backdoor.tidserv virus

View previous topic View next topic Go down

Solved backdoor.tidserv virus

Post by jackied1014 on Fri Nov 28, 2008 5:23 pm

ok so I've looked at all the posts about this topic so i downloaded combofix.

But how do I know if this virus is gone or not?

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Fri Nov 28, 2008 5:27 pm

Please post the combofix log. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Fri Nov 28, 2008 5:40 pm

ComboFix 08-11-27.07 - Jackie 2008-11-28 12:33:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 05:42 . 2006-08-01 03:57 d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-28 05:42 . 2006-08-01 03:44 d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-28 05:42 . 2007-12-14 14:05 d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-28 05:42 . 2008-11-28 05:42 d-------- c:\documents and settings\Administrator
2008-11-28 03:54 . 2008-11-28 03:54 73 --a------ c:\windows\st_affiliate.ini
2008-11-28 03:48 . 2008-11-28 03:48 63 --a------ c:\windows\av_affiliate.ini
2008-11-28 03:48 . 2008-11-28 03:48 63 --a------ c:\windows\as_affiliate.ini
2008-11-28 03:47 . 2008-11-28 04:04 d-------- c:\program files\CyberDefender
2008-11-28 03:47 . 2008-11-28 03:46 67,424 --a------ c:\windows\system32\drivers\CDAVFS.sys
2008-11-28 03:02 . 2004-09-20 12:44 5,652 --a------ c:\windows\system32\drivers\bvrp_pci.sys
2008-11-28 01:54 . 2008-11-28 01:54 d-------- c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_
2008-11-11 23:32 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:32 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 15:00 . 2008-11-07 15:00 d-------- c:\documents and settings\Jackie\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 17:30 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-28 08:07 --------- d-----w c:\program files\Bonjour
2008-11-28 08:02 --------- d-----w c:\program files\Modem Helper
2008-11-28 06:44 --------- d-----w c:\documents and settings\Jackie\Application Data\LimeWire
2008-11-12 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 03:08 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-03 00:54 --------- d-----w c:\documents and settings\Jackie\Application Data\Image Zone Express
2008-10-27 01:34 --------- d-----w c:\program files\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 19:16 --------- d-----w c:\documents and settings\Jackie\Application Data\Printer Info Cache
2008-10-05 04:28 --------- d-----w c:\program files\iTunes
2008-10-05 04:28 --------- d-----w c:\program files\iPod
2008-10-05 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2006-09-05 20:08 1,663 ----a-w c:\windows\inf\COM9F.tmp
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 17:11:36 55,522 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 17:34:57 55,522 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-28 17:11:36 386,598 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 17:34:57 386,598 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2008-11-28 03:46 3958088 --a------ c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-05-23 1798656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\cdase0.exe" [2008-11-28 636232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\ISSIntro.exe" [2008-11-28 566600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-08-01 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberDefender\\AntiSpyware\\cdase0.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-11-28 67424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85ab3d5-ac2b-11dd-80bf-0015c5a88a3c}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85ab3d6-ac2b-11dd-80bf-0015c5a88a3c}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\185pty99.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-28 12:36:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-28 12:38:02
ComboFix-quarantined-files.txt 2008-11-28 17:37:11
ComboFix2.txt 2008-11-28 17:13:25

Pre-Run: 24,236,802,048 bytes free
Post-Run: 24,226,660,352 bytes free

168 --- E O F --- 2008-11-12 15:58:38

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Fri Nov 28, 2008 5:47 pm

Hello.
I don't see anything in that log that could cause a problem.

Where is Norton finding this?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Sat Nov 29, 2008 5:36 am

Sorry I don't remember posting that twice and I'm not really sure why I did. But I don't have Norton I just have symantec. I did do the combofix twice and the first time i did it it turned out a little differently the first time but i deleted one of the lines the first time and it hasn't shown up on the log since.

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Sat Nov 29, 2008 1:36 pm

Okay, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 2:51 am

Well when I type in certain websites or sections in my computer I get black area where I'm typing. Thats the only problem I seem to still have.

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Mon Dec 01, 2008 12:37 pm

Okay, we'll i'm going to attack what might be causing this.

Press Start > Control Panel > open "Add/remove programs"
Uninstall any Viewpoint by selecting it and pressing the "Remove" button on the right.

Now open a new notepad file.
Input this into the notepad file:

Driver::
Viewpoint Manager Service

File::
c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_
c:\windows\inf\COM9F.tmp

Folder::
c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_
c:\program files\Viewpoint


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 5:39 pm

ComboFix 08-11-30.02 - Jackie 2008-12-01 12:31:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.364 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_
c:\windows\inf\COM9F.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_
c:\documents and settings\Jackie\Application Data\s_6002_NXx8fHw1fHx8MTI0MDQ4MTI3MXw_\spl.ini
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\inf\COM9F.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-29 18:53 . 2008-11-29 18:53 d--hs---- c:\documents and settings\Jackie\PrivacIE
2008-11-29 18:39 . 2008-11-29 18:42 d--h-c--- c:\windows\ie8
2008-11-29 18:22 . 2008-11-29 18:21 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-28 05:42 . 2006-08-01 03:57 d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-11-28 05:42 . 2006-08-01 03:44 d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-28 05:42 . 2007-12-14 14:05 d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-28 05:42 . 2008-11-28 05:42 d-------- c:\documents and settings\Administrator
2008-11-28 03:54 . 2008-11-29 18:53 73 --a------ c:\windows\st_affiliate.ini
2008-11-28 03:48 . 2008-11-28 03:48 63 --a------ c:\windows\av_affiliate.ini
2008-11-28 03:48 . 2008-11-28 03:48 63 --a------ c:\windows\as_affiliate.ini
2008-11-28 03:47 . 2008-11-28 04:04 d-------- c:\program files\CyberDefender
2008-11-28 03:47 . 2008-11-28 03:46 67,424 --a------ c:\windows\system32\drivers\CDAVFS.sys
2008-11-28 03:02 . 2004-09-20 12:44 5,652 --a------ c:\windows\system32\drivers\bvrp_pci.sys
2008-11-11 23:32 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:32 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 15:00 . 2008-11-07 15:00 d-------- c:\documents and settings\Jackie\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:24 --------- d-----w c:\documents and settings\Jackie\Application Data\Viewpoint
2008-12-01 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-30 21:18 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-29 23:20 --------- d-----w c:\program files\Java
2008-11-28 23:10 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 08:02 --------- d-----w c:\program files\Modem Helper
2008-11-28 06:44 --------- d-----w c:\documents and settings\Jackie\Application Data\LimeWire
2008-11-12 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 03:08 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-03 00:54 --------- d-----w c:\documents and settings\Jackie\Application Data\Image Zone Express
2008-10-27 01:34 --------- d-----w c:\program files\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 19:16 --------- d-----w c:\documents and settings\Jackie\Application Data\Printer Info Cache
2008-10-05 04:28 --------- d-----w c:\program files\iTunes
2008-10-05 04:28 --------- d-----w c:\program files\iPod
2008-10-05 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 5:41 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-07 07:26:44 71,680 -c--a-w c:\windows\ie8\admparse.dll
+ 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\ie8\advpack.dll
+ 2008-04-14 00:11:51 35,328 -c--a-w c:\windows\ie8\corpol.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\ie8\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\ie8\dxtrans.dll
+ 2006-10-17 15:44:36 60,416 -c--a-w c:\windows\ie8\hmmapi.dll
+ 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\ie8\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\ie8\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\ie8\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\ie8\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\ie8\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w c:\windows\ie8\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\ie8\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\ie8\iedkcs32.dll
+ 2008-04-14 00:11:54 81,920 -c--a-w c:\windows\ie8\ieencode.dll
+ 2008-10-03 17:41:15 6,066,176 -c--a-w c:\windows\ie8\ieframe.dll
+ 2006-11-08 01:03:36 191,488 -c--a-w c:\windows\ie8\iepeers.dll
+ 2006-11-08 01:03:36 287,744 -c--a-w c:\windows\ie8\ieproxy.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\ie8\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c--a-w c:\windows\ie8\iertutil.dll
+ 2006-11-07 07:26:42 55,296 -c--a-w c:\windows\ie8\iesetup.dll
+ 2006-11-08 01:03:36 180,736 -c--a-w c:\windows\ie8\ieui.dll
+ 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\ie8\iexplore.exe
+ 2006-10-17 15:57:58 36,352 -c--a-w c:\windows\ie8\imgutil.dll
+ 2006-11-07 07:26:24 92,672 -c--a-w c:\windows\ie8\inseng.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\ie8\jscript.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\ie8\jsproxy.dll
+ 2006-10-17 16:05:10 40,960 -c--a-w c:\windows\ie8\licmgr10.dll
+ 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\ie8\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\ie8\msfeedsbs.dll
+ 2006-10-17 15:58:32 12,288 -c--a-w c:\windows\ie8\msfeedssync.exe
+ 2006-10-17 15:56:10 45,568 -c--a-w c:\windows\ie8\mshta.exe
+ 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\ie8\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\ie8\mshtmled.dll
+ 2006-10-17 15:28:56 48,128 -c--a-w c:\windows\ie8\mshtmler.dll
+ 2006-11-08 01:03:36 156,160 -c--a-w c:\windows\ie8\msls31.dll
+ 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\ie8\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\ie8\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\ie8\occache.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\ie8\pngfilt.dll
+ 2006-09-06 20:43:16 213,216 -c--a-w c:\windows\ie8\spuninst.exe
+ 2008-08-22 08:21:04 49,736 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
+ 2008-06-12 16:27:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
+ 2008-06-12 16:28:00 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\ie8\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\ie8\urlmon.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\ie8\vgx.dll
+ 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\ie8\webcheck.dll
+ 2006-10-17 16:05:58 206,336 -c--a-w c:\windows\ie8\winfxdocobj.exe
+ 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\ie8\wininet.dll
- 2006-11-07 07:26:44 71,680 ----a-w c:\windows\system32\admparse.dll
+ 2008-08-22 08:06:30 72,704 ----a-w c:\windows\system32\admparse.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-22 08:06:16 128,512 ----a-w c:\windows\system32\advpack.dll
- 2008-04-14 00:11:51 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2008-08-22 08:07:08 18,944 ----a-w c:\windows\system32\corpol.dll
- 2006-11-07 07:26:44 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2008-08-22 08:06:30 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-22 08:06:16 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-06-12 16:27:52 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2008-08-22 08:07:08 18,944 -c----w c:\windows\system32\dllcache\corpol.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-22 08:05:16 346,624 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-22 08:05:10 217,088 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 15:44:36 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-08-22 08:00:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-22 08:05:20 61,952 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-22 08:06:24 162,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-22 08:06:36 124,928 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-22 08:06:40 228,864 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-22 08:06:24 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-07-30 03:58:08 3,670,112 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-22 07:42:22 443,392 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-22 08:06:44 385,024 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-08-22 08:10:34 11,985,408 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2006-11-08 01:03:36 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-08-22 08:05:24 186,880 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-22 08:06:20 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-22 08:06:02 1,778,688 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2006-11-07 07:26:42 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2008-08-22 08:06:24 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-22 08:16:40 637,984 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2006-10-17 15:57:58 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2008-08-22 08:05:14 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2006-11-07 07:26:24 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-08-22 08:06:16 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-05-09 10:53:39 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2008-08-22 08:06:30 552,960 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-22 08:06:58 28,672 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-17 16:05:10 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2008-08-22 08:08:00 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-22 08:05:48 580,608 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-22 08:05:22 53,760 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-10-17 15:56:10 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2008-08-22 08:04:54 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-22 08:09:32 5,699,584 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-22 08:05:08 70,656 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 15:28:56 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2008-08-22 08:05:00 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2006-11-08 01:03:36 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2008-08-22 07:57:56 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-22 08:07:50 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-22 08:05:34 630,272 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-22 08:07:50 116,224 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-22 08:05:14 45,056 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 16:27:52 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-06-12 16:27:52 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-06-12 16:27:56 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-22 08:07:58 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-22 08:08:22 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-05-09 10:53:40 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2008-08-22 08:06:36 434,176 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-08-22 08:07:20 755,200 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-22 08:08:08 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-22 08:08:06 878,592 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-22 08:05:16 346,624 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-22 08:05:10 217,088 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-22 08:05:20 61,952 ----a-w c:\windows\system32\icardie.dll
- 2006-06-29 12:05:44 26,112 ------w c:\windows\system32\idndl.dll
+ 2008-06-12 16:27:42 26,112 ----a-w c:\windows\system32\idndl.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-22 08:06:24 162,304 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-22 08:06:36 124,928 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-22 08:06:40 228,864 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-22 08:06:24 163,840 ----a-w c:\windows\system32\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-07-30 03:58:08 3,670,112 ----a-w c:\windows\system32\ieapfltr.dat
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-22 07:42:22 443,392 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-22 08:06:44 385,024 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-08-22 08:10:34 11,985,408 ----a-w c:\windows\system32\ieframe.dll
- 2006-11-08 01:03:36 191,488 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-22 08:05:24 186,880 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-22 08:06:20 55,808 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-22 08:06:02 1,778,688 ----a-w c:\windows\system32\iertutil.dll
- 2006-11-07 07:26:42 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-08-22 08:06:24 71,680 ----a-w c:\windows\system32\iesetup.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-22 08:06:24 36,864 ----a-w c:\windows\system32\ieudinit.exe
- 2006-11-08 01:03:36 180,736 ------w c:\windows\system32\ieui.dll
+ 2008-08-22 07:58:12 181,760 ----a-w c:\windows\system32\ieui.dll
- 2006-10-17 15:57:58 36,352 ----a-w c:\windows\system32\imgutil.dll
+ 2008-08-22 08:05:14 35,840 ----a-w c:\windows\system32\imgutil.dll
- 2006-11-07 07:26:24 92,672 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-22 08:06:16 94,720 ----a-w c:\windows\system32\inseng.dll
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-29 23:21:47 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-29 23:21:48 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-29 23:21:48 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-08-22 08:06:30 552,960 ----a-w c:\windows\system32\jscript.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-22 08:06:58 28,672 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-17 16:05:10 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-08-22 08:08:00 43,008 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-08-05 22:55:38 265,720 ----a-w c:\windows\system32\msdbg2.dll
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 5:41 pm

+ 2008-08-22 08:05:48 580,608 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-22 08:05:22 53,760 ----a-w c:\windows\system32\msfeedsbs.dll
- 2006-10-17 15:58:32 12,288 ------w c:\windows\system32\msfeedssync.exe
+ 2008-08-22 08:05:22 13,312 ----a-w c:\windows\system32\msfeedssync.exe
- 2006-10-17 15:56:10 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2008-08-22 08:04:54 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-22 08:09:32 5,699,584 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-22 08:05:08 70,656 ----a-w c:\windows\system32\mshtmled.dll
- 2006-10-17 15:28:56 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2008-08-22 08:05:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2006-11-08 01:03:36 156,160 ----a-w c:\windows\system32\msls31.dll
+ 2008-08-22 07:57:56 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-22 08:07:50 193,536 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-22 08:05:34 630,272 ----a-w c:\windows\system32\mstime.dll
- 2006-06-28 21:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2008-06-12 16:27:44 24,576 ----a-w c:\windows\system32\nlsdl.dll
- 2006-06-29 12:05:44 23,552 ------w c:\windows\system32\normaliz.dll
+ 2008-06-12 16:27:42 23,552 ----a-w c:\windows\system32\normaliz.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-22 08:07:50 116,224 ----a-w c:\windows\system32\occache.dll
- 2008-11-28 17:11:36 55,522 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-30 21:22:27 55,522 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-28 17:11:36 386,598 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-30 21:22:27 386,598 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-22 08:05:14 45,056 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-22 08:05:00 48,640 ------w c:\windows\system32\PrivacIE.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-06-12 16:27:58 16,928 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 00:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-06-12 16:27:58 26,144 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-22 08:07:58 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-22 08:08:22 1,206,784 ----a-w c:\windows\system32\urlmon.dll
- 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
+ 2008-08-22 08:06:36 434,176 ----a-w c:\windows\system32\vbscript.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-22 08:08:08 236,544 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-17 16:05:58 206,336 ------w c:\windows\system32\WinFXDocObj.exe
+ 2008-08-22 08:08:22 208,384 ----a-w c:\windows\system32\WinFXDocObj.exe
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-22 08:08:06 878,592 ----a-w c:\windows\system32\wininet.dll
- 2008-04-14 00:12:11 121,856 ------w c:\windows\system32\xmllite.dll
+ 2008-06-12 16:28:02 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2008-11-30 21:18:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_190.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2008-11-28 03:46 3958088 --a------ c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\Jackie\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-11-28 3958088]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-05-23 1798656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\cdase0.exe" [2008-11-28 636232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\ISSIntro.exe" [2008-11-28 566600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-08-01 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberDefender\\AntiSpyware\\cdase0.exe"=

R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-11-28 67424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85ab3d5-ac2b-11dd-80bf-0015c5a88a3c}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85ab3d6-ac2b-11dd-80bf-0015c5a88a3c}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-01 12:34:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\igfxdev.dll
.
Completion time: 2008-12-01 12:35:35
ComboFix-quarantined-files.txt 2008-12-01 17:34:54
ComboFix2.txt 2008-11-29 05:09:54
ComboFix3.txt 2008-11-28 22:17:40
ComboFix4.txt 2008-11-28 17:38:03
ComboFix5.txt 2008-12-01 17:29:02

Pre-Run: 24,698,531,840 bytes free
Post-Run: 24,691,511,296 bytes free

476 --- E O F --- 2008-11-29 23:55:49

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Mon Dec 01, 2008 5:47 pm

Hello.
Looks good, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 10:11 pm

pretty much only the same problem I had before on certain websites when I type things in I have a black section while I am typing. I'm not really sure if this should be a concern or not?

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Mon Dec 01, 2008 10:24 pm

Hello.
Do you know where this folder came from?
c:\documents and settings\Jackie\PrivacIE

If not, delete it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Mon Dec 01, 2008 11:12 pm

I deleted that but the problem still seems to be there

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Belahzur on Mon Dec 01, 2008 11:13 pm

Okay, let me look around the net for an answer. Smile
I will be back shortly, and if not, probably tomorrow.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by jackied1014 on Tue Dec 02, 2008 6:03 am

Thanks for all your help Smile

jackied1014
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2008-11-28
OS : Windown XP

View user profile

Back to top Go down

Solved Re: backdoor.tidserv virus

Post by Doctor Inferno on Tue Dec 09, 2008 2:36 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum