WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


backdoor.tide!serv.inf

2 posters

descriptionbackdoor.tide!serv.inf Emptybackdoor.tide!serv.inf24th May 2010, 3:53 am

more_horiz
Hello. I have had the backdoor.tide!serv.inf for a very long time. Symantec captured it but now that I have begun to get some help on things I never paid attention to, it is starting to freak me out.

I worked at a large company but am retired on a disability. HOWEVER, I love techie stuff but am afraid to fool around here!

Could anyone help me with this. Thank you!
KatLou

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 8:40 am

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 1:26 pm

more_horiz
OK, I must have done something wrong! Because, when Symantec ran it showed that I now have TWO verses the one I have had for a very long time. HELP

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 3:17 pm

more_horiz
Hello.
Don't panic, stay with me and follow my above instructions.

descriptionbackdoor.tide!serv.inf Emptybackdoor.tide!serv.inf24th May 2010, 4:37 pm

more_horiz
OK, here goes:



OTL logfile created on: 5/24/2010 12:25:15 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Kathy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.91 Gb Total Space | 19.03 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATLOU
Current User Name: Kathie Lou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/24 08:24:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathy\My Documents\Downloads\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/05 06:08:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/11 02:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/04/17 13:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 16:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003/06/24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/02/24 06:06:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003/01/24 19:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/01/24 19:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/24 08:24:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathy\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/06/24 15:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2005/11/11 02:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/04/17 13:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 16:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 12:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/02/24 06:06:00 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003/01/24 19:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/01/24 19:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/25 04:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091229.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/25 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091229.009\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/11/11 02:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/04/05 12:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 12:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 21:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/22 21:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 01:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/06/24 15:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/03/12 18:16:44 | 002,390,528 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/02/24 06:06:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003/01/17 05:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003/01/12 20:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/10 07:50:00 | 000,095,447 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/01/10 07:50:00 | 000,091,318 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/01/10 07:50:00 | 000,055,254 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/01/10 07:50:00 | 000,034,775 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/01/10 07:50:00 | 000,023,895 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/01/10 07:50:00 | 000,014,103 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/01/10 07:50:00 | 000,006,295 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/01/10 07:50:00 | 000,004,087 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/01/10 07:50:00 | 000,002,171 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/12/26 06:10:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002/12/26 05:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/12/26 05:32:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/12/24 14:52:26 | 000,005,589 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/12/24 14:51:46 | 000,022,995 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2002/12/24 06:56:00 | 000,040,368 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/12/20 07:21:00 | 000,083,104 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/12/17 23:29:28 | 000,015,378 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2001/11/01 06:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/09/13 10:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 17:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/03/23 01:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/20 22:17:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 21:32:34 | 000,000,000 | ---D | M]

[2010/04/25 16:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Extensions
[2010/04/25 16:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/23 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\hyz07wua.default\extensions
[2010/04/27 17:36:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\hyz07wua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 17:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (My Search BHO) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Search Bar) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)
O3 - HKCU\..\Toolbar\WebBrowser: (My Search Bar) - {014DA6C9-189F-421A-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [StorageGuard] c:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe (none)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137018465641 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151159611207 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DigiChat Applet http://host18.digichat.com/DigiChat/DigiClasses/Client_IE.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/11 20:25:57 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845f2e19-830f-11da-adaf-000cf1161ea1}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 10:17:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kathy\Recent
[2010/05/22 01:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/20 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/20 23:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/05/20 22:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/06 07:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\My Documents\NICOTINE STEPS ETC
[2010/05/06 07:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\My Documents\4th Step Folder
[2010/05/05 21:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/05/05 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/04/28 11:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Desktop\Audio 12Steps_files
[2010/04/25 18:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/25 17:56:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/25 16:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\Thunderbird
[2010/04/25 16:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Thunderbird
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 12:15:23 | 000,006,333 | ---- | M] () -- C:\WINDOWS\silkquit.ini
[2010/05/24 10:17:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 10:17:18 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2757399629-3066503257-373967883-1004.job
[2010/05/24 10:15:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 10:15:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 10:15:32 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 10:14:25 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Kathy\NTUSER.DAT
[2010/05/24 10:13:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kathy\ntuser.ini
[2010/05/24 10:13:35 | 004,832,992 | -H-- | M] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\IconCache.db
[2010/05/22 22:11:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2757399629-3066503257-373967883-1004.job
[2010/05/22 21:27:55 | 000,084,200 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\cc_20100522_212739.reg
[2010/05/22 01:45:47 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/21 21:01:57 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/05/21 21:01:52 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\PaltalkScene.lnk
[2010/05/20 23:13:48 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\CCleaner.lnk
[2010/05/20 23:08:49 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Defraggler.lnk
[2010/05/20 22:17:34 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 07:14:22 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 11:32:54 | 000,014,587 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Audio 12Steps.aspx
[2010/04/25 18:56:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/25 09:36:57 | 000,073,149 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\UPON AWAKENING Prayer Review.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 21:27:46 | 000,084,200 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\cc_20100522_212739.reg
[2010/05/22 01:45:47 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/20 23:13:46 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\CCleaner.lnk
[2010/05/20 23:08:49 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\Defraggler.lnk
[2010/05/05 21:17:24 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/05/05 21:17:14 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\PaltalkScene.lnk
[2010/04/28 11:32:48 | 000,014,587 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\Audio 12Steps.aspx
[2010/04/25 09:36:55 | 000,073,149 | ---- | C] () -- C:\Documents and Settings\Kathy\Desktop\UPON AWAKENING Prayer Review.pdf
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/14 23:27:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/20 17:32:57 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/11/05 23:25:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/01 18:40:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/23 14:39:33 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/25 19:24:41 | 000,006,333 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2006/01/18 11:59:50 | 000,017,611 | ---- | C] () -- C:\WINDOWS\MPTBox.INI
[2006/01/18 11:39:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\SGEDIT.INI
[2006/01/17 18:51:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/11 23:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/01/11 23:33:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/11 20:55:34 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/11 20:18:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/11 20:13:42 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/11 20:11:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/01/11 20:05:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/01/11 20:05:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/01/11 20:05:14 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/01/11 20:04:47 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/06/24 15:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/01/30 01:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/23 11:05:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\vxdmdcdlg.dll
[2002/11/15 05:14:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/09/26 21:26:59 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/05/24 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 202883 bytes -> C:\Documents and Settings\Kathy\Desktop\Sunday 5:30 a.m. Greysheet Qualificiation.pdf
@Alternate Data Stream - 202883 bytes -> C:\Documents and Settings\Kathy\Desktop\GSA Sunday 5:40 a.m. Format (needs editing).pdf
< End of report >

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 4:40 pm

more_horiz
Ah, MWS infection.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 4:42 pm

more_horiz
Extra here goes:

OTL Extras logfile created on: 5/24/2010 8:31:26 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Kathy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.91 Gb Total Space | 16.44 Gb Free Space | 48.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATLOU
Current User Name: Kathie Lou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Kathy\Local Settings\Temp\WZS1D.tmp\AswApp.exe" = C:\Documents and Settings\Kathy\Local Settings\Temp\WZS1D.tmp\AswApp.exe:*:Disabled:AswApp -- File not found
"C:\Documents and Settings\Kathy\Local Settings\Temp\WZS1E.tmp\AswApp.exe" = C:\Documents and Settings\Kathy\Local Settings\Temp\WZS1E.tmp\AswApp.exe:*:Disabled:AswApp -- File not found
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:Paltalk Messenger 8.3 -- (AVM Software Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\mIRC\mirc.exe" = C:\mIRC\mirc.exe:*:Disabled:mIRC -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5EAF9A83-3B91-45BF-8F2D-990BBEBDC9AB}" = Intel(R) Sebring API
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F1F721BF-040C-4096-988A-1DB01EB73B0C}" = TPNala Wallpaper
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"IBM Access Support" = IBM Access Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"My Search Uninstall" = My Search Bar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SilkQuit_is1" = SilkQuit v2.60
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Verizon Online DSL_is1" = Verizon Online DSL
"ViewpointMediaPlayer" = Viewpoint Media Player
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2010 9:10:53 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/22/2010 9:11:05 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/22/2010 9:16:19 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/22/2010 9:17:38 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/23/2010 4:31:38 AM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Startup scan. Action: Clean
failed : Quarantine failed. Action Description: The file was left unchanged.

Error - 5/23/2010 4:57:42 AM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Startup scan. Action: Clean
failed : Quarantine failed. Action Description: The file was left unchanged.

Error - 5/23/2010 6:58:07 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/23/2010 11:11:19 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/23/2010 11:48:46 PM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

Error - 5/24/2010 2:14:43 AM | Computer Name = KATLOU | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Documents and
Settings\Kathy\Local Settings\Temp\tmp1AE.tmp by: Auto-Protect scan. Action: Clean
failed : Quarantine failed : Access denied. Action Description: The file was left
unchanged.

[ System Events ]
Error - 5/16/2010 4:42:13 PM | Computer Name = KATLOU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000CF1161EA1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/16/2010 9:36:19 PM | Computer Name = KATLOU | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1161EA1. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/17/2010 7:26:38 AM | Computer Name = KATLOU | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1161EA1. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 5/17/2010 7:43:42 AM | Computer Name = KATLOU | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1161EA1. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/19/2010 6:13:39 AM | Computer Name = KATLOU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000CF1161EA1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 9:05:59 PM | Computer Name = KATLOU | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1161EA1. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/20/2010 10:03:09 PM | Computer Name = KATLOU | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000CF1161EA1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/21/2010 3:02:15 PM | Computer Name = KATLOU | Source = PSched | ID = 14103
Description = QoS [Adapter {731CBD67-C766-4638-8C59-A855041AF0E0}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 5/21/2010 3:33:26 PM | Computer Name = KATLOU | Source = PSched | ID = 14103
Description = QoS [Adapter {731CBD67-C766-4638-8C59-A855041AF0E0}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 5/21/2010 3:34:35 PM | Computer Name = KATLOU | Source = PSched | ID = 14103
Description = QoS [Adapter {731CBD67-C766-4638-8C59-A855041AF0E0}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf24th May 2010, 4:51 pm

more_horiz
Posted next instructions just above. Smile...

http://www.GeekPolice.net/virus-spyware-malware-removal-f11/backdoortideservinf-t21714.htm#141934

descriptionbackdoor.tide!serv.inf EmptyRe: backdoor.tide!serv.inf

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum