W32.Tidserv plus other

View previous topic View next topic Go down

Solved W32.Tidserv plus other

Post by yaduraj on 26th December 2008, 4:26 am

I have an external Hard drive and everytime I acess it from my comuter(not auto run), it opens up a new window with my documents instead of displaying the contents of my external hard drive. At the same time Norton Internet Security 2009 informs me it has blocked a security risk "W32.Tidserv". This only happens to my external Harddrive and not my inbuilt one and I can acess it if I click its extention from the folder pane on the left side of my computer.
Other than that i havent been able to update Norton for 2 days, since the virus started acting up and Norton only scans like 7300 files in full system scan, while the usual is in millions, it does not even scan more in Safe Mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:26, on 26-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\mobsync.exe
C:\Users\Yadu\Desktop\Hijack(GP)This.exe
C:\Windows\system32\wbem\wmiprvse.exe

I'll post the rest of the log in another post, it says this one is too big!

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 26th December 2008, 4:27 am

Continuation of the Log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14814 bytes

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 26th December 2008, 12:40 pm

Hello.
Please plug in the external HD, then do this.
DO NOT unplug the external HD till I say so.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Combofix Log

Post by yaduraj on 27th December 2008, 1:04 pm

ComboFix 08-12-26.03 - Yadu 2008-12-27 18:11:03.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1800 [GMT 5.5:30]
Running from: c:\users\Yadu\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\Sys.exe
G:\Autorun.inf
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 09:48 . 2008-12-26 09:48 d-------- c:\windows\Sun
2008-12-26 09:04 . 2008-12-27 17:44 d-------- c:\program files\Norton Security Scan
2008-12-26 09:03 . 2008-12-26 09:04 244,848,842 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-12-25 23:34 . 2008-12-25 23:34 dr------- c:\program files\Norton Support
2008-12-25 21:52 . 2008-12-25 21:53 375,240,867 --a------ c:\windows\MEMORY.DMP
2008-12-25 21:46 . 2008-12-25 21:46 d-------- c:\program files\Microsoft Visual Studio 8
2008-12-24 15:14 . 2008-12-24 15:14 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-23 21:38 . 2008-12-23 21:38 d-------- c:\windows\EasyDecrypter v1.12
2008-12-23 21:37 . 2008-12-17 20:27 217 --a------ c:\windows\clean.vbs
2008-12-23 21:37 . 2008-12-17 20:28 28 --a------ c:\windows\clean2.bat
2008-12-23 21:34 . 2008-12-27 17:37 d-------- c:\users\All Users\Google Updater
2008-12-23 21:34 . 2008-12-27 17:37 d-------- c:\programdata\Google Updater
2008-12-23 21:34 . 2008-12-23 21:41 d-------- c:\program files\Google
2008-12-22 15:08 . 2008-05-27 10:29 106,605 --a------ c:\windows\System32\StructuredQuerySchema.bin
2008-12-22 15:08 . 2008-05-27 10:47 34,816 --a------ c:\windows\System32\msscb.dll
2008-12-22 15:08 . 2008-05-27 10:29 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.bin
2008-12-22 15:08 . 2008-05-27 10:47 11,776 --a------ c:\windows\System32\msshooks.dll
2008-12-22 14:49 . 2008-04-12 09:02 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-22 14:49 . 2008-09-18 10:26 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-12-22 14:49 . 2008-09-18 10:26 125,952 --a------ c:\windows\System32\wersvc.dll
2008-12-22 14:38 . 2008-12-22 14:38 d-------- c:\users\Yadu\AppData\Roaming\Windows Live Writer
2008-12-22 14:09 . 2008-12-22 14:09 d-------- C:\PerfLogs
2008-12-22 12:07 . 2008-01-19 13:08 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2008-12-22 12:06 . 2008-01-19 13:03 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-22 12:05 . 2008-01-19 13:05 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-22 12:04 . 2008-01-19 13:02 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-22 12:03 . 2008-01-19 11:36 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-22 12:02 . 2008-01-19 13:03 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-22 12:02 . 2008-01-05 17:01 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-22 12:02 . 2008-01-05 17:02 120,458 --a------ c:\windows\System32\secpol.msc
2008-12-22 12:02 . 2008-01-05 17:01 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-22 11:09 . 2008-01-19 13:06 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-22 11:09 . 2008-01-19 13:06 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-22 11:09 . 2008-01-19 13:06 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-22 11:09 . 2008-01-19 13:06 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-22 11:08 . 2008-01-19 13:04 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-22 11:08 . 2008-01-19 13:04 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-22 11:08 . 2008-01-19 13:04 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-22 11:08 . 2008-01-19 13:06 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-22 11:08 . 2008-01-19 13:03 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-22 11:08 . 2008-01-19 13:05 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-22 01:50 . 2008-12-22 01:50 d-------- c:\program files\Microsoft Silverlight
2008-12-22 01:50 . 2008-12-22 01:50 d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-22 01:49 . 2008-12-08 17:01 55,264 --a------ c:\windows\System32\drivers\fssfltr.sys
2008-12-22 01:48 . 2008-12-22 01:48 d-------- c:\program files\Microsoft Sync Framework
2008-12-22 01:45 . 2008-12-22 01:45 d-------- c:\program files\Windows Live SkyDrive
2008-12-18 19:11 . 2008-12-12 08:58 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-12-18 18:40 . 2008-10-02 07:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-18 06:59 . 2007-06-05 02:40 132,880 --a------ c:\windows\System32\MSINET.OCX
2008-12-18 06:59 . 2005-06-07 00:01 108,336 --a------ c:\windows\System32\Mswinsck.ocx
2008-12-18 06:59 . 2008-01-31 16:45 102,400 --a------ c:\windows\System32\DinkITXPUIMenus.ocx
2008-12-18 06:59 . 2003-04-05 22:49 65,536 --a------ c:\windows\System32\EnhSliderOcx.ocx
2008-12-18 06:59 . 2008-02-04 09:25 64,000 --a------ c:\windows\System32\wiaaut.oca
2008-12-17 12:27 . 2008-12-17 12:27 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-17 12:27 . 2008-12-17 12:27 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-17 12:27 . 2008-12-17 12:27 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-17 12:26 . 2008-12-22 00:07 d-------- c:\windows\System32\drivers\NIS
2008-12-17 12:26 . 2008-12-17 12:26 d-------- c:\program files\Norton Internet Security
2008-12-17 12:20 . 2008-12-17 12:20 d-------- c:\users\All Users\PCSettings
2008-12-17 12:20 . 2008-12-17 12:27 d-------- c:\users\All Users\Norton
2008-12-17 12:20 . 2008-12-17 12:20 d-------- c:\programdata\PCSettings
2008-12-17 12:20 . 2008-12-17 12:27 d-------- c:\programdata\Norton
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\users\All Users\NortonInstaller
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\programdata\NortonInstaller
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\program files\NortonInstaller
2008-12-17 10:47 . 2008-12-17 10:47 d-------- c:\users\Yadu\.jagex_cache_32
2008-12-15 19:09 . 2008-12-15 19:37 d-------- c:\users\Yadu\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-12-13 16:03 . 2008-12-23 22:43 d-------- C:\.jagex_cache_32
2008-12-13 16:03 . 2008-12-27 18:07 31 --a------ c:\users\Yadu\jagex_runescape_preferences.dat
2008-12-12 20:13 . 2008-12-12 20:13 269,312 --a------ c:\windows\System32\es.dll
2008-12-12 20:11 . 2008-12-12 20:11 988,216 --a------ c:\windows\System32\winload.exe
2008-12-12 20:11 . 2008-12-12 20:11 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-12 20:11 . 2008-12-12 20:11 615,992 --a------ c:\windows\System32\ci.dll
2008-12-12 20:11 . 2008-12-12 20:11 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-12 20:11 . 2008-12-12 20:11 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-12 20:11 . 2008-12-12 20:11 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-12 20:11 . 2008-12-12 20:11 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-12 20:11 . 2008-12-12 20:11 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-12 20:11 . 2008-12-12 20:11 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-12 20:11 . 2008-12-12 20:11 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-12 20:07 . 2008-12-12 20:07 d-------- c:\windows\SQL9_KB954606_ENU
2008-12-12 00:25 . 2008-12-12 00:25 d-------- c:\program files\BitLocker
2008-12-11 23:44 . 2008-12-24 09:01 d-------- c:\users\Yadu\AppData\Roaming\Corel
2008-12-11 22:35 . 2008-12-11 22:35 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-11 22:34 . 2008-12-11 22:34 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-11 22:34 . 2008-12-11 22:34 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-11 22:34 . 2008-12-11 22:34 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-11 22:33 . 2008-12-11 22:33 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-11 22:33 . 2008-12-11 22:33 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-11 22:33 . 2008-12-11 22:33 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-11 22:33 . 2008-12-11 22:33 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-11 22:33 . 2008-12-11 22:33 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-11 22:33 . 2008-12-11 22:33 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-11 22:33 . 2008-12-11 22:33 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-11 22:29 . 2008-12-11 22:29 233,888 --a------ c:\windows\System32\DreamScene.dll
2008-12-11 22:26 . 2008-12-11 22:26 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-11 22:26 . 2008-12-11 22:26 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-11 22:26 . 2008-12-11 22:26 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-11 22:25 . 2008-12-11 22:25 1,171,848 --a------ c:\windows\System32\SecureKeyBackupCPL.dll
2008-12-11 22:25 . 2008-12-11 22:25 711 --a------ c:\windows\System32\CPSOKBTasks.xml
2008-12-11 22:24 . 2008-12-11 22:24 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-12-11 22:19 . 2008-12-11 22:19 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-11 18:40 . 2008-12-11 18:40 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-11 18:40 . 2008-12-11 18:40 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-11 18:40 . 2008-12-11 18:40 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-11 18:40 . 2008-12-11 18:40 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-11 18:37 . 2008-12-11 18:37 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 18:35 . 2008-12-11 18:35 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-11 18:33 . 2008-12-11 18:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 18:32 . 2008-12-11 18:32 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 18:32 . 2008-12-11 18:32 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-11 18:32 . 2008-12-11 18:32 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-11 18:31 . 2008-12-11 18:31 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-11 18:30 . 2008-12-11 18:30 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-11 18:30 . 2008-12-11 18:30 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-11 18:20 . 2008-12-11 18:20 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 18:16 . 2008-12-11 18:16 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 18:13 . 2008-12-11 18:13 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 18:08 . 2008-12-11 18:08 9,847,296 --a------ c:\windows\System32\NlsData000a.dll
2008-12-11 18:06 . 2008-12-11 18:06 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-11 18:06 . 2008-12-11 18:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-11 18:06 . 2008-12-11 18:06 37,888 --a------ c:\windows\System32\printcom.dll
2008-12-11 18:05 . 2008-12-11 18:05 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-12-11 18:05 . 2008-12-11 18:05 14,848 --a------ c:\windows\System32\wshrm.dll
2008-12-11 18:04 . 2008-12-11 18:04 2,868,736 --a------ c:\windows\System32\mf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 16:21 --------- d-----w c:\program files\MSBuild
2008-12-22 18:22 --------- d-----w c:\program files\Microsoft Games
2008-12-22 08:51 174 --sha-w c:\program files\desktop.ini
2008-12-22 08:42 --------- d-----w c:\program files\Windows Sidebar
2008-12-22 08:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-22 08:42 --------- d-----w c:\program files\Windows Mail
2008-12-22 08:42 --------- d-----w c:\program files\Windows Journal
2008-12-22 08:42 --------- d-----w c:\program files\Windows Defender
2008-12-22 08:42 --------- d-----w c:\program files\Windows Collaboration
2008-12-22 08:42 --------- d-----w c:\program files\Windows Calendar
2008-12-22 08:05 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-22 08:05 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-12 14:31 --------- d-----w c:\programdata\Sony Corporation
2008-12-11 13:03 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-11 13:02 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-11 13:02 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-11 13:02 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-11 13:02 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-11 13:02 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-11 12:38 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-12-11 08:56 --------- d-----w c:\program files\Common Files\Adobe
2008-12-09 18:42 --------- d-----w c:\program files\Common Files\Sony Shared
2008-12-09 18:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-09 18:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 18:14 --------- d-----w c:\program files\Sony
2008-12-09 15:23 --------- d-----w c:\program files\Java
2008-12-09 05:48 --------- d-sh--w c:\programdata\Templates
2008-12-09 05:48 --------- d-sh--w c:\programdata\Start Menu
2008-12-09 05:48 --------- d-sh--w c:\programdata\Favorites
2008-12-09 05:48 --------- d-sh--w c:\programdata\Documents
2008-12-09 05:48 --------- d-sh--w c:\programdata\Desktop
2008-12-09 05:48 --------- d-sh--w c:\programdata\Application Data
2008-09-30 11:13 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Continuation of Combofix Log

Post by yaduraj on 27th December 2008, 1:05 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Google Update"="c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-27 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 07:56 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-03-29 22:14 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 15:36 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-06-08 18:05 118784 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2008-12-08 17:01 453984 c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-22 22:26 133104 c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2007-06-12 06:57 317560 c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-11 12:27 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-09 20:54 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 2007-06-22 05:24 53248 c:\program files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2007-07-21 05:00 577536 c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
--a------ 2007-07-13 00:01 45056 c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1C552AE-E639-457C-8A19-9499776DC8EA}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{9BD409C5-CFD0-4FE2-B99B-6815D014530D}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{EC468A3A-2A02-4FB9-B922-C863645B62BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7EBA8348-8516-4ED2-A7AA-9E6BE19410CE}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{AB4353A2-AB04-4A13-ABF1-A39BCF687E24}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{7A056D30-A8A9-43D1-9652-6E40BEFD9211}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{3D3A2928-712C-48A8-B523-7F90056A247A}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{85ED4E60-7B71-49DB-85AD-544BC1E278DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{50DF0DB8-9CBD-452A-B8AC-B494BAD66EE1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46B0A3FE-708D-4033-A3F8-4E068D174012}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{07C27E3E-1EB1-41E3-83D3-A05418BE484A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A437075B-F89B-458C-ABB1-D812DDF25AB1}"= UDP:3703:Adobe Version Cue CS3 Server
"{60CA4317-96DC-4A94-AD6D-CCADE5E14F92}"= UDP:3704:Adobe Version Cue CS3 Server
"{7547C290-378A-49E2-854F-D20D937D0B44}"= UDP:50900:Adobe Version Cue CS3 Server
"{E1938A5D-4475-40C8-A451-16FC691147A6}"= UDP:50901:Adobe Version Cue CS3 Server
"{025118EF-2D25-4B51-B025-6A1BC84D9D75}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{31D965C1-38BD-45FB-BFD1-AA1C5B45CC93}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{98CA6F7D-3234-45F5-8E65-75C66E708076}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{6DA656B7-E77F-4F4E-94BF-97610BEA817C}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{5E5EBA5C-022C-4BC3-900B-843D1F7A9574}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-18 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSvix86.sys [2008-12-22 289840]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-22 55264]
R2 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-12-08 533344]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 SeaPort;SeaPort;"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [2008-12-04 226640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-18 99376]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-08-02 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-08-02 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-08-02 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-18 40496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-08-02 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-08-02 28464]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-09 12032]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-08-05 29184016]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2008-12-09 14592]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-08-02 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-08-02 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com i:
\shell\Open\command - g:\resycled\boot.com i:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaf569ed-c625-11dd-9273-001a80490391}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com i:
\shell\Open\command - g:\resycled\boot.com i:

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 21:34]

2008-12-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 22:26]

2008-12-26 c:\windows\Tasks\Norton Security Scan for Yadu.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-27 18:14:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-12-27 18:33:23
ComboFix-quarantined-files.txt 2008-12-27 13:03:21

Pre-Run: 72,547,004,416 bytes free
Post-Run: 72,124,297,216 bytes free

337 --- E O F --- 2008-12-23 05:06:08

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 27th December 2008, 1:24 pm

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\clean.vbs
c:\windows\clean2.bat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaf569ed-c625-11dd-9273-001a80490391}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Log (Part1)

Post by yaduraj on 27th December 2008, 2:46 pm

ComboFix 08-12-26.03 - Yadu 2008-12-27 20:08:28.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1999 [GMT 5.5:30]
Running from: c:\users\Yadu\Desktop\ComboFix.exe
Command switches used :: c:\users\Yadu\Desktop\CFscript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
c:\windows\clean.vbs
c:\windows\clean2.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\clean.vbs
c:\windows\clean2.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 09:48 . 2008-12-26 09:48 d-------- c:\windows\Sun
2008-12-26 09:04 . 2008-12-27 17:44 d-------- c:\program files\Norton Security Scan
2008-12-26 09:03 . 2008-12-26 09:04 244,848,842 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-12-25 23:34 . 2008-12-25 23:34 dr------- c:\program files\Norton Support
2008-12-25 21:52 . 2008-12-25 21:53 375,240,867 --a------ c:\windows\MEMORY.DMP
2008-12-25 21:46 . 2008-12-25 21:46 d-------- c:\program files\Microsoft Visual Studio 8
2008-12-24 15:14 . 2008-12-24 15:14 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-23 21:38 . 2008-12-23 21:38 d-------- c:\windows\EasyDecrypter v1.12
2008-12-23 21:34 . 2008-12-27 17:37 d-------- c:\users\All Users\Google Updater
2008-12-23 21:34 . 2008-12-27 17:37 d-------- c:\programdata\Google Updater
2008-12-23 21:34 . 2008-12-23 21:41 d-------- c:\program files\Google
2008-12-22 15:08 . 2008-05-27 10:29 106,605 --a------ c:\windows\System32\StructuredQuerySchema.bin
2008-12-22 15:08 . 2008-05-27 10:47 34,816 --a------ c:\windows\System32\msscb.dll
2008-12-22 15:08 . 2008-05-27 10:29 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.bin
2008-12-22 15:08 . 2008-05-27 10:47 11,776 --a------ c:\windows\System32\msshooks.dll
2008-12-22 14:49 . 2008-04-12 09:02 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-22 14:49 . 2008-09-18 10:26 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-12-22 14:49 . 2008-09-18 10:26 125,952 --a------ c:\windows\System32\wersvc.dll
2008-12-22 14:38 . 2008-12-22 14:38 d-------- c:\users\Yadu\AppData\Roaming\Windows Live Writer
2008-12-22 14:09 . 2008-12-22 14:09 d-------- C:\PerfLogs
2008-12-22 12:07 . 2008-01-19 13:08 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2008-12-22 12:06 . 2008-01-19 13:03 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-12-22 12:05 . 2008-01-19 13:05 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-12-22 12:04 . 2008-01-19 13:02 5,714,432 --a------ c:\windows\System32\logon.scr
2008-12-22 12:03 . 2008-01-19 11:36 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-12-22 12:02 . 2008-01-19 13:03 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-12-22 12:02 . 2008-01-05 17:01 145,455 --a------ c:\windows\System32\perfmon.msc
2008-12-22 12:02 . 2008-01-05 17:02 120,458 --a------ c:\windows\System32\secpol.msc
2008-12-22 12:02 . 2008-01-05 17:01 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-22 11:09 . 2008-01-19 13:06 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-12-22 11:09 . 2008-01-19 13:06 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-12-22 11:09 . 2008-01-19 13:06 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-12-22 11:09 . 2008-01-19 13:06 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-12-22 11:08 . 2008-01-19 13:04 305,152 --a------ c:\windows\System32\msdelta.dll
2008-12-22 11:08 . 2008-01-19 13:04 258,560 --a------ c:\windows\System32\dpx.dll
2008-12-22 11:08 . 2008-01-19 13:04 246,784 --a------ c:\windows\System32\drvstore.dll
2008-12-22 11:08 . 2008-01-19 13:06 218,624 --a------ c:\windows\System32\wdscore.dll
2008-12-22 11:08 . 2008-01-19 13:03 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-12-22 11:08 . 2008-01-19 13:05 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-12-22 01:50 . 2008-12-22 01:50 d-------- c:\program files\Microsoft Silverlight
2008-12-22 01:50 . 2008-12-22 01:50 d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-22 01:49 . 2008-12-08 17:01 55,264 --a------ c:\windows\System32\drivers\fssfltr.sys
2008-12-22 01:48 . 2008-12-22 01:48 d-------- c:\program files\Microsoft Sync Framework
2008-12-22 01:45 . 2008-12-22 01:45 d-------- c:\program files\Windows Live SkyDrive
2008-12-18 19:11 . 2008-12-12 08:58 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-12-18 18:40 . 2008-10-02 07:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-18 06:59 . 2007-06-05 02:40 132,880 --a------ c:\windows\System32\MSINET.OCX
2008-12-18 06:59 . 2005-06-07 00:01 108,336 --a------ c:\windows\System32\Mswinsck.ocx
2008-12-18 06:59 . 2008-01-31 16:45 102,400 --a------ c:\windows\System32\DinkITXPUIMenus.ocx
2008-12-18 06:59 . 2003-04-05 22:49 65,536 --a------ c:\windows\System32\EnhSliderOcx.ocx
2008-12-18 06:59 . 2008-02-04 09:25 64,000 --a------ c:\windows\System32\wiaaut.oca
2008-12-17 12:27 . 2008-12-17 12:27 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-17 12:27 . 2008-12-17 12:27 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-17 12:27 . 2008-12-17 12:27 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-17 12:26 . 2008-12-22 00:07 d-------- c:\windows\System32\drivers\NIS
2008-12-17 12:26 . 2008-12-17 12:26 d-------- c:\program files\Norton Internet Security
2008-12-17 12:20 . 2008-12-17 12:20 d-------- c:\users\All Users\PCSettings
2008-12-17 12:20 . 2008-12-17 12:27 d-------- c:\users\All Users\Norton
2008-12-17 12:20 . 2008-12-17 12:20 d-------- c:\programdata\PCSettings
2008-12-17 12:20 . 2008-12-17 12:27 d-------- c:\programdata\Norton
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\users\All Users\NortonInstaller
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\programdata\NortonInstaller
2008-12-17 11:51 . 2008-12-17 11:51 d-------- c:\program files\NortonInstaller
2008-12-17 10:47 . 2008-12-17 10:47 d-------- c:\users\Yadu\.jagex_cache_32
2008-12-15 19:09 . 2008-12-15 19:37 d-------- c:\users\Yadu\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2008-12-13 16:03 . 2008-12-23 22:43 d-------- C:\.jagex_cache_32
2008-12-13 16:03 . 2008-12-27 20:05 31 --a------ c:\users\Yadu\jagex_runescape_preferences.dat
2008-12-12 20:13 . 2008-12-12 20:13 269,312 --a------ c:\windows\System32\es.dll
2008-12-12 20:11 . 2008-12-12 20:11 988,216 --a------ c:\windows\System32\winload.exe
2008-12-12 20:11 . 2008-12-12 20:11 927,288 --a------ c:\windows\System32\winresume.exe
2008-12-12 20:11 . 2008-12-12 20:11 615,992 --a------ c:\windows\System32\ci.dll
2008-12-12 20:11 . 2008-12-12 20:11 378,368 --a------ c:\windows\System32\srcore.dll
2008-12-12 20:11 . 2008-12-12 20:11 318,464 --a------ c:\windows\System32\rstrui.exe
2008-12-12 20:11 . 2008-12-12 20:11 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-12-12 20:11 . 2008-12-12 20:11 40,960 --a------ c:\windows\System32\srclient.dll
2008-12-12 20:11 . 2008-12-12 20:11 19,000 --a------ c:\windows\System32\kd1394.dll
2008-12-12 20:11 . 2008-12-12 20:11 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-12-12 20:11 . 2008-12-12 20:11 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-12-12 20:07 . 2008-12-12 20:07 d-------- c:\windows\SQL9_KB954606_ENU
2008-12-12 00:25 . 2008-12-12 00:25 d-------- c:\program files\BitLocker
2008-12-11 23:44 . 2008-12-24 09:01 d-------- c:\users\Yadu\AppData\Roaming\Corel
2008-12-11 22:35 . 2008-12-11 22:35 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-12-11 22:34 . 2008-12-11 22:34 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-11 22:34 . 2008-12-11 22:34 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-11 22:34 . 2008-12-11 22:34 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-11 22:33 . 2008-12-11 22:33 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-11 22:33 . 2008-12-11 22:33 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-11 22:33 . 2008-12-11 22:33 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-11 22:33 . 2008-12-11 22:33 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-11 22:33 . 2008-12-11 22:33 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-11 22:33 . 2008-12-11 22:33 69,632 --a------ c:\windows\System32\Mpeg2Data.ax
2008-12-11 22:33 . 2008-12-11 22:33 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-11 22:29 . 2008-12-11 22:29 233,888 --a------ c:\windows\System32\DreamScene.dll
2008-12-11 22:26 . 2008-12-11 22:26 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-11 22:26 . 2008-12-11 22:26 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-11 22:26 . 2008-12-11 22:26 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-11 22:25 . 2008-12-11 22:25 1,171,848 --a------ c:\windows\System32\SecureKeyBackupCPL.dll
2008-12-11 22:25 . 2008-12-11 22:25 711 --a------ c:\windows\System32\CPSOKBTasks.xml
2008-12-11 22:24 . 2008-12-11 22:24 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-12-11 22:19 . 2008-12-11 22:19 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-11 18:40 . 2008-12-11 18:40 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-11 18:40 . 2008-12-11 18:40 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-11 18:40 . 2008-12-11 18:40 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-11 18:40 . 2008-12-11 18:40 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-11 18:37 . 2008-12-11 18:37 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 18:35 . 2008-12-11 18:35 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-11 18:33 . 2008-12-11 18:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 18:32 . 2008-12-11 18:32 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 18:32 . 2008-12-11 18:32 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-11 18:32 . 2008-12-11 18:32 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-11 18:31 . 2008-12-11 18:31 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-11 18:30 . 2008-12-11 18:30 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-11 18:30 . 2008-12-11 18:30 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-11 18:20 . 2008-12-11 18:20 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 18:16 . 2008-12-11 18:16 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 18:13 . 2008-12-11 18:13 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 18:08 . 2008-12-11 18:08 9,847,296 --a------ c:\windows\System32\NlsData000a.dll
2008-12-11 18:06 . 2008-12-11 18:06 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-11 18:06 . 2008-12-11 18:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-11 18:06 . 2008-12-11 18:06 37,888 --a------ c:\windows\System32\printcom.dll
2008-12-11 18:05 . 2008-12-11 18:05 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-12-11 18:05 . 2008-12-11 18:05 14,848 --a------ c:\windows\System32\wshrm.dll
2008-12-11 18:04 . 2008-12-11 18:04 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 18:04 . 2008-12-11 18:04 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 18:04 . 2008-12-11 18:04 98,816 --a------ c:\windows\System32\mfps.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 16:21 --------- d-----w c:\program files\MSBuild
2008-12-22 18:22 --------- d-----w c:\program files\Microsoft Games
2008-12-22 08:51 174 --sha-w c:\program files\desktop.ini
2008-12-22 08:42 --------- d-----w c:\program files\Windows Sidebar
2008-12-22 08:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-22 08:42 --------- d-----w c:\program files\Windows Mail
2008-12-22 08:42 --------- d-----w c:\program files\Windows Journal
2008-12-22 08:42 --------- d-----w c:\program files\Windows Defender
2008-12-22 08:42 --------- d-----w c:\program files\Windows Collaboration
2008-12-22 08:42 --------- d-----w c:\program files\Windows Calendar
2008-12-22 08:05 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-22 08:05 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-12 14:31 --------- d-----w c:\programdata\Sony Corporation
2008-12-11 13:03 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-11 13:02 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-11 13:02 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-11 13:02 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-11 13:02 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-11 13:02 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-11 12:38 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-12-11 08:56 --------- d-----w c:\program files\Common Files\Adobe
2008-12-09 18:42 --------- d-----w c:\program files\Common Files\Sony Shared
2008-12-09 18:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-09 18:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 18:14 --------- d-----w c:\program files\Sony
2008-12-09 15:23 --------- d-----w c:\program files\Java
2008-12-09 05:48 --------- d-sh--w c:\programdata\Templates
2008-12-09 05:48 --------- d-sh--w c:\programdata\Start Menu
2008-12-09 05:48 --------- d-sh--w c:\programdata\Favorites
2008-12-09 05:48 --------- d-sh--w c:\programdata\Documents
2008-12-09 05:48 --------- d-sh--w c:\programdata\Desktop
2008-12-09 05:48 --------- d-sh--w c:\programdata\Application Data
2008-09-30 11:13 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Log (Part2)

Post by yaduraj on 27th December 2008, 2:46 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-27 12:06:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-27 12:06:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-27 12:06:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 12:06:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 12:06:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-27 12:06:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Google Update"="c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-27 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 07:56 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-03-29 22:14 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 15:36 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-06-08 18:05 118784 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2008-12-08 17:01 453984 c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-22 22:26 133104 c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2007-06-12 06:57 317560 c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-11 12:27 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-09 20:54 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 2007-06-22 05:24 53248 c:\program files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2007-07-21 05:00 577536 c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
--a------ 2007-07-13 00:01 45056 c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1C552AE-E639-457C-8A19-9499776DC8EA}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{9BD409C5-CFD0-4FE2-B99B-6815D014530D}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{EC468A3A-2A02-4FB9-B922-C863645B62BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7EBA8348-8516-4ED2-A7AA-9E6BE19410CE}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{AB4353A2-AB04-4A13-ABF1-A39BCF687E24}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{7A056D30-A8A9-43D1-9652-6E40BEFD9211}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{3D3A2928-712C-48A8-B523-7F90056A247A}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{85ED4E60-7B71-49DB-85AD-544BC1E278DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{50DF0DB8-9CBD-452A-B8AC-B494BAD66EE1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46B0A3FE-708D-4033-A3F8-4E068D174012}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{07C27E3E-1EB1-41E3-83D3-A05418BE484A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A437075B-F89B-458C-ABB1-D812DDF25AB1}"= UDP:3703:Adobe Version Cue CS3 Server
"{60CA4317-96DC-4A94-AD6D-CCADE5E14F92}"= UDP:3704:Adobe Version Cue CS3 Server
"{7547C290-378A-49E2-854F-D20D937D0B44}"= UDP:50900:Adobe Version Cue CS3 Server
"{E1938A5D-4475-40C8-A451-16FC691147A6}"= UDP:50901:Adobe Version Cue CS3 Server
"{025118EF-2D25-4B51-B025-6A1BC84D9D75}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{31D965C1-38BD-45FB-BFD1-AA1C5B45CC93}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{98CA6F7D-3234-45F5-8E65-75C66E708076}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{6DA656B7-E77F-4F4E-94BF-97610BEA817C}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{5E5EBA5C-022C-4BC3-900B-843D1F7A9574}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-18 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSvix86.sys [2008-12-22 289840]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-22 55264]
R2 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-12-08 533344]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 SeaPort;SeaPort;"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [2008-12-04 226640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-18 99376]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-08-02 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-08-02 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-08-02 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\NIS\1002000.007\SYMNDISV.SYS [2008-12-18 40496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-08-02 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-08-02 28464]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-09 12032]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-08-05 29184016]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\Drivers\usbicp.sys [2008-12-09 14592]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-08-02 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-08-02 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 21:34]

2008-12-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 22:26]

2008-12-26 c:\windows\Tasks\Norton Security Scan for Yadu.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-27 20:10:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-12-27 20:14:19
ComboFix-quarantined-files.txt 2008-12-27 14:44:17
ComboFix2.txt 2008-12-27 13:03:24

Pre-Run: 71,779,946,496 bytes free
Post-Run: 71,736,123,392 bytes free

338 --- E O F --- 2008-12-23 05:06:08

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 27th December 2008, 2:51 pm

Hello.
Missed something.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 27th December 2008, 2:57 pm

The external Harddrive working fine now! Thanks alot!
My Norton still doesnt seem to be scanning more than 8000 files and is still not updating. Could you help me with that?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 27th December 2008, 3:29 pm

Try this.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000000
    "InternetSettingsDisableNotify"=dword:00000000
    "AutoUpdateDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"=dword:00000001

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


If the Vista UAC or Norton script blocking warns you about a registry change, please allow it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 27th December 2008, 4:50 pm

I ended up chatting with a Norton Security Personel, while following the norton steps for fixing live update. He said they were doing something because of which live update won't run for 24 to 48 hours. then hopefully it will get fixed.
Thanks a lot for your help!

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 27th December 2008, 4:55 pm

Haha.
One more reason why I would avoid Norton.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 28th December 2008, 7:57 am

What antivirus would you advise?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 28th December 2008, 1:27 pm

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 30th December 2008, 5:55 am

I just had another problem! I realised my windows update won't work. Just like Norton Live update won't work either. Any advice?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 30th December 2008, 2:14 pm

Hello.
Please read here and post a Hijack This log.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 1st January 2009, 2:15 pm

Live update fixed itself! Sorry for not posting log last time.

I just wanted to know which antivirus would you reccomend avast! or Norton IS 2009. I already have norton subscription.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 1st January 2009, 2:24 pm

Good.
By my personal opinion, I would choose avast!, it's lighter on the system than Norton is, but Norton is paid for.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 1st January 2009, 2:44 pm

But does avast! give all the security features, like firewall, antispyware, etc?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 1st January 2009, 2:45 pm

No, avast is just an anti-virus.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 4:48 pm

Nothing is updating! I installed norton IS 2008, 2009, Windows update, AVG free antivirus. All normal websites etc are working. Its only when an updater tries to connect to a server or website it fails. My Hijackthis log is blelow.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:34, on 03-01-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Yadu\Desktop\Geek Police\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11760 bytes

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 4:57 pm

Hello.
I'm not sure if this is new, or I missed it.

Please upload this file below:
C:\Windows\system32\msconfig.exe
To here for a scan.
[You must be registered and logged in to see this link.]
Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:04 pm

Scan taken on 03 Jan 2009 17:00:58 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 5:06 pm

Lets have a look around.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:15 pm

DDS (Version 1.1.0) - NTFSx86
Run by Yadu at 22:39:55.66 on 03-01-2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.91.1033.18.3070.1632 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Yadu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Yadu\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\yadu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\yadu\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\assassin's creed\register\RegistrationReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\yadu\appdata\roaming\mozilla\firefox\profiles\ipok5p5r.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:15 pm

============= SERVICES / DRIVERS ===============

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-8-2 28464]

=============== Created Last 30 ================

2009-01-03 22:35 --d----- c:\program files\NVIDIA Corporation
2009-01-03 22:32 --d----- c:\program files\NVIDIA nTune Performance Application
2009-01-03 21:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-03 21:53 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-03 21:53 --d----- c:\windows\system32\drivers\Avg
2009-01-03 21:53 --d----- c:\programdata\avg8
2009-01-03 21:53 --d----- c:\program files\AVG
2009-01-03 21:53 --d----- c:\progra~2\avg8
2009-01-03 20:13 --d----- c:\users\yadu\appdata\roaming\Symantec
2009-01-03 20:08 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-03 20:08 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-03 20:08 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 17:33 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-02 17:33 --d----- C:\Intel
2009-01-02 17:31 303,616 a------- c:\windows\system32\drivers\yk60x86.sys
2009-01-02 17:24 -cd-h--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-02 17:24 -cd-h--- c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-02 17:08 --d----- c:\programdata\DriverScanner
2009-01-02 17:08 --d----- c:\progra~2\DriverScanner
2009-01-02 17:05 --d----- c:\users\yadu\appdata\roaming\Uniblue
2009-01-02 17:05 --d----- c:\program files\Uniblue
2009-01-02 16:57 -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-02 16:57 -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-02 16:18 -cd-h--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-02 16:18 -cd-h--- c:\progra~2\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-02 16:14 --d----- c:\programdata\POPWWPROFILES
2009-01-02 16:14 --d----- c:\progra~2\POPWWPROFILES
2009-01-02 16:12 --d----- c:\users\yadu\Uniblue 2009
2009-01-02 16:12 --d----- c:\users\yadu\Uniblue Performans Programs
2009-01-02 16:06 --d----- c:\users\yadu\pop2
2009-01-02 15:46 --d----- c:\programdata\WinZip
2009-01-01 20:24 --d----- c:\users\yadu\appdata\roaming\Ubisoft
2009-01-01 20:06 --d----- c:\programdata\Ubisoft
2008-12-29 11:43 509,448 a------- c:\windows\system32\XAudio2_2.dll
2008-12-29 11:43 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2008-12-29 11:43 238,088 a------- c:\windows\system32\xactengine3_2.dll
2008-12-29 11:43 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2008-12-29 11:43 467,984 a------- c:\windows\system32\d3dx10_39.dll
2008-12-29 11:43 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2008-12-29 11:43 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-29 11:43 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-29 11:42 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-29 11:42 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-29 11:42 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-29 11:42 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-29 11:42 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-27 20:07 --d----- C:\ComboFix
2008-12-27 18:07 161,792 a------- c:\windows\SWREG.exe
2008-12-27 18:07 98,816 a------- c:\windows\sed.exe
2008-12-26 09:03 244,848,842 a------- C:\SYM_REGISTRY_BACKUP.reg
2008-12-25 21:52 297,548,003 a------- c:\windows\MEMORY.DMP
2008-12-25 21:46 --d----- c:\program files\Microsoft Visual Studio 8
2008-12-24 15:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-23 21:38 --d----- c:\windows\EasyDecrypter v1.12
2008-12-23 21:34 --d----- c:\programdata\Google Updater
2008-12-22 15:08 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2008-12-22 15:08 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2008-12-22 15:08 11,776 a------- c:\windows\system32\msshooks.dll
2008-12-22 15:08 34,816 a------- c:\windows\system32\msscb.dll
2008-12-22 14:49 147,456 a------- c:\windows\system32\Faultrep.dll
2008-12-22 14:49 125,952 a------- c:\windows\system32\wersvc.dll
2008-12-22 14:49 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-12-22 14:38 --d----- c:\users\yadu\appdata\roaming\Windows Live Writer
2008-12-22 14:09 --d----- C:\PerfLogs
2008-12-22 12:08 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-12-22 12:07 175,104 a------- c:\windows\system32\dot3svc.dll
2008-12-22 12:06 257,024 a------- c:\windows\system32\VAN.dll
2008-12-22 12:05 505,344 a------- c:\windows\system32\qedit.dll
2008-12-22 12:04 101,376 a------- c:\windows\system32\wmpshell.dll
2008-12-22 12:03 20,992 a------- c:\windows\system32\drivers\tdi.sys
2008-12-22 12:02 120,458 a------- c:\windows\system32\secpol.msc
2008-12-22 12:02 145,455 a------- c:\windows\system32\perfmon.msc
2008-12-22 12:02 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-12-22 12:02 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-12-22 11:09 357,888 a------- c:\windows\system32\wbemcomn.dll
2008-12-22 11:09 704,512 a------- c:\windows\system32\SmiEngine.dll
2008-12-22 11:09 139,264 a------- c:\windows\system32\SmiInstaller.dll
2008-12-22 11:09 129,536 a------- c:\windows\system32\sqmapi.dll
2008-12-22 11:08 218,624 a------- c:\windows\system32\wdscore.dll
2008-12-22 11:08 130,560 a------- c:\windows\system32\PkgMgr.exe
2008-12-22 11:08 246,784 a------- c:\windows\system32\drvstore.dll
2008-12-22 11:08 258,560 a------- c:\windows\system32\dpx.dll
2008-12-22 11:08 35,328 a------- c:\windows\system32\mspatcha.dll
2008-12-22 11:08 305,152 a------- c:\windows\system32\msdelta.dll
2008-12-22 01:50 --d----- c:\program files\Microsoft Office Outlook Connector
2008-12-22 01:49 55,264 a------- c:\windows\system32\drivers\fssfltr.sys
2008-12-22 01:45 --d----- c:\program files\Windows Live SkyDrive
2008-12-18 18:40 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-18 06:59 108,336 a------- c:\windows\system32\Mswinsck.ocx
2008-12-18 06:59 64,000 a------- c:\windows\system32\wiaaut.oca
2008-12-18 06:59 132,880 a------- c:\windows\system32\MSINET.OCX
2008-12-18 06:59 102,400 a------- c:\windows\system32\DinkITXPUIMenus.ocx
2008-12-18 06:59 65,536 a------- c:\windows\system32\EnhSliderOcx.ocx
2008-12-17 12:26 --d----- c:\program files\Norton Internet Security
2008-12-17 12:20 --d----- c:\programdata\PCSettings
2008-12-17 12:20 --d----- c:\progra~2\PCSettings
2008-12-17 12:20 --d----- c:\programdata\Norton
2008-12-17 12:20 --d----- c:\progra~2\Norton
2008-12-17 11:51 --d----- c:\programdata\NortonInstaller
2008-12-17 11:51 --d----- c:\progra~2\NortonInstaller
2008-12-17 10:53 --d----- c:\windows\pss
2008-12-17 10:47 --d----- c:\users\yadu\.jagex_cache_32
2008-12-15 19:09 --d----- c:\users\yadu\appdata\roaming\My Battle for Middle-earth(tm) II Files
2008-12-13 16:03 31 a------- c:\users\yadu\jagex_runescape_preferences.dat
2008-12-13 16:03 --d----- C:\.jagex_cache_32
2008-12-12 20:13 269,312 a------- c:\windows\system32\es.dll
2008-12-12 20:11 6,656 a------- c:\windows\system32\kbd106n.dll
2008-12-12 20:11 988,216 a------- c:\windows\system32\winload.exe
2008-12-12 20:11 927,288 a------- c:\windows\system32\winresume.exe
2008-12-12 20:11 615,992 a------- c:\windows\system32\ci.dll
2008-12-12 20:11 378,368 a------- c:\windows\system32\srcore.dll
2008-12-12 20:11 318,464 a------- c:\windows\system32\rstrui.exe
2008-12-12 20:11 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-12-12 20:11 40,960 a------- c:\windows\system32\srclient.dll
2008-12-12 20:11 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-12 20:11 14,848 a------- c:\windows\system32\srdelayed.exe
2008-12-12 20:07 --d----- c:\windows\SQL9_KB954606_ENU
2008-12-12 00:25 --d----- c:\program files\BitLocker
2008-12-11 22:35 1,820 a------- c:\windows\system32\rasctrnm.h
2008-12-11 22:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-11 22:34 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-11 22:34 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-11 22:33 428,544 a------- c:\windows\system32\EncDec.dll
2008-12-11 22:33 217,088 a------- c:\windows\system32\psisrndr.ax
2008-12-11 22:33 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-12-11 22:33 80,896 a------- c:\windows\system32\MSNP.ax
2008-12-11 22:33 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2008-12-11 22:33 293,376 a------- c:\windows\system32\psisdecd.dll
2008-12-11 22:33 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-12-11 22:29 233,888 a------- c:\windows\system32\DreamScene.dll
2008-12-11 22:26 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-11 22:26 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-11 22:26 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-11 22:25 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2008-12-11 22:25 711 a------- c:\windows\system32\CPSOKBTasks.xml
2008-12-11 22:24 678,408 a------- c:\windows\system32\gpprefcl.dll
2008-12-11 22:19 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-11 18:40 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-11 18:40 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-11 18:40 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-11 18:40 272,896 a------- c:\windows\system32\polstore.dll
2008-12-11 18:37 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-11 18:35 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-12-11 18:33 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-11 18:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-11 18:32 1,695,744 a------- c:\windows\system32\gameux.dll
2008-12-11 18:32 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-11 18:31 2,032,640 a------- c:\windows\system32\win32k.sys
2008-12-11 18:30 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-12-11 18:30 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-11 18:20 2,048 a------- c:\windows\system32\tzres.dll
2008-12-11 18:16 2,927,104 a------- c:\windows\explorer.exe
2008-12-11 18:13 827,392 a------- c:\windows\system32\wininet.dll
2008-12-11 18:08 4,497,408 a------- c:\windows\system32\NlsData0019.dll
2008-12-11 18:06 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 18:06 443,392 a------- c:\windows\system32\win32spl.dll
2008-12-11 18:06 37,888 a------- c:\windows\system32\printcom.dll
2008-12-11 18:05 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2008-12-11 18:05 14,848 a------- c:\windows\system32\wshrm.dll
2008-12-11 18:04 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-11 18:04 98,816 a------- c:\windows\system32\mfps.dll
2008-12-11 18:04 53,248 a------- c:\windows\system32\rrinstaller.exe
2008-12-11 18:04 24,576 a------- c:\windows\system32\mfpmp.exe
2008-12-11 18:04 2,048 a------- c:\windows\system32\mferror.dll
2008-12-11 18:04 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-11 18:04 94,720 a------- c:\windows\system32\logagent.exe
2008-12-11 18:02 738,304 a------- c:\windows\system32\inetcomm.dll
2008-12-11 18:02 84,480 a------- c:\windows\system32\INETRES.dll
2008-12-11 18:02 1,314,816 a------- c:\windows\system32\quartz.dll
2008-12-11 18:00 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-11 18:00 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-12-11 17:59 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-12-11 17:59 2,048 a------- c:\windows\system32\msxml6r.dll
2008-12-11 16:11 --d----- c:\program files\common files\Steam
2008-12-11 14:23 --d----- c:\program files\common files\Control Panels
2008-12-11 14:19 --d----- c:\programdata\ALM
2008-12-11 14:19 --d----- c:\progra~2\ALM
2008-12-11 13:46 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2008-12-11 13:19 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2008-12-11 13:19 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-11 12:22 --d----- c:\program files\Steam
2008-12-10 12:01 --d----- c:\users\yadu\appdata\roaming\Internet Chess Club
2008-12-10 12:01 --d----- c:\program files\Internet Chess Club
2008-12-10 00:43 40 a---h--- c:\windows\system32\ivireg.ivr
2008-12-10 00:32 --d----- c:\program files\Symantec
2008-12-10 00:32 --d----- c:\programdata\Symantec
2008-12-10 00:32 --d----- c:\progra~2\Symantec
2008-12-10 00:31 --d----- c:\program files\common files\Symantec Shared
2008-12-10 00:22 --d----- c:\program files\common files\InterVideo
2008-12-10 00:21 --d----- c:\program files\InterVideo
2008-12-10 00:09 201,728 a------- c:\windows\system32\Spiderman 3.scr
2008-12-10 00:09 --d----- c:\windows\system32\Spiderman 3 dir
2008-12-10 00:09 155,648 a------- c:\windows\system32\SonyAIwo.dll

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 5:16 pm

2008-12-10 00:09 147,456 a------- c:\windows\system32\SonyAIds.dll
2008-12-10 00:09 86,016 a------- c:\windows\system32\SonyAIwd.dll
2008-12-10 00:08 344,064 a------- c:\windows\system32\SSMSIppCustom.dll
2008-12-10 00:08 135,168 a------- c:\windows\system32\CddbLangRUSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangITSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangFRSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangESSony.dll
2008-12-10 00:08 98,304 a------- c:\windows\system32\CddbLangDESony.dll
2008-12-10 00:08 77,824 a------- c:\windows\system32\CddbLangJASony.dll
2008-12-10 00:08 69,632 a------- c:\windows\system32\CddbLangZHSony.dll
2008-12-10 00:05 --d----- c:\programdata\Sonic
2008-12-10 00:05 --d----- c:\program files\Roxio
2008-12-10 00:05 --d----- c:\program files\common files\Sonic Shared
2008-12-10 00:00 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FZ290U.mrk
2008-12-09 23:58 --d----- c:\programdata\Corel
2008-12-09 23:58 --d----- c:\progra~2\Corel
2008-12-09 23:58 --d----- c:\program files\common files\Corel
2008-12-09 23:58 --d----- c:\program files\Corel
2008-12-09 23:57 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-09 23:57 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-09 23:57 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-09 23:57 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-09 23:56 --d----- c:\program files\Microsoft Small Business
2008-12-09 23:54 --d----- c:\program files\Microsoft SQL Server
2008-12-09 23:54 --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-09 23:54 --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-09 23:54 --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-09 23:53 --d----- c:\windows\PCHEALTH
2008-12-09 23:52 --d----- c:\programdata\Microsoft Help
2008-12-09 23:45 --d----- c:\programdata\LF
2008-12-09 23:45 --d----- c:\progra~2\LF
2008-12-09 23:45 --d----- c:\windows\Downloaded Installations
2008-12-09 23:44 --d----- c:\program files\Crackle
2008-12-09 23:43 --d----- c:\program files\Sony Picture Games
2008-12-09 23:40 770,048 a------- c:\windows\system32\CDDBUISony.dll
2008-12-09 23:40 655,360 a------- c:\windows\system32\CDDBControlSony.dll
2008-12-09 23:40 589,824 a------- c:\windows\system32\CddbMusicIDSony.dll
2008-12-09 23:35 --d----- c:\programdata\FLEXnet
2008-12-09 23:35 --d----- c:\program files\common files\Macrovision Shared
2008-12-09 23:32 1,933,312 a------- c:\windows\system32\cdintf251.dll
2008-12-09 23:32 --d----- c:\program files\common files\supportsoft
2008-12-09 23:31 --d----- c:\program files\common files\AnswerWorks 4.0
2008-12-09 23:31 --d----- c:\programdata\Intuit
2008-12-09 23:31 --d----- c:\program files\Intuit
2008-12-09 23:31 --d----- c:\program files\common files\Intuit
2008-12-09 23:31 --d----- c:\progra~2\Intuit
2008-12-09 23:31 --d----- c:\programdata\COMMON FILES
2008-12-09 23:31 --d----- c:\progra~2\COMMON FILES
2008-12-09 23:30 --d----- c:\windows\system32\URTTEMP
2008-12-09 23:29 --d----- c:\program files\common files\AOL
2008-12-09 23:29 345 a---h--- C:\IPH.PH
2008-12-09 23:29 --d----- c:\program files\Online Services
2008-12-09 23:24 --d----- c:\program files\CONEXANT
2008-12-09 23:23 985,600 a------- c:\windows\system32\drivers\HSX_DPV.sys
2008-12-09 23:23 659,968 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2008-12-09 23:23 386,560 a------- c:\windows\system32\drivers\XAudio.exe
2008-12-09 23:23 207,360 a------- c:\windows\system32\drivers\HSXHWAZL.sys
2008-12-09 23:23 176,128 a------- c:\windows\system32\UCI32M16.dll
2008-12-09 23:23 140,914 a------- c:\windows\system32\drivers\SnyHDAN.cty
2008-12-09 23:23 94,208 a------- c:\windows\system32\mdmxsdk.dll
2008-12-09 23:23 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2008-12-09 23:23 8,192 a------- c:\windows\system32\drivers\XAudio.sys
2008-12-09 22:08 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-09 22:08 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 22:08 183,112 a------- c:\windows\system32\PnkBstrB.exe
2008-12-09 21:43 --d----- c:\programdata\Electronic Arts
2008-12-09 21:43 --d----- c:\progra~2\Electronic Arts
2008-12-09 21:42 1,180 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-09 21:23 479,752 a------- c:\windows\system32\XAudio2_0.dll
2008-12-09 21:23 --d----- c:\program files\EA Games
2008-12-09 21:23 238,088 a------- c:\windows\system32\xactengine3_0.dll
2008-12-09 21:23 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2008-12-09 21:22 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2008-12-09 21:22 462,864 a------- c:\windows\system32\d3dx10_37.dll
2008-12-09 21:22 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2008-12-09 21:22 267,272 a------- c:\windows\system32\xactengine2_10.dll
2008-12-09 21:22 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2008-12-09 21:22 444,776 a------- c:\windows\system32\d3dx10_36.dll
2008-12-09 21:22 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2008-12-09 21:22 267,112 a------- c:\windows\system32\xactengine2_9.dll
2008-12-09 21:22 266,088 a------- c:\windows\system32\xactengine2_8.dll
2008-12-09 21:22 17,928 a------- c:\windows\system32\X3DAudio1_2.dll
2008-12-09 21:22 261,480 a------- c:\windows\system32\xactengine2_7.dll
2008-12-09 21:22 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2008-12-09 20:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-09 20:52 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-09 20:52 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-09 20:51 --d----- c:\program files\iPod
2008-12-09 20:51 --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 20:51 --d----- c:\program files\iTunes
2008-12-09 20:51 --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 20:50 --d----- c:\program files\Bonjour
2008-12-09 20:49 --d----- c:\programdata\Apple Computer
2008-12-09 20:47 --d----- c:\programdata\Apple
2008-12-09 20:35 27,240 a------- c:\users\yadu\appdata\roaming\nvModes.dat
2008-12-09 20:18 --d----- c:\users\yadu\Tracing
2008-12-09 14:12 --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-12-09 14:11 --d----- c:\program files\Microsoft
2008-12-09 13:45 --d----- c:\program files\common files\Windows Live
2008-12-09 13:37 -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-09 13:36 --d----- c:\programdata\WLInstaller
2008-12-09 13:09 249,856 a------- c:\windows\system32\Lachesis.cpl
2008-12-09 13:09 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2008-12-09 13:09 --d----- c:\programdata\Razer
2008-12-09 13:08 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2008-12-09 12:44 --d----- c:\program files\VideoLAN
2008-12-09 12:27 --d----- c:\program files\Unreal Tournament 3
2008-12-09 12:27 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2008-12-09 12:27 444,776 a------- c:\windows\system32\d3dx10_35.dll
2008-12-09 12:27 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2008-12-09 12:27 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2008-12-09 12:27 443,752 a------- c:\windows\system32\d3dx10_34.dll
2008-12-09 12:27 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2008-12-09 12:27 81,768 a------- c:\windows\system32\xinput1_3.dll
2008-12-09 12:27 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2008-12-09 12:27 443,752 a------- c:\windows\system32\d3dx10_33.dll
2008-12-09 12:27 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2008-12-09 12:27 --d----- c:\windows\system32\AGEIA
2008-12-09 12:27 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-09 11:19 --d----- c:\users\Yadu
2008-12-09 11:18 --dsh--- c:\programdata\Documents
2008-12-09 11:18 --dsh--- C:\Documents and Settings
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR

==================== Find3M ====================

2009-01-03 20:10 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-03 20:10 86,016 a------- c:\windows\inf\infstor.dat
2009-01-03 20:10 86,016 a------- c:\windows\inf\infpub.dat
2008-12-22 14:21 174 a--sh--- c:\program files\desktop.ini
2008-12-22 14:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-22 13:35 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-22 13:35 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-11 18:33 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-11 18:32 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-12-11 18:32 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-11 18:32 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-12-11 18:32 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-11 18:32 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-12-11 18:08 2,599,936 a------- c:\windows\system32\NlsData0001.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-02 20:26 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:43:04.64 ===============

Sorry the log was too big!

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 5:47 pm

Doesn't appear to be any malware showing in the log, not exactly sure why stuff won't update, but lets run a rootkit scan.

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:49 pm

How long does this take? Its been on for quite some time now.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 8:50 pm

Not quite sure. LMBO or ROFL
If it's taking too long, just exit it and we'll use something else.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:55 pm

It just says posted message is too big!, any suggestions, or should I break it up into lots of replies.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:58 pm

---- System - GMER 1.0.14 ----

SSDT 87206AE8 ZwAlertResumeThread
SSDT 84E6E5C8 ZwAlertThread
SSDT 8546ED90 ZwAllocateVirtualMemory
SSDT 89B0F3F8 ZwAlpcConnectPort
SSDT 84D4F8A0 ZwCreateMutant
SSDT 897DF4C8 ZwCreateThread
SSDT 89505718 ZwDebugActiveProcess
SSDT 86693238 ZwFreeVirtualMemory
SSDT A180CB50 ZwImpersonateAnonymousToken
SSDT 85255300 ZwImpersonateThread
SSDT 86638720 ZwMapViewOfSection
SSDT 84DDFA48 ZwOpenEvent
SSDT A18290E0 ZwOpenProcessToken
SSDT 86792538 ZwOpenSection
SSDT 866688B0 ZwOpenThreadToken
SSDT 85277158 ZwResumeThread
SSDT 863D82D8 ZwSetContextThread
SSDT 86677368 ZwSetInformationProcess
SSDT 84E10788 ZwSetInformationThread
SSDT 84DF22F8 ZwSuspendProcess
SSDT 84E06988 ZwSuspendThread
SSDT 85245FD0 ZwTerminateProcess
SSDT 863C26F8 ZwTerminateThread
SSDT 84D22110 ZwUnmapViewOfSection
SSDT 85497388 ZwWriteVirtualMemory

Code 88BDB2D0 ZwEnumerateKey
Code 88B092D0 ZwFlushInstructionCache
Code 88BCB358 ZwQueryValueKey
Code 88D569A5 IofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 82301914 8 Bytes CALL 4AB73983
.text ntkrnlpa.exe!KeSetTimerEx + 364 82301928 4 Bytes [ 90, ED, 46, 85 ]
.text ntkrnlpa.exe!KeSetTimerEx + 370 82301934 4 Bytes [ F8, F3, B0, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 823019EC 4 Bytes [ A0, F8, D4, 84 ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 82301A18 4 Bytes [ C8, F4, 7D, 89 ]
.text ...
.text ntkrnlpa.exe!IofCallDriver 82304F6F 5 Bytes JMP 88D569AA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 823FB30B 5 Bytes JMP 88B092D4
PAGE ntkrnlpa.exe!ZwQueryValueKey 8244EB57 5 Bytes JMP 88BCB35C
PAGE ntkrnlpa.exe!ZwEnumerateKey 82450BB4 5 Bytes JMP 88BDB2D4

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[536] ADVAPI32.dll!RegOpenKeyExA 774CD4E8 5 Bytes JMP 0021F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] kernel32.dll!HeapFree 7772C55B 5 Bytes JMP 009E43A2
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxIndirectParamW 7764BD25 5 Bytes JMP 6E8A5BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxParamW 77661FD5 5 Bytes JMP 6E8A5B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxParamA 776880B2 5 Bytes JMP 6E8A5BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!DialogBoxIndirectParamA 776883DD 5 Bytes JMP 6E8A5C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxIndirectA 7769D471 5 Bytes JMP 6E8A5B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxIndirectW 7769D56B 5 Bytes JMP 6E8A5AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxExA 7769D5D1 5 Bytes JMP 6E8A5ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] USER32.dll!MessageBoxExW 7769D5F5 5 Bytes JMP 6E8A5A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] SHELL32.dll!SHRestricted + DFD 768B8390 4 Bytes [ 99, 0B, 3D, 74 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] SHELL32.dll!SHRestricted + E05 768B8398 8 Bytes [ A7, 0A, 3D, 74, A4, 32, 3C, ... ]
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] WININET.dll!HttpSendRequestA 765D08C5 5 Bytes JMP 009E46E9
.text C:\Program Files\Internet Explorer\iexplore.exe[7236] WININET.dll!HttpSendRequestW 765DD2F1 5 Bytes JMP 009E4726

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 8:58 pm

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [743BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [743BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [743BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [743BA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [743B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [743B8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [743BBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [743BFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [743BFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [743BEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [743B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [743BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 8:59 pm

Please upload it to here:
savefile.com
or here:
sendspace.com


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:01 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [743BCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [743CC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [743CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [743CDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [743CE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [743CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [743BA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [743BFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [743BE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [743BA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [743BAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [743BB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [743BC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [743BB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [743B9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [743BDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [743B9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [743B89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [743BA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [743BA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [743BEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [743BE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [743B8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:01 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [743BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [743B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [743B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [743B9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [743BF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [743BC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [743BCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [743BCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [743CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [743CC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [743CC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [743C91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [743C0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [743C02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [743BD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [743BF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [743BC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [743B94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [743B8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [743BBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [743BD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [743B8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [743BD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [743CD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [743CD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [743CE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [743CE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [743CDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [743CCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [743CDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [743CD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [743CD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [743CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
I

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [743CCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [743CD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [743CCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [743CCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [743CC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [743CD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [743CCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [743C5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [743C5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [743C4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [743C50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [743C519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [743C40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [743C5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [743C619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [743C53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [743C61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7236] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [743C3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\msqpdxeesrvygm.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001bfb1b06a4
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxeesrvygm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\msqpdxserv.sys\modules@msqpdxl

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:02 pm

\\?\globalroot\systemroot\system32\msqpdxiqnprpfn.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4CA5BC292CC21349A0143EE2DC8EB9D@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5924F58F6E7A874E816AB1DE15F9F7C@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtGui4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B735216B433B8F34A81A6E89F85D717B@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtXml4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C4A06A39C01C449817BC017E94DEE1@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\ScannerAdaptor.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B975EB55AABC09148A87B6CCC7A90AA2@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C241E19332FA27F4ABB6EB66D4A25653@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\imageformats\qgif4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C39A0F4B8CB5C4F488F967713EBC930E@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtDesignerComponents4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3E3A106629ABEF4B8A0F94DC112E618@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\license\x32\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C980E3B4A4EFBDF4B97F17185862A7CB@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\UpdatePluginView.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA9CDE8CC04E4A64F90149DB41FAC59F@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\difxapi.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9224D78493F8D74187CF05DC6124BE4@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\PresenterCommon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9DA02561D1FA094D855759E23E53335@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\ProgramData\DriverScanner\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E504031568555E34C818A79D77AE8DC7@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\license\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E88BE3605DBFD94418AABF90DBEC4F77@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtCore4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8A9E949CC997F84CBFB25ABAA31E404@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\designer\MessageWindowPlugin.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFDB172BAEE7FB04E872F99FF7A7CE8F@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\ProgramData\DriverScanner\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3F5031F38808B64DAB318624C733F25@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\LicenseManager.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA3DE3B4A27D9A149AD065CB72F73584@647E724C9CE4C3E4AABC6CBBF117D4F7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB5C59EA90561624C9FD98F4330D8FB9@647E724C9CE4C3E4AABC6CBBF117D4F7 C:\Program Files\Uniblue\DriverScanner\QtDesigner4.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FEATURE_ID j&^pX@{Quou8MkbIdFwU53^pXAtQuou8MkbIdFwUpR^pXI`Quo*9MkbIdFwUpR^pXI`Quou8MkbIdFwU7y)eW8l7_e?9MkbIdFwU,i4sY(ibi(*9MkbIdFwU,i4sY(ibi(u8MkbIdFwUpR^pXI`Quoe8MkbIdFwU7y)eW8l7_eO9MkbIdFwUr$^pX.}Quou8MkbIdFwUv!^pXW}Quou8MkbIdFwU53^pXAtQuo*9MkbIdFwU^)^pX$zQuou8MkbIdFwUb(^pXMzQuou8MkbIdFwUv!^pXW}Quo*9MkbIdFwUn%^pXe{Quou8MkbIdFwUf'^pXrzQuou8MkbIdFwUr$^pX.}Quo*9MkbIdFwUn%^pXe{Quo*9MkbIdFwUj&^pX@{Quo*9MkbIdFwU8_IsYU6Oi(u8MkbIdFwUOy!sY(Vti(u8MkbIdFwUf'^pXrzQuo*9MkbIdFwUVOAsYKAXi(u8MkbIdFwUb(^pXMzQuo*9MkbIdFwU1-,sY3Oki(u8MkbIdFwU^)^pX$zQuo*9MkbIdFwUg6,sYGKki(u8MkbIdFwU8_IsYU6Oi(*9MkbIdFwUVOAsYKAXi(*9MkbIdFwU1-,sY3Oki(*9MkbIdFwUOy!sY(Vti(*9MkbIdFwUg6,sYGKki(*9MkbIdFwU_j0,Y]s!Soe8MkbIdFwUv$f.Z@}4G(*9MkbIdFwUv$f.Z@}4G(u8MkbIdFwU%9YbWIfIbe?9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU_j0,Y]s!So*9MkbIdFwU!N0,YT,$So*9MkbIdFwU!N0,YT,$Sou8MkbIdFwUa@0,YF5$So*9MkbIdFwUe?0,Yk5$So*9MkbIdFwU]A0,Yx4$So*9MkbIdFwUe?0,Yk5$Sou8MkbIdFwUa@0,YF5$Sou8MkbIdFwUXB0,YS4$So*9MkbIdFwU]A0,Yx4$Sou8MkbIdFwUTC0,Y*4$So*9MkbIdFwUPD0,Ya3$So*9MkbIdFwUXB0,YS4$Sou8MkbIdFwU&vv
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6B2A8A6 vhL$AQ-a9?yRGAylGkg2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8DEAF39A sitta,s],9NY*ntSD1zK6*g)$i}j{?H.-P2CqI)`
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF1897F9F 9-WjOri45@wz-j`$XE4z5XazmWnN6AR$$fe6yE7(
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC60DE725 _ZuEb8lpm8x&I7y^CC!yefeB*-A50=Z!EBVC=LHv
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFD1656D7 ?TvhG$ZycAQQ0?z{QoJzN-dRH?$NP?Lt]~s?hygB
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6FE30BB8 ^`ND!1Sx_?]_~Q]$tms4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F9DACA9B5 ECqvkNvs^9Qrs_Yr'(Um
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F73D847E1 s%@keg9Gy@qf6K.)tdgX
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD70C401C *WKWCq@3)9'PTdj`8Ud1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF9CE0092 LcQNzv*)+@YGg`yPOZM-
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F5C40AA7E 2MUWA?]wk9GNP5lM(M8*
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FDEE1DFE0 T2lMm4=0c8'c0]@@aka6
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F1BB9B162 ur1{+C,K0@JT83@B_.&_
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2439B37E cUc}QruQo=u?+*l@^1j^
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2C9F73B6 DUc`S}Ll*?Ve[Pmd3+AA
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F908170D7 [$&G^yA@+=T)nI(fWtx,
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F83AD0D7 WXKG2t[GW9ZRNWuvLU}n
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F7306E53D WWkiCp0w]8f6QVd)4}AL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6FDDF195 OuVFgTGEf@jO'(zI-FTD
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFA57B377 9{Lcw6-PM?*&mKsIxIA.

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:03 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FE6866DFD VOjAK1w^R?2D!]7+{IS+
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2AC187FE grYafYT@79R8^r+6ufqp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F4D290516 _W[!%,8V'=Yhf5&w4)WN
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F90E3D279 G~O,a6MMD9!~uWAlE}-Z
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F2C7BD434 _'*1c9!EQA.M~U*G![(q
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F224783AD ~nO'S9jK~=OjUJlSI.?i
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF47E0415 ]IEcZKr)5A_,dRGRXvRc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F296E106F kT~ScL~up9$,*0Y]Zupc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF05C1C0F D[CM@buDY@knw`phuWUJ
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F88873419 )x&JElFSo@qNYb1f5_iP
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FF2C19C1F tmu2mj@ED=M?`~jBXdE%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FE2AC25AF ump'p,[cs@OVopI*dD4H
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F3FBA627D ^.tNs?&m-9E]pMAD.CxS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F65B78854 E0jJV'^TX@&ut3LCz3sl
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FBED01DD8 0A4tJ2BQ^?!ABqVbaD8J
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FEA2504B Q!lB%D.PX=0tBKM%?VgH
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8B955EE1 wxT8u_ie[?^TOk4B$A3M
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F73656A05 V_U3@GsaaAYMA[Qaw}Xe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FB5B3987C ksHF6h_LUAt(q$I6=d15
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FA909892F hTifkht^]8?m[3VHW1Le
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F54D1470C I=_Im*WHQ=&@ch0gH{qc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FB215C3EA n7ke8o3Pd8oke43n,A$.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F54D54877 H=}*B(Dpn917?un1gc-P
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F7B2ED497 s6KtF.~DcA-+YDmU^tZQ
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC1D95179 *E-jWzVHN?]B0tdu~ga8
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F22B3D1EB U,1YiY+wd=%+)xeB,A0y
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FC9C361F7 YLPi'`e,@?]P5GC2y(ZP
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F8D289B8A 14$TkV~V`8v~}XbP_sK!
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD448DE11 BR3a2Q0Dh@,D4DYpoV,P
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F6831B702 *Xqp4HK=[8Si'*-6K-[k
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FCD77AC88 CD&~Lk?)R??k.cG=~{jW
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F3E39C89 `$ApXd(Fs9BRm(F%O{+h
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F1B226F95 lb4`At4S.@YuZ_!DIGWH
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD518D1CC mN~TC@,S)@BDC,*8Ichi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FFF8BB06 9'%RQs3]K=9UFLP_?n4k
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F64AF6C9B u2{$p{6a.AtX@`vvp1Q`
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F4B257860 y`IblEG$3@wyJ-BPYETO
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FCD104459 =C$Tv^gzf=d=vG0kq+aB
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FAFC3D893 aS0PwW^EZ9F3$B0pzH}p
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@FD5895295 lSkE5=}4~9-v(LMKMQO]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Features@F15AD50CE 1p]3@kOq+9GR.Uek!s8?
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:03 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@RegOwner Yadu
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@RegCompany
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@ProductID none
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@LocalPackage C:\Windows\Installer\4a44b20.msi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@DisplayVersion 2.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@HelpLink
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallDate 20090102
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@InstallSource C:\Users\Yadu\AppData\Local\Temp\mia1\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@EstimatedSize 25822
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@VersionMajor 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Version 33554432
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@Language 1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\InstallProperties@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Patches
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Patches@AllPatches
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\Usage
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@DisplayIcon C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@UninstallString "C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@ModifyPath C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Contact FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@HelpLink [You must be registered and logged in to see this link.]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@URLUpdateInfo FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@Comments FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uniblue DriverScanner 2009@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@DisplayVersion 2.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@HelpLink
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallDate 20090102

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:04 pm

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallLocation C:\Program Files\Uniblue\DriverScanner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@InstallSource C:\Users\Yadu\AppData\Local\Temp\mia1\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Publisher Uniblue Systems Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@EstimatedSize 25822
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@VersionMajor 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Version 33554432
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@Language 1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@DisplayName Uniblue DriverScanner 2009
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}@UninstallString C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1752023980-703857170-1721892435-1005@RefCount 14
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 253
Reg HKLM\SOFTWARE\Classes\Installer\Features\b25099274a207264182f8181add555d0@VC_Redist
Reg HKLM\SOFTWARE\Classes\Installer\Features\b25099274a207264182f8181add555d0@Servicing_Key
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@ProductName Microsoft Visual C++ 2005 Redistributable
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@PackageCode ECF0C5769D85D534A98DCACD5B08A8A3
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Language 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Version 134274064
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Assignment 1
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@AdvertiseFlags 388
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@InstanceType 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@AuthorizedLUAApp 0
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@DeploymentFlags 3
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0@Clients :?
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList@PackageName vcredist.msi
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList@LastUsedSource n;2;C:\Users\Yadu\AppData\Local\Temp\7zS9F8B.tmp\
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@DiskPrompt [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@1 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@2 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@3 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@4 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@5 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@6 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@7 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@8 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@9 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media@10 ;Microsoft Visual C++ 2005 Redistributable [Disk 1]

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 9:04 pm

Please stop posting now, it got the rootkit.
If you have seen this post, respond without more parts of the GMER log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by yaduraj on 3rd January 2009, 9:05 pm

Saw it! Sorry! What should I do now?

yaduraj
Novice
Novice

Posts Posts : 30
Joined Joined : 2008-12-26
OS OS : windows vista ultimate 32bit
Points Points : 29040
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Belahzur on 3rd January 2009, 9:08 pm

Please read carefully, do not miss any part of these instructions.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
msqpdxserv.sys

Files to delete:
C:\Windows\system32\drivers\msqpdxeesrvygm.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found" <======== DO NOT miss this part
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: W32.Tidserv plus other

Post by Doctor Inferno on 21st February 2009, 10:00 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum