90-58BF87D43D67}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F3C120FD-81DB-4294-B7A7-2DDCDAC05F3C}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{56A283C1-356D-414B-A0C0-7649288CAEDF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3950F003-1458-45CB-82FB-CBFD44853803}c:\\program files\\google\\google desktop search\\googledesktop.exe"= UDP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"UDP Query User{52724A21-8F3A-42C0-9AEE-5A6241C1A61B}c:\\program files\\google\\google desktop search\\googledesktop.exe"= TCP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"TCP Query User{6E9224FA-F518-439B-A986-15864491738A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EE0AAE6-4A90-4EAD-B184-76E37F76DAE4}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{6D2F757C-0EEB-4342-B0BE-43F395281230}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6A5FA0EF-6427-4BD3-979B-7F2F5DAE1C33}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{30C1E724-F5CA-49B4-8DB3-C27CF85A86F8}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{D6952335-9622-466E-927D-22CD48ACC830}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{3660F586-3055-42BD-8015-24B87BD5DCCB}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{3BBB2886-99C3-45F1-BA62-E166CBB382EC}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{D2A9D04A-C96D-44A3-81B8-2EFB5A72EC30}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E74B60F-8638-4EE5-8340-B546164A2284}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{522B4E36-F048-45EB-B1F2-8D5769B171A3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2F1497A5-C49B-4B6F-90B1-A5C6B7C90702}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{DEC9EE32-5544-4ED5-9767-0B22EC2CCFAA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{380F74BB-FB0D-40E7-9FD6-A3806E585C45}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{87A85CD7-9F2C-4AA2-B62B-8BAA8F18298A}"= UDP:c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE:OUTLOOK
"{29A51794-2B48-40CE-8986-AF7E087FE359}"= TCP:c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE:OUTLOOK
"{D986F46F-FE04-4067-B4A3-2044E98AA681}"= c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe:Symantec Service Framework
"{BC45B7AB-846B-489E-84D8-74564DFAF3AA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DB9522D5-F5B4-46DB-917A-621511A8BA09}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{96EFB151-9819-49D6-9D02-B06CA06D3348}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{F72E5A44-F31D-4FF3-ADE0-276B9FC18CBB}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{E5B33E2B-F936-4548-AABF-61C2D9D0F665}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"TCP Query User{E20FF559-EAF3-4F8C-B872-A9CFC1002512}c:\\program files\\voipraider.com\\voipraider\\voipraider.exe"= UDP:c:\program files\voipraider.com\voipraider\voipraider.exe:Client to make VoIP calls.
"UDP Query User{B0BF83EB-6B24-49FA-B4CC-56464EED71F6}c:\\program files\\voipraider.com\\voipraider\\voipraider.exe"= TCP:c:\program files\voipraider.com\voipraider\voipraider.exe:Client to make VoIP calls.

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [07/06/2009 08:59 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [21/03/2009 17:18 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [21/03/2009 17:18 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [21/03/2009 17:17 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys [29/05/2009 19:46 292912]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [09/01/2008 15:11 73728]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [21/03/2009 17:18 115560]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [02/11/2007 12:56 131072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 10:00 101936]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 18:03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09/01/2008 23:05 7424]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [21/03/2009 17:18 39984]
S2 gupdate1c98614aa1c4272;Google Update Service (gupdate1c98614aa1c4272);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 16:32 133104]
S2 sdAuxService;PC Tools Auxiliary Service;g:\spyware doctor\pctsAuxs.exe --> g:\spyware doctor\pctsAuxs.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-09 20:00]

2009-06-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:32]

2009-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-909065157-3740437071-1745832014-1000.job
- c:\users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-13 18:19]

2009-06-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2008-06-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-06-07 c:\windows\Tasks\User_Feed_Synchronization-{6B17E6B9-DF46-452A-82E9-CE6BD4078D20}.job
- c:\windows\system32\msfeedssync.exe [2008-03-23 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISTray - g:\spyware doctor\pctsTray.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-07 10:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\etilqs_f4BrspwGDHqe5wJisHbD 1028 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-07 10:25
ComboFix-quarantined-files.txt 2009-06-07 09:25

Pre-Run: 85,650,870,272 bytes free
Post-Run: 85,860,184,064 bytes free

301 --- E O F --- 2009-05-13 18:04

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by Belahzur on Sun Jun 07, 2009 8:00 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\programdata\Google\Google Toolbar\Update\gtbF0F9.tmp.exe

Folder::
c:\programdata\iWin Games
c:\users\Adrian\AppData\Roaming\uTorrent
c:\program files\utorrent

Registry::
[=HKLM\~\startupfolder\C:^Users^Adrian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{522B4E36-F048-45EB-B1F2-8D5769B171A3}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{2F1497A5-C49B-4B6F-90B1-A5C6B7C90702}c:\\program files\\utorrent\\utorrent.exe"=-
"{DEC9EE32-5544-4ED5-9767-0B22EC2CCFAA}"=-
"{380F74BB-FB0D-40E7-9FD6-A3806E585C45}"=-
"TCP Query User{DB9522D5-F5B4-46DB-917A-621511A8BA09}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{96EFB151-9819-49D6-9D02-B06CA06D3348}c:\\program files\\utorrent\\utorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Mon Jun 08, 2009 8:28 pm

Done.
Combo results below in several reply notes:

ComboFix 09-06-06.03 - Adrian 08/06/2009 21:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3581.2204 [GMT 1:00]
Running from: c:\users\Adrian\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Adrian\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Google\Google Toolbar\Update\gtbF0F9.tmp.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\utorrent
c:\program files\utorrent\uTorrent.exe
c:\programdata\Google\Google Toolbar\Update\gtbF0F9.tmp.exe
c:\programdata\iWin Games
c:\programdata\iWin Games\drm\data\{1031FF6F-0FFF-0FFF-FFF4-FFFF0F1FF1GS}.dta
c:\programdata\iWin Games\drm\data\{17035977-5432-0389-2523-89364F0FF2IW}.dta
c:\programdata\iWin Games\drm\data\{17035977-5432-0389-2523-89364F1FF2IW}.dta
c:\programdata\iWin Games\drm\data\{17333269-0493-0037-4532-11180F1FF5GS}.dta
c:\programdata\iWin Games\drm\data\{17334163-0854-0510-2342-03960F0FF5GS}.dta
c:\programdata\iWin Games\drm\data\{17334666-0588-0052-5203-50810F0FF0GS}.dta
c:\programdata\iWin Games\drm\data\{17334963-0632-0562-5103-16550F0FF3GS}.dta
c:\programdata\iWin Games\drm\data\{17334963-0632-0562-5103-16550F1FF3GS}.dta
c:\programdata\iWin Games\drm\drm_101_mahjong.ifn.stdat
c:\programdata\iWin Games\drm\drm_1733294930374531118_JQSolitaire.ifn.stdat
c:\programdata\iWin Games\drm\drm_1734138545102340396_CradleOfRome.ifn.stdat
c:\programdata\iWin Games\drm\drm_1734665880525205081_Chocolatier.ifn.stdat
c:\programdata\iWin Games\drm\drm_1734936325625101655_7WondersII.ifn.stdat
c:\programdata\iWin Games\drm\drm_1735974323892528936_MysteryInLondon.ifn.stdat
c:\users\Adrian\AppData\Roaming\uTorrent
c:\users\Adrian\AppData\Roaming\uTorrent\dht.dat
c:\users\Adrian\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Adrian\AppData\Roaming\uTorrent\resume.dat
c:\users\Adrian\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Adrian\AppData\Roaming\uTorrent\rss.dat
c:\users\Adrian\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Adrian\AppData\Roaming\uTorrent\settings.dat
c:\users\Adrian\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Adrian\AppData\Roaming\uTorrent\The.2009.Oscars - Complete.Event.in.HD.Quality.torrent
c:\users\Adrian\AppData\Roaming\uTorrent\utorrent.lng

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 20:09 . 2009-06-08 20:12 -------- d-----w- c:\users\Adrian\AppData\Local\temp
2009-06-08 20:09 . 2009-06-08 20:09 -------- d-----w- C:\temp
2009-06-08 20:09 . 2009-06-08 20:09 -------- d-----w- \temp
2009-06-08 20:03 . 2009-06-08 20:14 -------- d-s---w- \Combo-Fix
2009-06-08 18:27 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:27 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:27 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-08 18:27 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:27 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-08 17:27 . 2009-02-21 09:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVENG.SYS
2009-06-08 17:27 . 2009-02-21 09:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVEX15.SYS
2009-06-08 17:27 . 2009-02-21 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVENG32.DLL
2009-06-08 17:27 . 2009-02-21 09:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\NAVEX32A.DLL
2009-06-08 17:27 . 2009-02-26 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\EECTRL.SYS
2009-06-08 17:27 . 2009-02-26 09:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\CCERASER.DLL
2009-06-08 17:27 . 2009-02-26 09:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\ERASER.SYS
2009-06-08 17:27 . 2008-11-22 09:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090608.007\ECMSVR32.DLL
2009-06-07 14:04 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-07 14:03 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-07 14:03 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-07 14:03 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-07 14:03 . 2009-06-07 14:10 -------- d-----w- c:\program files\Spyware Doctor
2009-06-07 14:03 . 2009-06-07 14:03 -------- d-----w- c:\users\Adrian\AppData\Roaming\PC Tools
2009-06-07 14:03 . 2009-06-07 14:03 -------- d-----w- c:\programdata\PC Tools
2009-06-07 10:04 . 2009-06-07 10:04 -------- d-----w- c:\users\Adrian\AppData\Roaming\Malwarebytes
2009-06-07 09:01 . 2009-06-08 20:04 -------- d-----w- \Qoobox
2009-06-07 08:08 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 08:08 . 2009-06-07 08:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-07 08:08 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 07:59 . 2009-06-07 14:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-07 07:53 . 2009-06-08 20:11 3753979904 --sha-w- \hiberfil.sys
2009-06-06 21:13 . 2009-06-07 07:24 -------- d-sh--w- \Config.Msi
2009-06-06 12:05 . 2009-06-06 12:05 -------- d-----w- c:\program files\Western Digital
2009-06-05 16:43 . 2009-06-06 15:36 -------- d-----w- c:\users\Adrian\AppData\Roaming\GoodSync
2009-06-05 16:43 . 2009-06-05 16:43 -------- d-----w- c:\program files\Siber Systems
2009-05-31 08:05 . 2009-05-31 08:05 -------- d-----w- c:\users\Adrian\AppData\Roaming\HiT-MM
2009-05-31 08:01 . 2009-05-31 08:02 -------- d-----w- c:\program files\Hidden in Time - Mirror Mirror
2009-05-31 07:53 . 2009-05-31 07:53 -------- d-----w- c:\program files\bfgclient
2009-05-31 07:52 . 2009-05-31 08:07 -------- d-----w- C:\BigFishGamesCache
2009-05-31 07:52 . 2009-05-31 08:07 -------- d-----w- \BigFishGamesCache
2009-05-18 18:01 . 2009-05-18 18:01 -------- d-----w- c:\users\Adrian\AppData\Roaming\LinkManager 4.0
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\program files\ScanSoft
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\windows\Pixtran
2009-05-18 17:52 . 2009-05-18 17:52 -------- d-----w- c:\program files\Visioneer

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Mon Jun 08, 2009 8:30 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 20:15 . 2008-02-01 18:32 -------- d-----w- c:\programdata\Kontiki
2009-06-08 20:11 . 2009-06-07 07:53 3753979904 --sha-w- \hiberfil.sys
2009-06-08 20:11 . 2008-01-09 21:42 3215982592 --sha-w- \pagefile.sys
2009-06-08 20:10 . 2008-01-09 14:13 3308 ----a-w- c:\windows\bthservsdp.dat
2009-06-08 17:19 . 2008-06-01 06:14 -------- d-----w- c:\programdata\Google Updater
2009-06-07 19:22 . 2008-01-11 14:32 182070 ----a-w- c:\users\Adrian\AppData\Roaming\nvModes.dat
2009-06-07 08:08 . 2008-02-27 22:26 -------- d-----w- c:\program files\RegCure
2009-06-06 21:17 . 2008-04-08 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 21:09 . 2008-12-20 10:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 20:17 . 2008-01-12 12:48 -------- d-----w- c:\users\Adrian\AppData\Roaming\Skype
2009-05-31 16:24 . 2008-01-12 12:49 -------- d-----w- c:\users\Adrian\AppData\Roaming\skypePM
2009-05-25 19:44 . 2008-01-11 13:51 86896 ----a-w- c:\users\Adrian\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-09 14:44 -------- d-----w- c:\program files\Google
2009-05-13 18:03 . 2008-01-09 14:40 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 18:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 19:41 . 2008-02-01 18:32 -------- d-----w- c:\program files\Kontiki
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\users\Adrian\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-04-29 19:37 . 2009-04-29 19:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-29 19:34 . 2009-04-29 19:37 38208 ----a-w- c:\users\Adrian\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-12 21:33 . 2009-04-12 21:33 390664 ----a-w- c:\users\Adrian\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-04-12 21:33 . 2009-04-12 21:33 390664 ----a-w- c:\users\Adrian\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-11 07:50 . 2009-04-11 07:49 -------- d-----w- c:\program files\QuickTime
2009-04-11 07:49 . 2009-04-11 07:49 -------- d-----w- c:\programdata\Apple Computer
2009-04-11 07:46 . 2009-04-11 07:46 -------- d-----w- c:\program files\Apple Software Update
2009-04-11 07:46 . 2009-04-11 07:46 -------- d-----w- c:\programdata\Apple
2009-03-24 17:33 . 2009-03-24 17:33 237264 ----a-w- c:\users\Adrian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-21 16:18 . 2008-11-23 10:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 19:27 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 19:27 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2008-01-09 14:32 . 2008-01-09 14:32 76 --sh--r- c:\windows\CT4CET.bin
2008-01-09 22:05 . 2008-01-09 21:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-9 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Adrian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{839345E8-D8FC-43ED-B7F0-D40A84BA5584}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4D55DA0B-54BE-49DC-BD88-E3CAC6FC912D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0CE36EAA-073C-4680-BA69-02EE8A1EE72D}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{E80030B6-F5C7-458B-9272-48C3D66C44C0}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B45A1858-ACAE-4E27-B4EA-61633D1ADD96}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0A10CA65-A71C-4F9D-ADAA-A26E195B171D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{85C17E0C-9980-4ED6-96AF-77F78F16C928}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{BDCA94B9-8024-43B1-B035-8E6FEA048EC4}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B6571099-6B6D-4CAA-BA0E-6EA2C9B45622}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A76F33CA-B1CE-4A13-9C90-58BF87D43D67}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F3C120FD-81DB-4294-B7A7-2DDCDAC05F3C}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{56A283C1-356D-414B-A0C0-7649288CAEDF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3950F003-1458-45CB-82FB-CBFD44853803}c:\\program files\\google\\google desktop search\\googledesktop.exe"= UDP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"UDP Query User{52724A21-8F3A-42C0-9AEE-5A6241C1A61B}c:\\program files\\google\\google desktop search\\googledesktop.exe"= TCP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"TCP Query User{6E9224FA-F518-439B-A986-15864491738A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EE0AAE6-4A90-4EAD-B184-76E37F76DAE4}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{6D2F757C-0EEB-4342-B0BE-43F395281230}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{6A5FA0EF-6427-4BD3-979B-7F2F5DAE1C33}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{30C1E724-F5CA-49B4-8DB3-C27CF85A86F8}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{D6952335-9622-466E-927D-22CD48ACC830}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{3660F586-3055-42BD-8015-24B87BD5DCCB}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{3BBB2886-99C3-45F1-BA62-E166CBB382EC}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{D2A9D04A-C96D-44A3-81B8-2EFB5A72EC30}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E74B60F-8638-4EE5-8340-B546164A2284}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{87A85CD7-9F2C-4AA2-B62B-8BAA8F18298A}"= UDP:c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE:OUTLOOK
"{29A51794-2B48-40CE-8986-AF7E087FE359}"= TCP:c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE:OUTLOOK
"{D986F46F-FE04-4067-B4A3-2044E98AA681}"= c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe:Symantec Service Framework
"{BC45B7AB-846B-489E-84D8-74564DFAF3AA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F72E5A44-F31D-4FF3-ADE0-276B9FC18CBB}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{E5B33E2B-F936-4548-AABF-61C2D9D0F665}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"TCP Query User{E20FF559-EAF3-4F8C-B872-A9CFC1002512}c:\\program files\\voipraider.com\\voipraider\\voipraider.exe"= UDP:c:\program files\voipraider.com\voipraider\voipraider.exe:Client to make VoIP calls.
"UDP Query User{B0BF83EB-6B24-49FA-B4CC-56464EED71F6}c:\\program files\\voipraider.com\\voipraider\\voipraider.exe"= TCP:c:\program files\voipraider.com\voipraider\voipraider.exe:Client to make VoIP calls.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Mon Jun 08, 2009 8:36 pm

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [07/06/2009 15:03 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [21/03/2009 17:18 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [21/03/2009 17:18 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [21/03/2009 17:17 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys [08/06/2009 19:27 292912]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [09/01/2008 15:11 73728]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [21/03/2009 17:18 115560]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [02/11/2007 12:56 131072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 10:00 101936]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 18:03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09/01/2008 23:05 7424]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [21/03/2009 17:18 39984]
S2 gupdate1c98614aa1c4272;Google Update Service (gupdate1c98614aa1c4272);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 16:32 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07/06/2009 15:03 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-09 20:00]

2009-06-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:32]

2009-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-909065157-3740437071-1745832014-1000.job
- c:\users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-13 18:19]

2009-06-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2008-06-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{6B17E6B9-DF46-452A-82E9-CE6BD4078D20}.job
- c:\windows\system32\msfeedssync.exe [2008-03-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-08 21:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4216)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-08 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 20:18
ComboFix2.txt 2009-06-07 09:25

Pre-Run: 89,317,163,008 bytes free
Post-Run: 89,092,366,336 bytes free

352 --- E O F --- 2009-05-13 18:04

WHILST GRATEFUL FOR YOUR SUPPORT I AM SLIGHTLY WORRIED ABOUT HANDING OVER ALL THIS INFORMATION. I AM NOT SURE WHAT IT MAY CONTAIN THAT MAY BE USED AGAINST ME OR MY PC.
I NOTICED FOR EXAMPLE THAT IN THE COMBO FIX TEXT ABOVE THE LOCKED REGISTRY KEYS MENTION ACCESS DENIED TO "USER" AND "EVERYONE" BUT ALLOWS A CERTAIN CODE.
PLEASE LET ME KNOW WHAT IS YOUR POLICY WITH RESPECT TO THIS PRIVATE DATA THAT IS BEING SENT TO YOU, MANY THANKS.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by Belahzur on Mon Jun 08, 2009 8:40 pm

They are legit locked keys, and locked for a reason. Mainly to stop people messing with them, or malware messing with them.

We do not allow anything personal to be posted, if anything is, I edit it out. Don't worry about it. Smile

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tidserv

Post by The Engineer on Tue Jun 09, 2009 6:34 pm

Laptop runs OK.
Many thanks for your kind help and support.
Best wishes,A.

The Engineer
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-06
OS OS : vista home
Points Points : 27415
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tidserv

Post by Belahzur on Tue Jun 09, 2009 7:34 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum