Yet another Backdoor.Tidserv!inf from Norton

View previous topic View next topic Go down

Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Tue Dec 02, 2008 2:38 am

I have been having trouble with my computer with no help from norton. Norton keeps finding a Backdoor.Tidserv!inf as well as a trojan horse. The wonderful people on tech support for symantec told me to either renew my subscription, or do it myself. Thats what brings me here. My computer has been slowing down lately especially with internet use. Also i have been having trouble updating my virus definitions. I downloaded AVG to see if it was norton and i have been having the same troubles with the update for them as well. I also have an adware program that i use and i am having problems updating that as well.

Here is the HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:09 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1223546027\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AOL9~1.1\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\setup.exe
C:\Documents and Settings\John\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
bytes

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Tue Dec 02, 2008 2:39 am

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1223546027\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduma.exe] C:\WINDOWS\system32\kduma.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.] /HIDEBL
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2F48BB-C9B5-459D-B4DC-467E680C5CCD}: NameServer = 85.255.112.166;85.255.112.185
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17644

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Tue Dec 02, 2008 2:40 am

Here is the uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Aero SWF.max 1.5.845
Agere Systems PCI Soft Modem
AIM 6
AIM Search
AIM Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.0
Bonjour
CC_ccProxyExt
ccCommon
ccPxyCore
Click to DVD 2.0.02 Menu Data
Click to DVD 2.3.01
DirectX 9 Runtime
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Flick
DVgate Plus
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iTunes
J2SE Runtime Environment 5.0
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MoodLogic
Movielink eHome version 1.1
Mozilla Firefox (3.0.4)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
OpenAL
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
Pavtube DVD Copy version 1.1.1.35
PeerGuardian 2.0
PictureGear Studio 2.0
PowerISO
Quicken 2005
QuickTime
Razer Barracuda AC-1 Gaming Audio Card
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Ultimate
Roxio Creator 2009 Ultimate
Roxio Disaster Recovery
Roxio File Backup
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
SPBBC
SpySubtract
Symantec Script Blocking Installer
SymNet
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VAIO Control Center
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene HD Normal Contents
VAIO Registration
VAIO Structure Wallpaper
VAIO Survey Standalone
VAIO Update 2
Viewpoint Media Player
VLC media player 0.9.2
Welcome to VAIO life
Winamp
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Belahzur on Tue Dec 02, 2008 10:07 am

Hello.
There is a presence of malware, lets get rid of it. Smile


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduma.exe] C:\WINDOWS\system32\kduma.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2F48BB-C9B5-459D-B4DC-467E680C5CCD}: NameServer = 85.255.112.166;85.255.112.185


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file in bold:
C:\WINDOWS\system32\kduma.exe


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Tue Dec 02, 2008 4:01 pm

I followed the instructions and i was able to accomplish everything except one.

Delete this file in bold:
C:\WINDOWS\system32\kduma.exe

I could not locate this file. Was it deleted during the hijackthis?

Here is the combofix log
ComboFix 08-12-01.01 - John 2008-12-02 10:31:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.64 [GMT -5:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
C:\resycled\boot.com
C:\WINDOWS\jestertb.dll
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\kduma.exe
J:\Autorun.inf
J:\resycled
J:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 20:45 . 2008-12-01 21:24 d-------- C:\Program Files\NoAdware
2008-11-25 23:04 . 2008-11-25 23:04 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-11-25 23:04 . 2008-11-25 23:04 d-------- C:\Documents and Settings\John\Application Data\Roxio
2008-11-25 16:17 . 2008-11-25 16:17 d-------- C:\Documents and Settings\All Users\Application Data\Uninstall
2008-11-25 16:06 . 2008-08-01 01:00 25,584 --------- C:\WINDOWS\system32\drivers\SaibVd32.sys
2008-11-25 16:06 . 2008-08-01 01:00 20,464 --------- C:\WINDOWS\system32\drivers\SahdIa32.sys
2008-11-25 16:06 . 2008-08-01 01:00 15,856 --------- C:\WINDOWS\system32\drivers\SaibIa32.sys
2008-11-25 16:03 . 2008-11-25 16:03 d-------- C:\Program Files\Roxio
2008-11-25 16:02 . 2008-11-25 16:08 d-------- C:\Program Files\InterActual
2008-11-25 15:57 . 2008-11-25 15:57 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-25 15:46 . 2008-11-25 15:46 d-------- C:\Program Files\Windows Sidebar
2008-11-25 15:41 . 2008-11-25 15:56 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-11-25 15:40 . 2008-11-25 16:00 d-------- C:\Program Files\Common Files\Sonic Shared
2008-11-25 15:33 . 2008-11-25 16:11 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-11-25 15:31 . 2008-11-25 16:01 d-------- C:\Program Files\Roxio Creator 2009 Ultimate
2008-11-25 15:31 . 2008-11-25 15:49 d-------- C:\Program Files\Common Files\Roxio Shared
2008-11-25 15:31 . 2008-11-25 16:14 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-11-25 15:30 . 2008-11-25 15:30 d-------- C:\Program Files\SmartSound Software
2008-11-25 15:29 . 2008-11-25 15:29 d-------- C:\Program Files\MSXML 6.0
2008-11-25 15:28 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-11-25 00:47 . 2008-11-25 00:47 d-------- C:\WINDOWS\system32\XPSViewer
2008-11-25 00:46 . 2008-11-25 00:46 d-------- C:\Program Files\Reference Assemblies
2008-11-25 00:43 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-11-25 00:31 . 2008-11-25 00:31 d-------- C:\Program Files\DAEMON Tools Lite
2008-11-25 00:25 . 2008-11-25 00:25 d-------- C:\Documents and Settings\John\Application Data\DAEMON Tools
2008-11-25 00:11 . 2008-11-25 00:11 d-------- C:\Program Files\Undisker
2008-11-24 23:59 . 2008-11-24 23:59 d-------- C:\Program Files\PowerISO
2008-11-24 19:45 . 2008-11-25 19:36 d--h----- C:\$AVG8.VAULT$
2008-11-24 19:43 . 2008-11-24 19:43 d-------- C:\WINDOWS\system32\drivers\Avg
2008-11-24 19:43 . 2008-11-24 19:43 d-------- C:\Program Files\AVG
2008-11-24 19:43 . 2008-12-01 21:22 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-24 19:43 . 2008-11-24 19:43 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-11-24 19:43 . 2008-11-24 19:43 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-11-15 18:53 . 2008-11-15 18:53 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-11-12 13:42 . 2008-11-12 13:42 d-------- C:\Program Files\SWF.max
2008-11-12 13:42 . 2008-11-12 17:11 d-------- C:\Documents and Settings\John\Application Data\SWF.max
2008-11-12 03:05 . 2008-11-12 03:05 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-11-11 18:04 . 2008-09-04 12:15 1,106,944 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-11-11 18:04 . 2008-10-24 06:21 455,296 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 15:38 --------- d-----w C:\Program Files\DNA
2008-12-02 15:38 --------- d-----w C:\Documents and Settings\John\Application Data\DNA
2008-12-01 15:13 --------- d-----w C:\Program Files\Norton Internet Security
2008-12-01 05:55 --------- d-----w C:\Program Files\PeerGuardian2
2008-11-30 08:00 --------- d-----w C:\Documents and Settings\John\Application Data\BitTorrent
2008-11-30 07:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-11-29 08:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-11-25 21:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-25 05:47 --------- d-----w C:\Program Files\MSBuild
2008-11-25 05:25 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-11-12 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-11 01:15 --------- d-----w C:\Documents and Settings\John\Application Data\AOL
2008-10-28 22:47 --------- d-----w C:\Program Files\Pavtube
2008-10-28 22:47 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-10-28 21:14 --------- d-----w C:\Documents and Settings\John\Application Data\Pavtube
2008-10-27 23:20 --------- d-----w C:\Documents and Settings\John\Application Data\DVD Flick
2008-10-24 11:21 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-22 15:48 --------- d-----w C:\Program Files\AC3Filter
2008-10-22 15:43 --------- d-----w C:\Program Files\DivX
2008-10-22 15:31 --------- d-----w C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-10-22 14:26 --------- d-----w C:\Program Files\DVD Flick
2008-10-20 14:51 --------- d-----w C:\Documents and Settings\John\Application Data\FinalBurner Video DVD
2008-10-14 19:39 --------- d-----w C:\Documents and Settings\John\Application Data\InterVideo
2008-10-11 14:00 --------- d-----w C:\Program Files\AOL 9.1
2008-10-09 09:57 --------- d-----w C:\Documents and Settings\John\Application Data\Viewpoint
2008-10-09 09:56 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-09 09:56 --------- d-----w C:\Program Files\Common Files\AOL
2008-10-09 09:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 10:21 50472]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-11-11 20:14 342336]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Google Update"="C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 21:59 133104]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.1\AOL.EXE" [2008-06-03 00:35 50528]

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Tue Dec 02, 2008 4:01 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 07:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 10:15 344064]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 21:54 151552]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 10:42 58728]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 06:00 33648]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-09-04 22:57 100056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 19:12 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 16:40 289576]
"HostManager"="C:\Program Files\Common Files\AOL\1223546027\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-24 19:43 1234712]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 00:23 240112]
"CPMonitor"="C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2008-08-10 03:05 80368]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 14:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 17:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 20:44 2744832 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1223546027\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 SahdIa32;HDD Filter Driver;C:\WINDOWS\system32\Drivers\SahdIa32.sys [2008-11-25 16:06:46 20464]
R0 SaibIa32;Volume Filter Driver;C:\WINDOWS\system32\Drivers\SaibIa32.sys [2008-11-25 16:06:40 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-11-24 19:43:36 97928]
R1 SaibVd32;Virtual Disk Driver;C:\WINDOWS\system32\Drivers\SaibVd32.sys [2008-11-25 16:06:47 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-08-01 11:59:26 125424]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-24 19:43:20 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2008-08-25 21:12:01 24652]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;C:\WINDOWS\system32\drivers\cmudaxp.sys [2008-07-28 22:16:24 1395840]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;"C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe" [2008-08-14 00:25:24 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;"C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe" [2008-08-14 00:24:06 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;"C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe" [2008-08-14 00:24:02 170480]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-11-15 18:53:23 27904]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe" [2008-08-14 00:25:20 313840]
S3 RoxMediaDB11;RoxMediaDB11;"C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe" [2008-08-14 00:23:42 1124848]
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-02 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 21:59]

2008-11-29 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - John.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-19 11:54]

2008-07-28 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2008-07-28 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\sy4m9noo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - berniesinsiders.com
FF -: plugin - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Belahzur on Tue Dec 02, 2008 4:17 pm

Hello.
Press Start > Control Panel > open "Add/remove programs"
Allow the list to load, and uninstall the following by selecting each one and pressing the "Remove" button on the right.

NoAdware
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar


Delete these folders:
C:\Program Files\NoAdware
C:\Documents and Settings\John\Application Data\Viewpoint
C:\Program Files\Viewpoint

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Wed Dec 03, 2008 2:13 am

I checked everything out. Firefox is running faster, and i have been able to update my virus definitions. It seems like everything worked. The only thing is now my clock is in military time. Oh well...no more virus'.


Thanks for the help

john

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Belahzur on Wed Dec 03, 2008 2:15 am

Hello.
My clock runs in military time too, format was your clock set to? We may be able to change it back.

Also, did you receive a PM from Doctor Inferno?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Wed Dec 03, 2008 7:16 am

Yes i did get the PM and i think i got that worked out. I have the clock set for eastern standard time, but i am unable to locate the option to toggle it between military and standard time.

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Gamby1925 on Wed Dec 03, 2008 7:21 am

Also, do you have any suggestions on updates to patch any holes that might leave me susceptable to another infection?

Gamby1925
Novice
Novice

Posts Posts : 8
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29240
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Belahzur on Wed Dec 03, 2008 12:40 pm

Press Start > Run
Type this in:
intl.cpl
When it opens the settings box, re-select your region.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yet another Backdoor.Tidserv!inf from Norton

Post by Doctor Inferno on Wed Dec 17, 2008 2:00 pm

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum