Backdoor.tidserv!inf

View previous topic View next topic Go down

Backdoor.tidserv!inf

Post by bgavron on 29th January 2010, 10:11 pm

My Symantec keeps detecting the virus but clean and quarantine fail. Can you help?

I followed all of the instructions for a new user. Here is the log from Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:31 PM, on 1/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Offline Course Player\OlpSynch.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adware Alert\Adware Alert.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Adware Alert] C:\Program Files\Adware Alert\Adware Alert.exe -boot
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {dc42b2d5-a771-4ffe-982a-2f38a0061102} - C:\WINDOWS\default32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14089 bytes

bgavron
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-27
OS OS : Windows XP
Points Points : 25128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.tidserv!inf

Post by Belahzur on 30th January 2010, 5:55 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O4 - HKCU\..\Run: [Adware Alert] C:\Program Files\Adware Alert\Adware Alert.exe -boot
    O18 - Filter hijack: text/html - {dc42b2d5-a771-4ffe-982a-2f38a0061102} - C:\WINDOWS\default32.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

results of scan

Post by bgavron on 31st January 2010, 1:00 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/31/2010 7:50:01 AM
mbam-log-2010-01-31 (07-50-01).txt

Scan type: Quick Scan
Objects scanned: 134327
Time elapsed: 21 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5b4016981c40d5f4b9925ed64ad7b526 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b07021d02a5e347a162b223ea41cd5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a491438a809f60f458df33e67c80a5d2 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\cb6591e4426ef2b49aee7437e1144918 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

bgavron
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-27
OS OS : Windows XP
Points Points : 25128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.tidserv!inf

Post by Belahzur on 31st January 2010, 7:48 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.tidserv!inf

Post by bgavron on 1st February 2010, 12:38 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Barbara at 19:37:37.03 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1082 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Offline Course Player\OlpSynch.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Barbara\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [OLPSYNCH] c:\program files\offline course player\OlpSynch.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - [You must be registered and logged in to see this link.]
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - [You must be registered and logged in to see this link.]
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - [You must be registered and logged in to see this link.]
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - [You must be registered and logged in to see this link.]
Filter: text/html - {dc42b2d5-a771-4ffe-982a-2f38a0061102} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-11-11 91136]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-6-17 434864]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100129.006\NAVENG.sys [2010-1-29 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100129.006\NAVEX15.sys [2010-1-29 1323568]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-9-14 99200]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-11-11 23180]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2010-01-31 12:26:38 0 d-----w- c:\docume~1\barbara\applic~1\Malwarebytes
2010-01-31 12:26:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 12:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-31 12:26:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 12:26:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 22:04:15 0 d-----w- c:\program files\Trend Micro
2010-01-29 21:14:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-27 18:38:46 0 ----a-w- c:\windows\VPC32.INI
2010-01-21 18:04:19 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-20 15:59:26 6144 ---ha-w- c:\windows\system32\svchost.suo
2010-01-20 15:59:26 203 ----a-w- c:\windows\system32\svchost.sln
2010-01-18 12:49:59 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-18 12:49:53 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-18 12:49:50 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2010-01-18 12:49:49 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-13 13:52:56 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 01:59:50 0 d-----w- c:\windows\system32\NtmsData
2010-01-04 11:04:09 202072 ----a-r- c:\windows\system32\cpnprt2.cid
2010-01-04 11:04:08 0 d-----w- c:\windows\Cache
2010-01-04 11:04:06 0 d-----w- c:\program files\Coupons
2010-01-03 18:52:39 0 d-----w- c:\program files\Learn2.com
2010-01-03 18:40:30 115920 ----a-w- c:\windows\system32\MSINET.OCX
2010-01-03 18:40:28 0 d-----w- c:\program files\Offline Course Player
2010-01-02 20:01:12 60744 ----a-w- c:\documents and settings\barbara\g2mdlhlpx.exe

==================== Find3M ====================

2010-01-29 21:14:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 17:17:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2009-12-26 20:05:47 196343 ----a-w- c:\windows\hpoins41.dat
2009-11-11 16:58:44 83672 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-09 17:37:42 103720 ----a-w- c:\documents and settings\barbara\GoToAssistDownloadHelper.exe

============= FINISH: 19:37:47.95 ===============

Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/30/2009 12:45:42 PM
System Uptime: 1/31/2010 7:09:22 PM (0 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 107.418 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Premium C309g-m,192.168.2.5
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet M4345 MFP
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet M4345 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SonicWALL VPN Adapter
Device ID: ROOT\RCVPN\0000
Manufacturer: SonicWALL, Inc.
Name: SonicWALL VPN Adapter
PNP Device ID: ROOT\RCVPN\0000
Service: rcvpn

==== System Restore Points ===================

RP34: 11/2/2009 1:39:03 PM - Software Distribution Service 3.0
RP35: 11/2/2009 1:46:23 PM - Installed Adobe Acrobat 8 Standard - English, Français, Deutsch
RP36: 11/2/2009 2:03:49 PM - Installed Microsoft Office Basic 2007
RP37: 11/2/2009 2:09:21 PM - Software Distribution Service 3.0
RP38: 11/4/2009 8:00:00 AM - Software Distribution Service 3.0
RP39: 11/6/2009 7:08:16 AM - Installed Windows XP WgaNotify.
RP40: 11/6/2009 9:28:17 AM - Installed Sprint Mobile Broadband (Novatel Wireless)
RP41: 11/6/2009 11:06:34 AM - Installed Mobile Broadband Generic Drivers.
RP42: 11/7/2009 1:15:39 PM - Software Distribution Service 3.0
RP43: 11/8/2009 6:57:18 PM - Installed EPSON Scan ICM
RP44: 11/8/2009 7:53:32 PM - Installed EPSON Scan ICM
RP45: 11/8/2009 7:57:43 PM - Installed EPSON Scan ICM
RP46: 11/9/2009 8:30:04 AM - Software Distribution Service 3.0
RP47: 11/9/2009 6:23:00 PM - Installed FRx 6.7
RP48: 11/9/2009 6:24:18 PM - Printer Driver FRx Document Image Writer Driver Installed
RP49: 11/9/2009 6:27:01 PM - Software Distribution Service 3.0
RP50: 11/10/2009 5:06:56 PM - Software Distribution Service 3.0
RP51: 11/11/2009 11:59:32 AM - Installed Symantec AntiVirus Client
RP52: 11/11/2009 3:06:35 PM - Installed Microsoft Office Enterprise 2007
RP53: 11/11/2009 3:12:12 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP54: 11/11/2009 3:18:26 PM - Installed SonicWALL Global VPN Client
RP55: 11/11/2009 3:24:02 PM - Installed VPN Client
RP56: 11/11/2009 3:29:30 PM - Software Distribution Service 3.0
RP57: 11/11/2009 4:36:39 PM - Software Distribution Service 3.0
RP58: 11/12/2009 7:19:56 AM - Software Distribution Service 3.0
RP59: 11/12/2009 5:07:05 PM - Software Distribution Service 3.0
RP60: 11/15/2009 6:08:07 AM - Software Distribution Service 3.0
RP61: 11/15/2009 11:48:54 AM - Software Distribution Service 3.0
RP62: 11/17/2009 4:29:32 PM - System Checkpoint
RP63: 11/17/2009 5:18:58 PM - Installed Driver Detective.
RP64: 11/17/2009 5:34:39 PM - Installed EPSON TWAIN 5
RP65: 11/17/2009 6:05:22 PM - Removed Driver Detective.
RP66: 11/17/2009 7:06:52 PM - Installed iTunes
RP67: 11/20/2009 8:54:29 AM - System Checkpoint
RP68: 11/23/2009 10:53:00 AM - System Checkpoint
RP69: 11/24/2009 11:16:11 AM - System Checkpoint
RP70: 11/26/2009 8:24:27 PM - Software Distribution Service 3.0
RP71: 11/28/2009 11:12:32 AM - System Checkpoint
RP72: 11/30/2009 7:20:51 AM - System Checkpoint
RP73: 12/1/2009 12:25:34 PM - System Checkpoint
RP74: 12/3/2009 3:03:24 PM - System Checkpoint
RP75: 12/4/2009 5:53:35 PM - System Checkpoint
RP76: 12/4/2009 6:16:48 PM - Software Distribution Service 3.0
RP77: 12/4/2009 6:48:32 PM - Software Distribution Service 3.0
RP78: 12/7/2009 1:40:12 PM - Installed Adware Alert
RP79: 12/7/2009 1:46:23 PM - Removed Bonjour
RP80: 12/7/2009 4:55:06 PM - Installed Windows Defender
RP81: 12/8/2009 10:47:54 AM - Software Distribution Service 3.0
RP82: 12/8/2009 1:39:31 PM - Software Distribution Service 3.0
RP83: 12/13/2009 9:22:26 AM - Software Distribution Service 3.0
RP84: 12/14/2009 6:49:13 AM - Software Distribution Service 3.0
RP85: 12/14/2009 6:52:59 AM - Software Distribution Service 3.0
RP86: 12/14/2009 8:07:40 AM - Software Distribution Service 3.0
RP87: 12/15/2009 12:03:32 PM - Software Distribution Service 3.0
RP88: 12/15/2009 5:03:47 PM - Removed Dexterity Shared Components 10.0
RP89: 12/16/2009 7:43:59 PM - Removed Microsoft .NET Framework 3.0 Service Pack 2
RP90: 12/17/2009 9:46:41 AM - Software Distribution Service 3.0
RP91: 12/18/2009 10:31:50 AM - Software Distribution Service 3.0
RP92: 12/18/2009 9:31:34 PM - Software Distribution Service 3.0
RP93: 12/20/2009 9:52:36 PM - Software Distribution Service 3.0
RP94: 12/21/2009 11:39:39 AM - Software Distribution Service 3.0
RP95: 12/21/2009 2:16:29 PM - Installed Cisco AnyConnect VPN Client
RP96: 12/21/2009 5:56:30 PM - Software Distribution Service 3.0
RP97: 12/22/2009 6:43:57 AM - Software Distribution Service 3.0
RP98: 12/22/2009 3:29:34 PM - Software Distribution Service 3.0
RP99: 12/23/2009 7:23:12 AM - Software Distribution Service 3.0
RP100: 12/23/2009 11:19:31 AM - Software Distribution Service 3.0
RP101: 12/24/2009 8:35:34 AM - Software Distribution Service 3.0
RP102: 12/24/2009 10:16:17 AM - Software Distribution Service 3.0
RP103: 12/24/2009 11:37:21 AM - Software Distribution Service 3.0
RP104: 12/24/2009 2:55:45 PM - Software Distribution Service 3.0
RP105: 12/25/2009 3:59:50 PM - Software Distribution Service 3.0
RP106: 12/26/2009 9:21:44 AM - Software Distribution Service 3.0
RP107: 12/27/2009 10:49:00 AM - Software Distribution Service 3.0
RP108: 12/27/2009 10:55:49 AM - Software Distribution Service 3.0
RP109: 12/28/2009 3:00:18 AM - Software Distribution Service 3.0
RP110: 12/28/2009 9:43:41 AM - Software Distribution Service 3.0
RP111: 12/28/2009 4:45:35 PM - Software Distribution Service 3.0
RP112: 12/29/2009 4:50:22 PM - Software Distribution Service 3.0
RP113: 12/30/2009 8:17:57 AM - Software Distribution Service 3.0
RP114: 12/30/2009 5:00:21 PM - Software Distribution Service 3.0
RP115: 12/30/2009 9:23:25 PM - Software Distribution Service 3.0
RP116: 12/31/2009 7:28:36 AM - Software Distribution Service 3.0
RP117: 12/31/2009 11:51:50 AM - Software Distribution Service 3.0
RP118: 1/1/2010 9:55:18 AM - Software Distribution Service 3.0
RP119: 1/1/2010 9:57:40 AM - Software Distribution Service 3.0
RP120: 1/1/2010 6:26:19 PM - Software Distribution Service 3.0
RP121: 1/1/2010 11:24:01 PM - Software Distribution Service 3.0
RP122: 1/2/2010 4:23:30 PM - Software Distribution Service 3.0
RP123: 1/3/2010 10:40:44 AM - Software Distribution Service 3.0
RP124: 1/3/2010 1:40:28 PM - Installed Offline Course Player
RP125: 1/4/2010 5:34:22 AM - Software Distribution Service 3.0
RP126: 1/4/2010 11:31:15 AM - Software Distribution Service 3.0
RP127: 1/4/2010 8:58:46 PM - Software Distribution Service 3.0
RP128: 1/4/2010 9:12:31 PM - Software Distribution Service 3.0
RP129: 1/5/2010 11:39:49 PM - Software Distribution Service 3.0
RP130: 1/6/2010 9:18:19 PM - Software Distribution Service 3.0
RP131: 1/7/2010 10:19:06 AM - Software Distribution Service 3.0
RP132: 1/7/2010 10:27:55 AM - Installed Windows XP KB942288-v3.
RP133: 1/8/2010 5:25:49 AM - Software Distribution Service 3.0
RP134: 1/8/2010 5:27:27 AM - Software Distribution Service 3.0
RP135: 1/8/2010 5:14:01 PM - Software Distribution Service 3.0
RP136: 1/8/2010 6:55:13 PM - Software Distribution Service 3.0
RP137: 1/8/2010 8:46:11 PM - Software Distribution Service 3.0
RP138: 1/9/2010 9:37:58 AM - Software Distribution Service 3.0
RP139: 1/10/2010 8:13:35 AM - Software Distribution Service 3.0
RP140: 1/11/2010 6:30:47 AM - Software Distribution Service 3.0
RP141: 1/11/2010 6:37:56 AM - Software Distribution Service 3.0
RP142: 1/11/2010 9:58:31 AM - Software Distribution Service 3.0
RP143: 1/11/2010 5:27:42 PM - Software Distribution Service 3.0
RP144: 1/12/2010 5:47:30 PM - Software Distribution Service 3.0
RP145: 1/13/2010 7:12:38 PM - Software Distribution Service 3.0
RP146: 1/14/2010 6:14:59 AM - Software Distribution Service 3.0
RP147: 1/14/2010 11:23:02 AM - Software Distribution Service 3.0
RP148: 1/15/2010 10:57:00 AM - Software Distribution Service 3.0
RP149: 1/16/2010 7:17:39 AM - Software Distribution Service 3.0
RP150: 1/17/2010 12:16:19 PM - Software Distribution Service 3.0
RP151: 1/17/2010 3:55:16 PM - Software Distribution Service 3.0
RP152: 1/18/2010 8:07:12 PM - Software Distribution Service 3.0
RP153: 1/18/2010 9:51:56 PM - Software Distribution Service 3.0
RP154: 1/19/2010 6:13:51 PM - Software Distribution Service 3.0
RP155: 1/20/2010 7:51:17 AM - Software Distribution Service 3.0
RP156: 1/21/2010 7:23:10 AM - Software Distribution Service 3.0
RP157: 1/21/2010 10:13:05 AM - Software Distribution Service 3.0
RP158: 1/21/2010 1:05:42 PM - Software Distribution Service 3.0
RP159: 1/22/2010 7:20:03 AM - Software Distribution Service 3.0
RP160: 1/22/2010 12:07:41 PM - Microsoft Antimalware Checkpoint
RP161: 1/22/2010 12:33:57 PM - Software Distribution Service 3.0
RP162: 1/24/2010 7:50:40 AM - Software Distribution Service 3.0
RP163: 1/25/2010 7:41:32 AM - Software Distribution Service 3.0
RP164: 1/25/2010 9:55:28 PM - Software Distribution Service 3.0
RP165: 1/25/2010 10:12:36 PM - Software Distribution Service 3.0
RP166: 1/26/2010 10:05:58 PM - Software Distribution Service 3.0
RP167: 1/27/2010 7:29:30 AM - Software Distribution Service 3.0
RP168: 1/27/2010 11:08:07 AM - Software Distribution Service 3.0
RP169: 1/27/2010 12:15:36 PM - Microsoft Antimalware Checkpoint
RP170: 1/27/2010 12:18:56 PM - Software Distribution Service 3.0
RP171: 1/27/2010 10:00:37 PM - Software Distribution Service 3.0
RP172: 1/28/2010 12:35:04 PM - Microsoft Antimalware Checkpoint
RP173: 1/29/2010 8:42:16 AM - Software Distribution Service 3.0
RP174: 1/29/2010 4:08:05 PM - Software Distribution Service 3.0
RP175: 1/29/2010 4:13:14 PM - Removed Java(TM) 6 Update 16
RP176: 1/29/2010 4:59:41 PM - Software Distribution Service 3.0
RP177: 1/29/2010 5:22:58 PM - Software Distribution Service 3.0
RP178: 1/29/2010 7:35:22 PM - Software Distribution Service 3.0
RP179: 1/30/2010 7:43:12 AM - Software Distribution Service 3.0
RP180: 1/30/2010 7:54:37 PM - Software Distribution Service 3.0
RP181: 1/31/2010 6:35:34 AM - Software Distribution Service 3.0
RP182: 1/31/2010 8:07:16 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.0 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adware Alert
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Boggle
Broadcom Gigabit Integrated Controller
BufferChm
C309g-m
Cisco AnyConnect VPN Client
Citrix Presentation Server Client - Web Only
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
Crystal Reports for .NET Framework 2.0 (x86)
Dell Driver Download Manager
Dell Mobile Broadband Card Utility
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
Dexterity Shared Components 10.0
EPSON Printer Software
EPSON TWAIN 5
FRx 6.7 (C:\Program Files\FRx Software\FRx 6.7)
FRx 6.7 Connection Manager for Microsoft Dynamics
GoToMeeting 4.0.0.320
GPBaseService2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Learn.com Player (Uninstall Only)
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Mobile Broadband Generic Drivers
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Network
Offline Course Player
OGA Notifier 2.0.0048.0
Oz776 SCR Driver V1.1.4.2
PS_AIO_06_C309g-m_SW_Min
QuickTime
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shop for HP Supplies
SigmaTel Audio
Skype web features
Skype™ 4.1
SmartWebPrinting
SolutionCenter
SonicWALL Global VPN Client
Sprint Mobile Broadband (Novatel Wireless)
SQLXML4
Status
Symantec AntiVirus Client
System Requirements Lab
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VPN Client
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/31/2010 7:03:11 PM, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 001FE2C63E49 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/29/2010 9:06:40 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/29/2010 8:04:26 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: TrojanDownloader:Win32/Monkif.O ID: 2147629296 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/29/2010 8:04:26 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: Trojan:Win32/BHO.BO ID: 2147627252 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/29/2010 8:04:01 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: TrojanDownloader:Win32/Monkif.O ID: 2147629296 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/29/2010 8:03:49 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: TrojanDownloader:Win32/Monkif.O ID: 2147629296 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/29/2010 8:03:49 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: Trojan:Win32/FakeSpypro ID: 2147620018 Severity: High Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/29/2010 8:03:49 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: Trojan:Win32/BHO.BO ID: 2147627252 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.144.0, AS: 1.75.144.0 Engine Version: 1.1.5406.0
1/28/2010 9:15:06 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 8:34:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 7:47:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.37.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: [You must be registered and logged in to see this link.] Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/28/2010 6:07:42 PM, error: DCOM [10001] - Unable to start a DCOM Server: {36BBB745-0999-4FD8-A538-4D4D84E4BD09} as /. The error: "%2" Happened while starting this command: "C:\WINDOWS\system32\vsjitdebugger.exe" -Embedding
1/28/2010 4:20:23 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 3:16:10 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 2:19:42 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 12:35:08 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 11:43:35 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 10:45:00 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/28/2010 1:29:25 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/27/2010 6:04:45 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.F ID: 2147629654 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/27/2010 12:41:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.37.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: [You must be registered and logged in to see this link.] Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/27/2010 12:03:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/27/2010 11:36:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.37.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: [You must be registered and logged in to see this link.] Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/27/2010 1:38:58 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: [You must be registered and logged in to see this link.] User: BARBARA-BEA5087\Barbara Name: Trojan:Win32/BHO.BO ID: 2147627252 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.37.0, AS: 1.75.37.0 Engine Version: 1.1.5406.0
1/25/2010 7:48:04 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/25/2010 7:48:03 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/25/2010 7:45:36 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
1/25/2010 7:39:40 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/25/2010 7:39:40 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/24/2010 7:32:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
1/24/2010 7:32:22 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/24/2010 7:32:22 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

==== End Of File ===========================

bgavron
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-27
OS OS : Windows XP
Points Points : 25128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.tidserv!inf

Post by Belahzur on 1st February 2010, 1:03 am

This looks okay, hopefully this should be fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.tidserv!inf

Post by bgavron on 3rd February 2010, 9:40 pm

THANK YOU THANK YOU THANK YOU

bgavron
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-27
OS OS : Windows XP
Points Points : 25128
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum