Backdoor.Tidserv!inf on my Windows 7 operating system

View previous topic View next topic Go down

Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Fri Aug 13, 2010 11:17 pm

Hi i just found that my Norton has discovered Backdoor.Tidserv!inf on my system. I've checked Symantec but it does'nt show what to do if it is a Windows 7 platform that is being infected, this is also the case for many other websites that i have visited. I realise this must be manually removed, what should i do?

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Sat Aug 14, 2010 12:40 pm

Hi Fuyuko and Welcome to GeekPolice!

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt



Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Tue Aug 17, 2010 1:04 am


DDS (Ver_10-03-17.01) - NTFSX64
Run by Daddy at 21:20:09.79 on 16/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3036.1376 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Daddy\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Hotkey Utility] c:\program files (x86)\packard bell\hotkey utility\HotkeyUtility.exe
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files (x86)\cyberlink\youcam\YouCamTray.exe" /s
dRunOnce: []
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\Partner64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [TouchORB] c:\program files (x86)\touchsettings\TouchPortalOBR.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [TouchPortal] c:\program files (x86)\packard bell\packard bell touch suite\TouchPortal.exe

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-5-20 55024]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-8-14 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-8-14 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100719.001\BHDrvx64.sys [2010-7-19 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-8-14 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100813.004\IDSviA64.sys [2010-8-14 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-8-14 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-8-14 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 Greg_Service;GRegService;c:\program files (x86)\packard bell\registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-8-14 126392]
R2 Updater Service;Updater Service;c:\program files\packard bell\packard bell updater\UpdaterService.exe [2010-4-22 243232]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [2010-4-22 364800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-13 132656]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-5-20 60416]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-4-22 140128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-4-22 233472]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-22 658944]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-8-16 135664]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [2009-6-10 220288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28x.sys [2010-4-22 702976]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-4-22 332272]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-15 1255736]

=============== Created Last 30 ================

2010-08-15 05:31:41 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-08-14 02:23:12 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-14 02:23:12 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-08-14 02:04:27 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-14 02:04:27 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-08-13 23:44:19 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 23:44:19 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 23:44:19 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-13 23:44:03 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-08-13 23:44:03 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-08-13 23:43:42 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-08-13 23:43:42 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-08-13 23:43:22 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 23:43:22 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-13 23:37:15 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-13 23:36:33 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-13 23:35:43 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 23:35:42 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-08-13 23:35:42 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-08-13 11:21:20 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-13 11:16:12 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-08-13 11:16:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-13 11:14:57 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-08-13 11:14:57 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-08-13 11:14:57 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-08-13 11:14:57 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-13 10:46:46 7680 ----a-w- c:\windows\syswow64\instnm.exe
2010-08-13 10:46:46 5120 ----a-w- c:\windows\syswow64\wow32.dll
2010-08-13 10:46:46 25600 ----a-w- c:\windows\syswow64\setup16.exe
2010-08-13 10:46:46 243200 ----a-w- c:\windows\system32\wow64.dll
2010-08-13 10:46:46 2048 ----a-w- c:\windows\syswow64\user.exe
2010-08-13 10:46:46 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2010-08-13 10:46:40 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 10:46:40 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-13 10:41:31 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-13 10:41:31 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-13 10:41:31 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-13 10:41:22 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-13 10:41:14 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-13 10:41:08 144384 ----a-w- c:\windows\system32\cdd.dll
2010-08-13 08:46:16 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-13 08:46:16 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-08-13 08:46:15 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-13 08:46:15 552960 ----a-w- c:\windows\system32\msdri.dll
2010-08-13 08:46:15 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-08-13 08:46:15 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-13 08:46:15 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-08-13 08:46:14 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-08-13 08:46:14 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-08-13 08:42:29 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 08:42:11 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 08:42:11 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-13 08:42:04 716800 ----a-w- c:\windows\syswow64\jscript.dll
2010-08-13 08:39:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-08-13 08:39:50 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-08-13 08:39:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-08-13 08:39:50 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-08-13 07:37:12 0 d--h--w- c:\windows\PIF
2010-08-13 07:11:57 0 d-----w- c:\programdata\Driver Whiz
2010-08-13 07:01:44 0 d-----w- c:\programdata\CyberLink
2010-08-12 07:51:16 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-08-12 07:35:07 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-08-12 07:35:07 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-08-12 07:35:07 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-08-12 07:35:07 0 d-----w- c:\program files\Symantec
2010-08-12 07:35:07 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-12 07:34:27 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-08-12 07:34:27 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-08-12 07:34:24 139264 ----a-w- c:\windows\system32\cabview.dll
2010-08-12 07:34:24 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-08-12 07:30:27 0 d-----w- c:\users\daddy\appdata\roaming\TouchGadget
2010-08-12 07:30:12 0 d-----w- c:\users\daddy\appdata\roaming\OEM
2010-08-12 07:28:18 0 d-----w- c:\program files (x86)\OEM
2010-08-12 07:28:13 0 d-----w- c:\program files\PB Accessory Store

==================== Find3M ====================

2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:20:40.49 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/08/2010 08:27:12
System Uptime: 16/08/2010 16:58:56 (5 hours ago)

Motherboard: Packard Bell | | ONETWO M3700
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU 1 | 2300/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 291 GiB total, 259.557 GiB free.
D: is FIXED (NTFS) - 291 GiB total, 290.439 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: MP110
Device ID: USB\VID_04A9&PID_1700&MI_00\6&896619C&0&0000
Manufacturer:
Name: MP110
PNP Device ID: USB\VID_04A9&PID_1700&MI_00\6&896619C&0&0000
Service:

==== System Restore Points ===================

RP1: 12/08/2010 08:34:27 - Windows Update
RP2: 13/08/2010 08:09:42 - Installed Driver Whiz.
RP3: 13/08/2010 08:29:37 - Installed Carambis Driver Updater.
RP4: 13/08/2010 08:34:24 - Removed Carambis Driver Updater.
RP5: 13/08/2010 12:17:02 - Windows Update
RP6: 14/08/2010 03:00:57 - Windows Update
RP7: 15/08/2010 06:30:51 - Windows Update
RP8: 16/08/2010 10:39:18 - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader 9.1 MUI
Advertising Center
Bejeweled 2 Deluxe
Blasterball 3
Bob the Builder Can-Do-Zoo
Build-a-lot 2
Chicken Invaders 3 - Revenge of the Yolk
Compatibility Pack for the 2007 Office system
CyberLink MediaShow
CyberLink Touch Browser
CyberLink YouCam
eBay Worldwide
Escape Rosecliff Island
Faerie Solitaire
FATE - The Traitor Soul
Google Toolbar for Internet Explorer
Google Update Helper
Hotkey Utility
Identity Card
ImagXpress
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
ITECIR
Jewel Quest
Jewel Quest Solitaire 3
JMicron Flash Media Controller Driver
Junk Mail filter update
Mahjongg Artifacts
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Internet Security
Norton Online Backup
Packard Bell Game Console
Packard Bell Games
Packard Bell InfoCentre
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Software Suite SE
Packard Bell Touch Suite
Packard Bell Updater
Penguins!
Polar Bowler
Polar Golfer
Polar Pool
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
TouchSettings
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Script Editor Help (KB963671)
Virtual Families
Virtual Villagers - A New Home
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahtzee
Zuma Deluxe

==== End Of File ===========================

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Tue Aug 17, 2010 1:09 am

btw would reformatting my computer make any difference? seeing as this computer is brand new and has nothing saved on it, it wouldn't be a problem.

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Tue Aug 17, 2010 1:13 am

Let run one scan and go from there.

Please download [You must be registered and logged in to see this link.] by Atribune.


  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.


Click Exit on the Main menu to close the program.


Next



Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Thu Aug 19, 2010 1:24 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4447

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/08/2010 01:46:57
mbam-log-2010-08-19 (01-46-57).txt

Scan type: Quick scan
Objects scanned: 132811
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
v

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Thu Aug 19, 2010 4:49 pm

Nothing shown with Malwarebytes. You other logs look good. Can you post the Norton log?

Kaspersky Online Scanner will show us more if this infection is present. You'll need to install Java for Kaspersky to work.

[You must be registered and logged in to see this link.]

Establish an internet connection & perform an online scan with Internet Explorer at [You must be registered and logged in to see this link.]

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Fri Aug 20, 2010 9:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 20, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 20, 2010 11:53:52
Records in database: 4129292
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 268742
Threats found: 13
Infected objects found: 41
Suspicious objects found: 4
Scan duration: 04:52:41


File name / Threat / Threats count
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF45691.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F78408D.xor Suspicious: Exploit.Win32.IMG-WMF 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D472618.xor Suspicious: Exploit.Win32.IMG-WMF 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D8041C7.DLL Infected: Trojan-Clicker.Win32.Small.mw 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39A35ABF.xor Suspicious: Exploit.Win32.IMG-WMF 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40723983.EXE Infected: IM-Worm.Win32.VB.at 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41353B84 Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56A01B2C.tmp Infected: Trojan-Downloader.Win32.Alphabet.h 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58A72EF1.zip Infected: Trojan-Downloader.Java.OpenConnection.ao 2
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58A72EF1.zip Infected: Trojan.Java.ClassLoader.au 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A690AF1 Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62AD3963.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\648D2D1F.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65CB2F44.dll Infected: Trojan-Clicker.Win32.Small.mw 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\663C7B78.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69304070 Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73B42CA5.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73E24972 Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\756C2FC9.exe Infected: Trojan-Downloader.Win32.Small.eqn 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\767F548C.xor Suspicious: Exploit.Win32.IMG-WMF 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D0714D3 Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6C5B8A.exe Infected: Trojan-Clicker.Win32.Small.mw 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D830171.exe Infected: Trojan-Clicker.Win32.Small.mw 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E335CAF.exe Infected: Trojan-Clicker.Win32.Small.mw 1
F:\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E742467.dll Infected: Trojan-Clicker.Win32.Small.mw 1
F:\Fuyuko\Application Data\Sun\Java\Deployment\cache\6.0\17\36afaa91-16ea9743 Infected: Exploit.Java.ByteVerify 1
F:\Fuyuko\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4cab1b3e-22157ad6.class Infected: Exploit.Java.ByteVerify 1
F:\Fuyuko\Local Settings\Temp\djvuxbgf.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\dtpbsenq.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\emafvpyd.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\ewkctjcq.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\fjrdvrrg.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\gdpgrjsh.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\gvaovvjk.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\jjnesckv.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\jyshmrkh.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\pkhubjdn.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\rkxnprjd.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\ugqogxqy.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\ulemqgse.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\Fuyuko\Local Settings\Temp\writjnmf.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
F:\play.exe Infected: Trojan.Win32.ZbotPatched.v 1
F:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
F:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

Selected area has been scanned.

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Fri Aug 20, 2010 9:12 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes

    :Services

    :Reg

    :Files
    F:\Fuyuko\Application Data\Sun\Java\Deployment\cache\6.0\17\36afaa91-16ea9743
    F:\Fuyuko\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4cab1b3e-22157ad6.class
    F:\Fuyuko\Local Settings\Temp\djvuxbgf.exe
    F:\Fuyuko\Local Settings\Temp\dtpbsenq.exe
    F:\Fuyuko\Local Settings\Temp\emafvpyd.exe
    F:\Fuyuko\Local Settings\Temp\ewkctjcq.exe
    F:\Fuyuko\Local Settings\Temp\fjrdvrrg.exe
    F:\Fuyuko\Local Settings\Temp\gdpgrjsh.exe
    F:\Fuyuko\Local Settings\Temp\gvaovvjk.exe
    F:\Fuyuko\Local Settings\Temp\jjnesckv.exe
    F:\Fuyuko\Local Settings\Temp\jyshmrkh.exe
    F:\Fuyuko\Local Settings\Temp\pkhubjdn.exe
    F:\Fuyuko\Local Settings\Temp\rkxnprjd.exe
    F:\Fuyuko\Local Settings\Temp\ugqogxqy.exe
    F:\Fuyuko\Local Settings\Temp\ulemqgse.exe
    F:\Fuyuko\Local Settings\Temp\writjnmf.exe
    F:\play.exe
    F:\Program Files\MSN Messenger\msimg32.dll
    F:\Program Files\MSN Messenger\riched20.dll
    ipconfig /flushdns /E


    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Fri Aug 20, 2010 9:48 pm

All processes killed
Error: Unable to interpret in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Daddy
->Temp folder emptied: 79979 bytes
->Temporary Internet Files folder emptied: 4696812 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.15.0 log created on 08202010_224604

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Fri Aug 20, 2010 9:50 pm

i dont think ive done this right... i did this twice. and the first log put the 'characters left' into minus numbers. =S is this right?

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Fri Aug 20, 2010 9:59 pm

No. It's all written for you. Copy and paste all of the contents in the Code box. To "Paste instructions for items to be Move."

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Kenny94 on Fri Aug 20, 2010 11:04 pm

Better yet. Look in c:\_OTM\MovedFiles and post the log on the first run

Kenny94
Tech Officer
Tech Officer

Status :
Online
Offline

Posts : 2019
Joined : 2010-04-22
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf on my Windows 7 operating system

Post by Fuyuko on Mon Aug 23, 2010 10:18 pm

hmm yeh thats the one that makes the character allowance thing go into like -60,000. i think i messed it up... =S btw could i just reformat the computer? its brand new and has nothing saved on it and I've already made back up discs, though that was when it had already conducted the viruses.. any thoughts?

Fuyuko
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-08-13
OS : Windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum