TROJAN ATTACK

View previous topic View next topic Go down

TROJAN ATTACK

Post by karenor on Fri Jul 22, 2011 5:10 am

I am running Windows XP with service pack 3. I run Super Antispyware, CCleaner, Spy Bot Search and Destroy, Malwarebytes, ESET, Microsoft Baseline Analyzer, AVG, Advanced System Care and Defrag 2. On July 18th I was using the internet and had done a search on Dogpile. Viewing the search results I clicked on one item and a message popped up on my computer screen saying, "Hard Drive Failure." It seemed suspcicious. So I did not click. I did quickly close the inernet page. Upon closing the page my computer screen went black and all of my desk top icons were gone. I also had limited use of items in my Start menu. Thinking there might be indeed a hard drive failure I restred the computer in Safe Mode and attempted to do a system restore. Nothing seemed to work and so I phoned Dell computer. I was put through to a technician who then purportedly took care of the problem. He took control of my computer remotely. He then resented me with a Malwarebytes scan log that had four items on it and pronounced my machine clean. He then proceeded to "rebuild" my machine. He removed many programs from my machine such as ESET, Super Antispyware, Malwarebytes, etc. He told me that these programs and others on my computer were what had caused the problem. Once I had access to the internet I searched and found that it was some sort of virus that I had gotten. The guy from Dell was wrong and led me on a wild goose chase. After he "fixed" my machine I still did not have any of the program short cuts in my Start area. I also did not have my icons on my desk top. Again, the guy from Dell told me that those items were all corrupted and I would never see them again. What a crock! I found the program online called "Unhide" and was able to retrieve all of that information. At this time I am not certain if my computer is truly clean. I am also experiencing problems with my internet. I keep getting error messages. In fact while on the line with the guy from Dell I told him about the error messages and he brushed off the complaint telling me that after a few reboots the error messages would disappear. I have noticed an increase in the internet error messages and also got a Dr. Watson error message. I have never received these types of messages in the entire time I have used the internet. I know that the guy from Dell did something with my internet because after it was up and running he said he had to make an internet adjustment. I have written down the error messages that I am receiving. I feel stupid that I did not contact GeekPolice. I was not able to do so during the time that my machine was compromised. Phoning Dell has only complicated matters and was a big disappointment. I will post my OTL and the aswMBR logs in a message to follow this one.

Thanking you in advance for any assistance you can offer,
Karen


karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Fri Jul 22, 2011 5:31 am

Hello:

Posting OTL:

OTL logfile created on: 7/21/2011 9:45:49 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.48% Memory free
2.79 Gb Paging File | 1.93 Gb Available in Paging File | 69.01% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.49 Gb Free Space | 38.89% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 21:44:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgscanx.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/21 21:44:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)


========== Driver Services (SafeList) ==========

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 12:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 12:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 21:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 14:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 14:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 16:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 13:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 13:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found



O1 HOSTS File: ([2011/01/12 18:45:50 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\SOPHIE JULY 2011\picasabackground.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\SOPHIE JULY 2011\picasabackground.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 21:44:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/07/20 00:45:49 | 000,546,464 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\OnlineScannerApp.exe
[2011/07/20 00:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/20 00:21:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/07/19 22:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2011/07/19 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/19 22:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 22:23:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/19 22:22:04 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011/07/19 21:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/19 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/07/19 21:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/07/19 20:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\KAREN
[2011/07/19 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/18 22:29:56 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 22:29:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/07/18 22:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Simply Super Software
[2011/07/18 22:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/07/18 21:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/18 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Saved Startup Items
[2011/07/18 20:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\HandsFree
[2011/07/18 19:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/07/18 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Repair
[2011/07/18 17:56:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/17 22:36:12 | 003,216,552 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup308.exe
[2011/06/15 17:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 16:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 12:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 10:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 09:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 08:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/05/22 15:04:43 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup306.exe
[2011/03/28 09:14:59 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe
[2011/02/11 13:27:47 | 005,300,552 | ---- | C] (IObit ) -- C:\Program Files\smart-defrag-setup-beta.exe
[2011/02/04 02:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2011/01/06 22:45:41 | 004,349,192 | ---- | C] (IObit ) -- C:\Program Files\defragsetup.exe
[2011/01/04 17:47:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.1.1100.exe
[2010/12/25 23:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 22:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/25 00:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 23:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 14:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 18:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/09/01 11:40:03 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup44.exe
[2010/07/24 12:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 19:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 15:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2010/05/12 13:27:02 | 008,144,744 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2010/04/14 22:36:49 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup43.exe
[2009/12/24 11:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 15:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 13:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/15 00:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 22:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 22:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 14:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 12:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 12:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 16:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 16:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 16:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 22:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 15:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 15:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 15:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 15:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 15:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 15:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 15:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 21:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 20:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 20:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 20:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 20:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 23:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 10:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 16:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 21:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 21:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 21:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 21:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 17:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 10:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 09:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 12:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe


karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Fri Jul 22, 2011 5:32 am

Hello:

Posting second half of OTL:

========== Files - Modified Within 30 Days ==========

[2011/07/21 21:44:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/07/21 21:05:50 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2011/07/21 20:55:21 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Has Encountered a Problem & Needs to Close When Going to a Secure Site eHow.com.url
[2011/07/21 09:54:50 | 122,962,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/07/21 09:50:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/21 09:49:12 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 23:27:53 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FAQ - Malwarebytes' Anti-Malware won't run or failed to resolve my issues - Malwarebytes Forum.url
[2011/07/19 22:55:25 | 000,684,297 | ---- | M] () -- C:\Program Files\unhide.exe
[2011/07/19 22:50:29 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2011/07/19 22:41:38 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/19 22:41:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/07/19 22:33:17 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2011/07/19 22:23:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 22:22:04 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011/07/19 21:10:18 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/19 20:27:02 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gmail Email from Google (2).url
[2011/07/19 20:13:21 | 000,000,339 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KAREN.lnk
[2011/07/19 19:50:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/19 19:48:46 | 003,216,552 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup308.exe
[2011/07/19 19:44:40 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ADVANCED SYSTEM CARE.lnk
[2011/07/19 19:11:01 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LIVE MAIL.lnk
[2011/07/19 18:26:58 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/07/19 18:18:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 22:30:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 19:10:16 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/07/18 19:10:16 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/07/18 18:34:20 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/07/13 20:41:00 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 09:52:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/13 09:42:07 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 10:07:20 | 000,193,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/27 10:26:18 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Jeffers - Pet Supplies, Equine Supplies, Livestock Supplies.url
[2011/06/22 08:47:38 | 000,546,464 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\OnlineScannerApp.exe

========== Files Created - No Company Name ==========

[2011/07/20 00:43:54 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Has Encountered a Problem & Needs to Close When Going to a Secure Site eHow.com.url
[2011/07/19 23:27:53 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FAQ - Malwarebytes' Anti-Malware won't run or failed to resolve my issues - Malwarebytes Forum.url
[2011/07/19 22:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/19 22:41:38 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/19 22:41:38 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/07/19 22:23:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 21:10:18 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/19 20:27:02 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gmail Email from Google (2).url
[2011/07/19 20:13:17 | 000,000,339 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KAREN.lnk
[2011/07/19 19:50:04 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/19 19:44:40 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ADVANCED SYSTEM CARE.lnk
[2011/07/19 19:14:36 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2011/07/19 19:11:01 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LIVE MAIL.lnk
[2011/07/18 20:00:59 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2011/07/18 20:00:59 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CENTURY REMOTE.lnk
[2011/07/18 20:00:59 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/07/18 20:00:59 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BASELINE.lnk
[2011/07/18 20:00:59 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/07/18 20:00:59 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/18 20:00:59 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa2.lnk
[2011/07/18 20:00:56 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/18 20:00:56 | 000,000,177 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop(2).ini
[2011/07/18 20:00:56 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/18 20:00:48 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/18 20:00:48 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/07/18 20:00:48 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/07/18 20:00:48 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2011/07/18 20:00:48 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB.lnk
[2011/07/18 20:00:48 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealPlayer.lnk
[2011/07/18 20:00:47 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.2.lnk
[2011/07/18 20:00:47 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/07/18 20:00:47 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/18 20:00:47 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/07/18 19:36:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 18:12:49 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/07/18 18:12:49 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/07/18 18:12:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/06/27 10:26:18 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Jeffers - Pet Supplies, Equine Supplies, Livestock Supplies.url
[2011/06/08 22:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 22:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 19:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 02:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 02:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 02:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 02:14:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 02:14:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 11:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 21:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 21:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 21:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 21:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 21:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 21:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 21:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 21:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 21:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 21:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 21:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 21:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 21:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 21:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 21:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 21:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 21:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 21:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 21:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 22:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 22:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 22:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 17:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 17:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 22:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 18:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 18:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 12:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 11:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 18:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 14:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 09:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/04 00:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 16:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 15:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 18:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 20:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 20:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 14:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 14:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 11:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 19:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/07 23:55:23 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/05/07 23:55:23 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/25 01:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/25 00:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 22:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 18:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 17:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 17:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 17:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 04:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 23:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 17:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 17:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 17:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 17:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 15:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 15:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 11:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 18:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 13:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 13:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 13:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 21:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 21:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 21:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 16:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 18:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 18:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 18:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 18:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 01:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 01:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 23:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 14:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 14:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 15:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 15:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 17:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 17:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 14:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 14:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 14:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 14:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 11:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 18:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 18:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 17:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 17:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 17:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 18:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 18:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 18:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 15:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 15:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 14:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 14:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 13:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 13:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 13:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 13:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 13:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 13:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 05:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 05:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 05:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 13:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 13:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 13:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 13:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 13:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 13:41:25 | 000,462,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 13:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 13:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 13:41:21 | 000,078,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 13:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 13:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 13:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 13:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 13:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 13:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 13:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 13:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 13:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 13:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 13:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 13:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2002/11/14 12:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 12:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 12:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/17 15:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/11/09 15:01:31 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\WGAErrLog.txt

< %USERPROFILE%\Desktop\*.exe >
[2011/06/22 08:47:38 | 000,546,464 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\OnlineScannerApp.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/04/23 18:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\$AVG8.VAULT$
[2011/02/02 16:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/11/30 23:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/05/17 17:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/27 14:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/10/01 00:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2007/06/30 22:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\BJPrinter
[2005/04/26 14:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/06/15 21:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/07/19 19:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/03/11 12:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2011/07/18 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/07/19 21:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/05/28 19:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\d88344bada9ec73596
[2011/06/24 13:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2008/06/04 21:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/05/10 09:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2011/07/20 00:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/07/18 20:28:45 | 000,000,000 | ---D | M] -- C:\Program Files\HandsFree
[2010/04/21 09:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/15 19:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/23 20:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/07/19 22:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/05/07 23:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/08/26 12:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2004/05/28 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/20 17:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/09/18 23:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/11 12:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/11 18:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/10/05 23:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/05/07 23:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/28 13:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/18 23:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/19 13:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/07 23:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/19 23:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 16:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/04 00:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop_albumSE_en_us_320
[2011/04/29 12:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/12/25 21:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/05 23:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/11/05 22:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\s450Win2kXPv162
[2006/11/06 18:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/12/24 21:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/07/19 22:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/19 21:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/10/13 20:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2008/05/18 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Updater5
[2011/03/12 16:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2009/06/05 11:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch
[2011/07/19 22:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/05/09 15:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/05/09 15:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 13:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008/09/18 23:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/27 00:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/23 23:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/12/24 20:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/07 23:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/05 10:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/05/28 14:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/05/28 13:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 13:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/16 13:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/19 11:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 03:42:48

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Fri Jul 22, 2011 5:52 am

Hello:

Posting aswMBR:

aswMBR version 0.9.8.945 Copyright(c) 2011 AVAST Software
Run date: 2011-07-21 22:42:23
-----------------------------
22:42:23.879 OS Version: Windows 5.1.2600 Service Pack 3
22:42:23.879 Number of processors: 1 586 0x209
22:42:23.879 ComputerName: KURTCOMPUTER UserName: Owner
22:42:24.614 Initialize success
22:42:33.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:42:33.504 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
22:42:33.536 Disk 0 MBR read successfully
22:42:33.536 Disk 0 MBR scan
22:42:33.536 Disk 0 TDL4@MBR code has been found
22:42:33.536 Disk 0 Windows XP default MBR code found via API
22:42:33.551 Disk 0 MBR hidden
22:42:33.551 Disk 0 MBR [TDL4] **ROOTKIT**
22:42:33.551 Disk 0 trace - called modules:
22:42:33.567 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5a4f16]<<
22:42:33.567 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60bab8]
22:42:33.567 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a591d98]
22:42:33.582 \Driver\atapi[0x8a592f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a5a4f16
22:42:33.582 Scan finished successfully
22:43:39.317 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:43:39.332 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
--------------------------
For the SECURITY:

The scan said preparing and done and nothing resulted. I did this twice and got nothing to post.

Thanks,
Karen


karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Fri Jul 22, 2011 7:33 am

Hello:

I know that you have not had time to look at my posts yet but I am having another irritating problem. I went to a website that I use all the time to send a birthday card to my friend. I wanted to check out a few cards before I selected one for her. The sound does not play on the website anymore. I tried to go to Amazon.com and play music from there and I am not able to do so. I have sounds on my computer just fine such as when I log on and hit the wrong key or something. I am stumped on this one.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Sat Jul 23, 2011 6:50 am

Hello:

I was able to the Security Scan and get results. I will paste the results now. Also, I continue to not be able to hear sound on the internet on such websites as You Tube, etc. I do have sound on my computer and hear things such as when pages open or close and when my email arrives, etc. This inability to hear sounds on the internet was reported to the twit at Dell when he purported to fix my computer. Continuing today I am getting many, many error messages regarding the internet. My IE8 now abruptly closes.

Pasting the Security Check:
Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Thanks ,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Sat Jul 23, 2011 6:33 pm

BUMP (Original post was on 07/21/11)

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by Belahzur on Sat Jul 23, 2011 8:39 pm

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Sat Jul 23, 2011 9:14 pm

Hi Belahzur:

I did the TDSSKiller and the first time it found something and asked to reboot. I did not get a report. I will try to look in the C:\ directory for the first report. Here is the second report done when I scanned the second time.

2011/07/23 14:06:04.0093 3832 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 14:06:04.0671 3832 ================================================================================
2011/07/23 14:06:04.0671 3832 SystemInfo:
2011/07/23 14:06:04.0671 3832
2011/07/23 14:06:04.0671 3832 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/23 14:06:04.0671 3832 Product type: Workstation
2011/07/23 14:06:04.0671 3832 ComputerName: KURTCOMPUTER
2011/07/23 14:06:04.0671 3832 UserName: Owner
2011/07/23 14:06:04.0671 3832 Windows directory: C:\WINDOWS
2011/07/23 14:06:04.0671 3832 System windows directory: C:\WINDOWS
2011/07/23 14:06:04.0671 3832 Processor architecture: Intel x86
2011/07/23 14:06:04.0671 3832 Number of processors: 1
2011/07/23 14:06:04.0671 3832 Page size: 0x1000
2011/07/23 14:06:04.0671 3832 Boot type: Normal boot
2011/07/23 14:06:04.0671 3832 ================================================================================
2011/07/23 14:06:09.0078 3832 Initialize success
2011/07/23 14:06:15.0703 3892 ================================================================================
2011/07/23 14:06:15.0703 3892 Scan started
2011/07/23 14:06:15.0703 3892 Mode: Manual;
2011/07/23 14:06:15.0703 3892 ================================================================================
2011/07/23 14:06:17.0140 3892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/23 14:06:17.0328 3892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/23 14:06:17.0609 3892 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/23 14:06:17.0796 3892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/23 14:06:18.0031 3892 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/07/23 14:06:18.0281 3892 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/23 14:06:19.0265 3892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/23 14:06:19.0468 3892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/23 14:06:19.0718 3892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/23 14:06:19.0906 3892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/23 14:06:20.0125 3892 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/07/23 14:06:20.0312 3892 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/07/23 14:06:20.0515 3892 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/07/23 14:06:20.0703 3892 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/07/23 14:06:20.0906 3892 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/07/23 14:06:21.0093 3892 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/23 14:06:21.0343 3892 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/23 14:06:21.0593 3892 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/07/23 14:06:21.0890 3892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/23 14:06:22.0687 3892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/23 14:06:22.0890 3892 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/23 14:06:23.0171 3892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/23 14:06:23.0343 3892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/23 14:06:23.0500 3892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/23 14:06:23.0859 3892 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
2011/07/23 14:06:24.0468 3892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/23 14:06:24.0703 3892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/23 14:06:24.0984 3892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/23 14:06:25.0171 3892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/23 14:06:25.0375 3892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/23 14:06:25.0656 3892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/23 14:06:25.0937 3892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/23 14:06:26.0125 3892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/23 14:06:26.0312 3892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/23 14:06:26.0484 3892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/23 14:06:26.0671 3892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/23 14:06:26.0859 3892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/23 14:06:27.0046 3892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/23 14:06:27.0234 3892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/23 14:06:27.0531 3892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/23 14:06:27.0921 3892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/23 14:06:28.0187 3892 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/23 14:06:28.0437 3892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/23 14:06:28.0734 3892 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/23 14:06:28.0937 3892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/23 14:06:29.0109 3892 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/23 14:06:29.0296 3892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/23 14:06:29.0484 3892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/23 14:06:29.0671 3892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/23 14:06:29.0859 3892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/23 14:06:30.0031 3892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/23 14:06:30.0203 3892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/23 14:06:30.0390 3892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/23 14:06:30.0578 3892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/23 14:06:30.0765 3892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/23 14:06:31.0140 3892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/23 14:06:31.0328 3892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/23 14:06:31.0812 3892 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/23 14:06:32.0515 3892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/23 14:06:32.0671 3892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/23 14:06:33.0609 3892 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/23 14:06:33.0656 3892 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/07/23 14:06:33.0703 3892 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/07/23 14:06:33.0734 3892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/23 14:06:33.0968 3892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/23 14:06:34.0234 3892 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/23 14:06:34.0953 3892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/23 14:06:35.0125 3892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/23 14:06:35.0296 3892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/23 14:06:35.0453 3892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/23 14:06:35.0640 3892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/23 14:06:35.0781 3892 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/23 14:06:36.0140 3892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/23 14:06:38.0046 3892 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/23 14:06:38.0250 3892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/23 14:06:38.0390 3892 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/23 14:06:38.0578 3892 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/23 14:06:38.0718 3892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/23 14:06:38.0906 3892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/23 14:06:39.0078 3892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/23 14:06:39.0234 3892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/23 14:06:39.0406 3892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/23 14:06:40.0046 3892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/23 14:06:41.0468 3892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/23 14:06:41.0656 3892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/23 14:06:41.0812 3892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/23 14:06:42.0062 3892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/23 14:06:42.0234 3892 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/07/23 14:06:42.0984 3892 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/07/23 14:06:43.0187 3892 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/07/23 14:06:44.0468 3892 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/23 14:06:46.0812 3892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/23 14:06:47.0312 3892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/23 14:06:47.0484 3892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/23 14:06:47.0640 3892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/23 14:06:47.0890 3892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/23 14:06:48.0140 3892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/23 14:06:50.0453 3892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/23 14:06:51.0484 3892 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/23 14:06:52.0109 3892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/23 14:06:52.0281 3892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/23 14:06:52.0453 3892 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/23 14:06:56.0359 3892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/23 14:06:56.0781 3892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/23 14:06:57.0000 3892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/23 14:06:57.0171 3892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/23 14:06:57.0343 3892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/23 14:06:57.0968 3892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/23 14:06:59.0671 3892 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/23 14:07:00.0015 3892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/23 14:07:00.0515 3892 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/23 14:07:01.0656 3892 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/23 14:07:02.0703 3892 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/23 14:07:04.0828 3892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/23 14:07:05.0031 3892 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/23 14:07:05.0187 3892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/23 14:07:05.0390 3892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/23 14:07:06.0781 3892 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/23 14:07:09.0140 3892 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/07/23 14:07:09.0468 3892 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/23 14:07:09.0750 3892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/23 14:07:09.0968 3892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/23 14:07:10.0171 3892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/23 14:07:10.0671 3892 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/23 14:07:11.0593 3892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/23 14:07:11.0765 3892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/23 14:07:13.0156 3892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/23 14:07:13.0375 3892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/23 14:07:13.0546 3892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/23 14:07:13.0718 3892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/23 14:07:13.0937 3892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/23 14:07:14.0390 3892 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/07/23 14:07:14.0906 3892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/23 14:07:15.0250 3892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/23 14:07:15.0484 3892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/23 14:07:15.0687 3892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/23 14:07:15.0859 3892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/23 14:07:16.0031 3892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/23 14:07:16.0234 3892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/23 14:07:16.0562 3892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/23 14:07:16.0796 3892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 14:07:17.0000 3892 vsdatant (699fd04ec634bb3681f11b427f852187) C:\WINDOWS\System32\vsdatant.sys
2011/07/23 14:07:18.0125 3892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/23 14:07:18.0359 3892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/23 14:07:18.0625 3892 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/23 14:07:18.0812 3892 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/23 14:07:19.0000 3892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/23 14:07:19.0187 3892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/23 14:07:19.0453 3892 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/23 14:07:19.0937 3892 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/23 14:07:20.0218 3892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/23 14:07:20.0562 3892 Boot (0x1200) (d1daff5b33fc746ebc58adaec37e6bbc) \Device\Harddisk0\DR0\Partition0
2011/07/23 14:07:20.0578 3892 ================================================================================
2011/07/23 14:07:20.0578 3892 Scan finished
2011/07/23 14:07:20.0578 3892 ================================================================================
2011/07/23 14:07:20.0625 3884 Detected object count: 0
2011/07/23 14:07:20.0625 3884 Actual detected object count: 0
-------------

first report:

2011/07/23 13:55:43.0625 1372 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 13:55:44.0187 1372 ================================================================================
2011/07/23 13:55:44.0187 1372 SystemInfo:
2011/07/23 13:55:44.0187 1372
2011/07/23 13:55:44.0187 1372 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/23 13:55:44.0187 1372 Product type: Workstation
2011/07/23 13:55:44.0187 1372 ComputerName: KURTCOMPUTER
2011/07/23 13:55:44.0187 1372 UserName: Owner
2011/07/23 13:55:44.0187 1372 Windows directory: C:\WINDOWS
2011/07/23 13:55:44.0187 1372 System windows directory: C:\WINDOWS
2011/07/23 13:55:44.0187 1372 Processor architecture: Intel x86
2011/07/23 13:55:44.0187 1372 Number of processors: 1
2011/07/23 13:55:44.0187 1372 Page size: 0x1000
2011/07/23 13:55:44.0187 1372 Boot type: Normal boot
2011/07/23 13:55:44.0187 1372 ================================================================================
2011/07/23 13:55:57.0125 1372 !crdlk
2011/07/23 13:55:57.0843 1372 Initialize success
2011/07/23 13:56:02.0968 3348 ================================================================================
2011/07/23 13:56:02.0968 3348 Scan started
2011/07/23 13:56:02.0968 3348 Mode: Manual;
2011/07/23 13:56:02.0968 3348 ================================================================================
2011/07/23 13:56:05.0453 3348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/23 13:56:05.0734 3348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/23 13:56:06.0359 3348 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/23 13:56:07.0015 3348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/23 13:56:07.0437 3348 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/07/23 13:56:07.0937 3348 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/23 13:56:10.0328 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/23 13:56:10.0703 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/23 13:56:11.0312 3348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/23 13:56:11.0593 3348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/23 13:56:11.0953 3348 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/07/23 13:56:12.0390 3348 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/07/23 13:56:12.0750 3348 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/07/23 13:56:13.0062 3348 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/07/23 13:56:13.0375 3348 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/07/23 13:56:13.0781 3348 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/23 13:56:14.0203 3348 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/23 13:56:14.0781 3348 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/07/23 13:56:15.0296 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/23 13:56:16.0140 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/23 13:56:16.0421 3348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/23 13:56:16.0890 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/23 13:56:17.0140 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/23 13:56:17.0375 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/23 13:56:18.0031 3348 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
2011/07/23 13:56:19.0218 3348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/23 13:56:19.0609 3348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/23 13:56:19.0921 3348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/23 13:56:20.0140 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/23 13:56:20.0437 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/23 13:56:20.0968 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/23 13:56:21.0343 3348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/23 13:56:21.0578 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/23 13:56:21.0812 3348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/23 13:56:22.0015 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/23 13:56:22.0250 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/23 13:56:22.0593 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/23 13:56:22.0859 3348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/23 13:56:23.0109 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/23 13:56:23.0796 3348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/23 13:56:24.0593 3348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/23 13:56:25.0000 3348 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/23 13:56:25.0578 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/23 13:56:26.0203 3348 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/23 13:56:26.0562 3348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/23 13:56:26.0859 3348 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/23 13:56:27.0140 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/23 13:56:27.0468 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/23 13:56:27.0921 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/23 13:56:28.0234 3348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/23 13:56:28.0593 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/23 13:56:29.0125 3348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/23 13:56:29.0546 3348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/23 13:56:29.0890 3348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/23 13:56:30.0359 3348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/23 13:56:31.0296 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/23 13:56:31.0687 3348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/23 13:56:31.0937 3348 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/23 13:56:32.0375 3348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/23 13:56:32.0656 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/23 13:56:33.0500 3348 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/23 13:56:33.0890 3348 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/07/23 13:56:34.0375 3348 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/07/23 13:56:34.0656 3348 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/23 13:56:35.0171 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/23 13:56:35.0609 3348 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/23 13:56:36.0390 3348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/23 13:56:37.0000 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/23 13:56:37.0421 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/23 13:56:37.0906 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/23 13:56:38.0343 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/23 13:56:38.0640 3348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/23 13:56:39.0046 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/23 13:56:39.0421 3348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/23 13:56:40.0203 3348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/23 13:56:40.0718 3348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/23 13:56:41.0078 3348 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/23 13:56:41.0578 3348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/23 13:56:41.0812 3348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/23 13:56:42.0062 3348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/23 13:56:42.0312 3348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/23 13:56:42.0609 3348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/23 13:56:43.0468 3348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/23 13:56:43.0765 3348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/23 13:56:44.0265 3348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/23 13:56:44.0500 3348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/23 13:56:44.0750 3348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/23 13:56:45.0015 3348 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/07/23 13:56:45.0296 3348 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/07/23 13:56:45.0562 3348 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/07/23 13:56:45.0906 3348 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/23 13:56:46.0468 3348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/23 13:56:46.0796 3348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/23 13:56:47.0140 3348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/23 13:56:47.0515 3348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/23 13:56:47.0953 3348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/23 13:56:48.0171 3348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/23 13:56:50.0625 3348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/23 13:56:50.0937 3348 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/23 13:56:51.0187 3348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/23 13:56:51.0453 3348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/23 13:56:51.0796 3348 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/23 13:56:52.0953 3348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/23 13:56:53.0234 3348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/23 13:56:53.0546 3348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/23 13:56:53.0859 3348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/23 13:56:54.0156 3348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/23 13:56:54.0500 3348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/23 13:56:54.0796 3348 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/23 13:56:55.0984 3348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/23 13:56:56.0718 3348 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/23 13:56:57.0046 3348 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/23 13:56:57.0421 3348 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/23 13:56:57.0890 3348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/23 13:56:58.0203 3348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/23 13:56:58.0453 3348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/23 13:56:58.0796 3348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/23 13:56:59.0328 3348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/23 13:56:59.0687 3348 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/07/23 13:56:59.0953 3348 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/23 13:57:00.0546 3348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/23 13:57:00.0875 3348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/23 13:57:02.0234 3348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/23 13:57:03.0015 3348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/23 13:57:03.0593 3348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/23 13:57:03.0984 3348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/23 13:57:05.0156 3348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/23 13:57:05.0546 3348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/23 13:57:06.0000 3348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/23 13:57:06.0203 3348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/23 13:57:06.0453 3348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/23 13:57:08.0296 3348 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/07/23 13:57:09.0515 3348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/23 13:57:10.0328 3348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/23 13:57:11.0203 3348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/23 13:57:11.0609 3348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/23 13:57:11.0906 3348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/23 13:57:12.0296 3348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/23 13:57:12.0640 3348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/23 13:57:13.0718 3348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/23 13:57:14.0796 3348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 13:57:15.0203 3348 vsdatant (699fd04ec634bb3681f11b427f852187) C:\WINDOWS\System32\vsdatant.sys
2011/07/23 13:57:18.0171 3348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/23 13:57:18.0843 3348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/23 13:57:21.0437 3348 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/23 13:57:22.0437 3348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/23 13:57:23.0265 3348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/23 13:57:23.0687 3348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/23 13:57:25.0171 3348 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/23 13:57:26.0687 3348 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/23 13:57:27.0000 3348 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/23 13:57:27.0125 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/23 13:57:27.0453 3348 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR10
2011/07/23 13:57:27.0703 3348 Boot (0x1200) (d1daff5b33fc746ebc58adaec37e6bbc) \Device\Harddisk0\DR0\Partition0
2011/07/23 13:57:27.0812 3348 Boot (0x1200) (4675854a824d78c5ecc85b5e64a8cf83) \Device\Harddisk1\DR10\Partition0
2011/07/23 13:57:27.0937 3348 ================================================================================
2011/07/23 13:57:27.0937 3348 Scan finished
2011/07/23 13:57:27.0937 3348 ================================================================================
2011/07/23 13:57:28.0046 1664 Detected object count: 1
2011/07/23 13:57:28.0046 1664 Actual detected object count: 1
2011/07/23 13:58:24.0093 1664 \Device\Harddisk0\DR0 - processing error
2011/07/23 13:58:47.0937 1664 \Device\Harddisk0\DR0 - will be restored after reboot
2011/07/23 13:58:47.0937 1664 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure Restore
2011/07/23 14:01:14.0265 3928 Deinitialize success
----------
Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by Belahzur on Sat Jul 23, 2011 10:24 pm

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Sun Jul 24, 2011 4:03 am

Hello Belahzur:

Here is the Combfix log:

ComboFix 11-07-23.04 - Owner 07/23/2011 20:36:38.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1677 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\PCHelpForum.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Start Menu\Programs\System Repair
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\advapi32(2).dll
c:\windows\system32\advapi32(3)(3).dll
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\Drivers\afd(2).sys
c:\windows\system32\kernel32(2).dll
c:\windows\system32\kernel32(3)(3).dll
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\regsvr32(2).exe
c:\windows\system32\services(2).exe
c:\windows\system32\services(3)(2).exe
c:\windows\system32\userinit(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 09:03 . 2011-07-23 09:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-23 02:31 . 2011-07-23 02:34 -------- dc-h--w- c:\windows\ie8
2011-07-22 08:54 . 2011-07-23 08:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-20 07:45 . 2011-07-20 07:45 -------- d-----w- c:\program files\ESET
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2011-07-20 04:04 . 2011-07-20 04:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-20 04:01 . 2011-07-20 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-07-20 02:49 . 2011-07-20 02:50 -------- d-----w- c:\program files\CCleaner
2011-07-19 05:29 . 2011-07-22 09:01 -------- d-----w- c:\windows\system32\Adobe
2011-07-19 05:02 . 2011-07-19 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-07-19 03:28 . 2011-07-19 03:28 -------- d-----w- c:\program files\HandsFree
2011-07-19 02:16 . 2011-07-19 02:16 -------- d-----w- c:\program files\Citrix
2011-07-19 00:56 . 2011-07-19 00:56 -------- dc----w- C:\$AVG
2011-07-18 05:36 . 2011-07-20 02:48 3216552 ----a-w- c:\program files\ccsetup308.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 05:33 . 2010-07-24 19:14 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-06-16 00:32 . 2011-06-16 00:32 547200 ----a-w- c:\program files\WindowsXP-KB2535512-x86-ENU.exe
2011-06-15 23:38 . 2011-06-15 23:38 719232 ----a-w- c:\program files\WindowsXP-KB2536276-x86-ENU.exe
2011-06-15 19:14 . 2011-06-15 19:14 10494336 ----a-w- c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
2011-06-15 17:39 . 2011-06-15 17:39 788352 ----a-w- c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
2011-06-15 16:25 . 2011-06-15 16:25 566144 ----a-w- c:\program files\WindowsXP-KB2503665-x86-ENU.exe
2011-06-15 15:09 . 2011-06-15 15:09 802176 ----a-w- c:\program files\WindowsXP-KB2544893-x86-ENU.exe
2011-06-09 05:28 . 2011-01-07 05:45 4349192 ----a-w- c:\program files\defragsetup.exe
2011-06-02 14:02 . 2003-07-16 20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 22:04 . 2011-05-22 22:04 3063136 ----a-w- c:\program files\ccsetup306.exe
2011-05-02 15:31 . 2004-06-07 21:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2003-07-16 20:43 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-04-21 00:41 . 2011-03-28 16:14 3050664 ----a-w- c:\program files\ccsetup305.exe
2011-03-29 17:48 . 2010-05-12 20:27 8144744 ----a-w- c:\program files\asc-setup.exe
2011-02-11 20:27 . 2011-02-11 20:27 5300552 ----a-w- c:\program files\smart-defrag-setup-beta.exe
2011-02-04 09:59 . 2011-02-04 09:59 4738880 ----a-w- c:\program files\avg_free_stb_all_2011_1204_cnet.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-10-03 21:10 . 2010-10-03 21:10 1367912 ----a-w- c:\program files\NDP35SP1-KB2416473-x86.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-09-01 18:40 . 2010-09-01 18:40 3194296 ----a-w- c:\program files\spywareblastersetup44.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-07-14 02:38 . 2010-07-14 02:38 745344 ----a-w- c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-04-15 05:37 . 2010-04-15 05:36 3103640 ----a-w- c:\program files\spywareblastersetup43.exe
2010-02-21 19:57 . 2009-09-20 19:38 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 22:47 . 2009-10-25 22:46 47205472 ----a-w- c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-07-15 07:12 . 2009-07-15 07:12 498544 ----a-w- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-15 05:58 . 2009-07-15 05:57 1044856 ----a-w- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-15 05:55 . 2009-07-15 05:55 569208 ----a-w- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-06-05 04:01 . 2009-06-05 01:19 9234289 ----a-w- c:\program files\7100.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-28 21:56 . 2009-04-28 21:55 16883056 ----a-w- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-03-11 19:39 . 2009-03-11 19:39 1466768 ----a-w- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 19:35 . 2009-03-11 19:35 569712 ----a-w- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-02-10 23:33 . 2009-02-10 23:33 498032 ----a-w- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 23:19 . 2009-02-10 23:19 9006448 ----a-w- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-29 00:06 . 2009-01-28 23:48 242743296 ----a-w- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-15 05:31 . 2009-01-15 05:31 658288 ----a-w- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-12-17 22:04 . 2008-12-17 22:04 2552176 -c--a-w- c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 22:01 . 2008-12-17 22:01 1861488 -c--a-w- c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 22:50 . 2008-12-11 22:50 9005936 ----a-w- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 22:42 . 2008-12-11 22:42 639856 ----a-w- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 22:40 . 2008-12-11 22:40 6483344 ----a-w- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 22:35 . 2008-12-11 22:35 606064 ----a-w- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 22:29 . 2008-12-11 22:29 523120 ----a-w- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-12 04:03 . 2008-11-12 04:03 725360 ----a-w- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-12 03:58 . 2008-11-12 03:58 1248808 ----a-w- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-12 03:54 . 2008-11-12 03:54 952840 ----a-w- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-12 03:42 . 2008-11-12 03:41 5687304 ----a-w- c:\program files\msxml4-KB954430-enu.exe
2008-11-12 03:31 . 2008-11-12 03:31 926760 ----a-w- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 04:17 . 2006-10-28 04:16 523576 -c--a-w- c:\program files\WindowsXP-KB920670-x86-ENU.exe
2006-10-28 04:16 . 2006-10-28 04:16 4479288 -c--a-w- c:\program files\WindowsXP-KB921398-x86-ENU.exe
2006-10-28 04:14 . 2006-10-28 04:14 607544 -c--a-w- c:\program files\WindowsXP-KB920683-x86-ENU.exe
2006-10-28 04:13 . 2006-10-28 04:13 701752 -c--a-w- c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-10-28 00:46 . 2006-10-28 00:46 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 17:19 . 2006-10-27 17:19 681784 -c--a-w- c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07 . 2006-08-02 19:07 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/8/2011 10:30 PM 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 1:47 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-23 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-07-23 20:53:51
ComboFix-quarantined-files.txt 2011-07-24 03:53
.
Pre-Run: 16,463,097,856 bytes free
Post-Run: 16,493,400,064 bytes free
.
- - End Of File - - CDCDD20B5C58479EE6047693FBECD2E8
-----------------------------

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by Belahzur on Wed Jul 27, 2011 1:24 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Sun Aug 14, 2011 11:06 pm

Dear Belahzur:

I am sorry that I did not respond sooner. I have been ill. Here is the log from Eset.

Thanks
-------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=3ff0cafc4f63da4682be387079e9f359
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-14 09:37:44
# local_time=2011-08-14 02:37:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 95 0 55685984 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59136
# found=0
# cleaned=0
# scan_time=8298

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by Belahzur on Mon Aug 15, 2011 6:27 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TROJAN ATTACK

Post by karenor on Tue Aug 16, 2011 12:46 am

Hi Belahzur:

Here is the Hijack this information.

Thanks,
Karen

----

Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
AVG 2011
AVG 2011
AVG 2011
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner
CenturyLink Help
CenturyLink Remote Control
Dell ResourceCD
Form Fill (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) Extreme Graphics Driver
Junk Mail filter update
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Picasa 2
PMB
RealPlayer
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Segoe UI
Smart Defrag 2
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB971029)
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Messenger 5.1
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WordPerfect Office 11
XVID Codec Installation

----

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum