BACK DOOR BOT OR TROJAN

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

BACK DOOR BOT OR TROJAN

Post by karenor on Sun 22 Jan 2012, 6:24 pm

I have been infected before by the Back Door Bot and Trojan Agent. My computer all of a sudden has gotten very slow. This is usually what happens right before I get infected. I am running Windows XP with Service Pack 3. All items are up to date on my computer. I also have the following items on my computer: Spy Bot, CCleaner, AVG, Super Anti Spyware, Baseline Security Analyzer and Advanced System Care.

I had recently run a ESET scan when the computer began to get slow and it found and removed three items. Computer is still slow and is acting like it is infected.

I am posting logs now.

Thanks in advance for helping me.
Karen
--------------------
OTL logfile created on: 1/21/2012 10:53:02 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.87% Memory free
2.79 Gb Paging File | 2.33 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.59 Gb Free Space | 39.16% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe


karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 22 Jan 2012, 6:30 pm

Hello:

Having to post more OTL as I could not post all of it in the first post.

Karen
-----------------------------------------------
Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/11/09 14:01:31 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\WGAErrLog.txt

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/04/23 17:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\$AVG8.VAULT$
[2011/02/02 15:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/11/30 22:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/09/14 10:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/29 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/27 13:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/09/30 23:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2007/06/30 21:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\BJPrinter
[2005/04/26 13:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/06/15 20:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/10/26 20:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/03/11 11:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2012/01/15 03:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/05/10 08:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2012/01/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/12/15 13:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/23 19:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2008/05/07 22:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/01/05 14:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/08/26 11:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/20 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/14 16:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/09/18 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/12 18:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/03/11 11:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/11 17:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/10/05 22:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/05/07 22:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/28 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/18 22:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/19 12:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/07 22:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/19 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 15:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/03 23:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop_albumSE_en_us_320
[2011/04/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2011/09/14 11:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/25 20:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/05 22:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/11/05 21:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\s450Win2kXPv162
[2006/11/06 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/12/24 20:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/07/24 19:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/14 08:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2011/07/19 20:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/10/13 19:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2008/05/18 11:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Updater5
[2011/03/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2009/06/05 10:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch
[2011/07/19 21:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/05/09 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/05/09 14:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2012/01/05 15:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/26 23:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/23 22:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/21 23:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/07 22:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/05 09:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/05/28 13:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-11 06:49:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 22 Jan 2012, 6:46 pm

Hello:

Posted OTL and will now post other required items.

Thanks,
Karen
-------------------------
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 23:34:47
-----------------------------
23:34:47.859 OS Version: Windows 5.1.2600 Service Pack 3
23:34:47.859 Number of processors: 1 586 0x209
23:34:47.859 ComputerName: KURTCOMPUTER UserName: Owner
23:34:50.109 Initialize success
23:35:24.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:35:24.140 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
23:35:24.171 Disk 0 MBR read successfully
23:35:24.171 Disk 0 MBR scan
23:35:24.187 Disk 0 Windows XP default MBR code
23:35:24.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
23:35:24.187 Disk 0 scanning sectors +78140160
23:35:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
23:35:43.687 Service scanning
23:35:45.406 Modules scanning
23:35:54.812 Disk 0 trace - called modules:
23:35:54.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:35:54.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5aaab8]
23:35:54.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5abd98]
23:35:54.859 Scan finished successfully
23:36:30.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:36:30.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


------------
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender Signatures
CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 24 Jan 2012, 9:12 am

BUMP please.

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue 24 Jan 2012, 1:54 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

********************************************
P2P - I see you have P2P software installed on your machine. (BearShare)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )


Last edited by Superdave on Wed 25 Jan 2012, 11:02 am; edited 1 time in total

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 24 Jan 2012, 2:31 pm

Hello Super Dave:

Thanks for agreeing to help me out. I am posting the items you requested.

Karen
------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:24:28 on 2012-01-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mbam-setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-K5CV6.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - [You must be registered and logged in to see this link.]
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-11-12 54760]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-6-3 228344]
S4 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]
.
=============== Created Last 30 ================
.
2012-01-24 03:22:15 -------- dc----w- C:\_OTL
2012-01-24 03:21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:20:44 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18:20 -------- d-----w- c:\program files\ESET
2012-01-16 22:21:55 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-16 22:21:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-28 04:29:24 3562624 ----a-w- c:\program files\ccsetup314.exe
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48:54 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56:27 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12:45 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-24 03:56:27 5570000 ----a-w- c:\program files\avg_free_stb_en_2011_1390_free.exe
2011-07-23 09:00:17 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55:25 684297 ----a-w- c:\program files\unhide.exe
2011-06-16 00:32:56 547200 ----a-w- c:\program files\WindowsXP-KB2535512-x86-ENU.exe
2011-06-15 23:38:56 719232 ----a-w- c:\program files\WindowsXP-KB2536276-x86-ENU.exe
2011-06-15 19:14:29 10494336 ----a-w- c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
2011-06-15 17:39:33 788352 ----a-w- c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
2011-06-15 16:25:03 566144 ----a-w- c:\program files\WindowsXP-KB2503665-x86-ENU.exe
2011-06-15 15:09:32 802176 ----a-w- c:\program files\WindowsXP-KB2544893-x86-ENU.exe
2011-02-04 09:59:58 4738880 ----a-w- c:\program files\avg_free_stb_all_2011_1204_cnet.exe
2010-12-26 06:19:56 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03:20 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47:18 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18:23 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-10-03 21:10:46 1367912 ----a-w- c:\program files\NDP35SP1-KB2416473-x86.exe
2010-09-12 01:42:33 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15:26 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-07-14 02:38:55 745344 ----a-w- c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
2010-05-22 22:28:32 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37:56 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57:41 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35:28 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04:01 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 22:47:55 47205472 ----a-w- c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
2009-10-25 20:03:19 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54:04 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35:03 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24:03 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-07-15 07:12:13 498544 ----a-w- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-15 05:58:01 1044856 ----a-w- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-15 05:55:40 569208 ----a-w- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-06-05 04:01:53 9234289 ----a-w- c:\program files\7100.exe
2009-06-04 21:16:13 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-28 21:56:05 16883056 ----a-w- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-01 03:21:35 224 -c--a-w- c:\program files\fix.bat
2009-03-11 19:39:35 1466768 ----a-w- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 19:35:49 569712 ----a-w- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-02-10 23:33:21 498032 ----a-w- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 23:19:12 9006448 ----a-w- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-29 00:06:27 242743296 ----a-w- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-15 05:31:45 658288 ----a-w- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-02 22:57:39 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-12-17 22:04:39 2552176 -c--a-w- c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 22:01:54 1861488 -c--a-w- c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 22:50:29 9005936 ----a-w- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 22:42:56 639856 ----a-w- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 22:40:10 6483344 ----a-w- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 22:35:17 606064 ----a-w- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 22:29:29 523120 ----a-w- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-12 04:03:10 725360 ----a-w- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-12 03:58:19 1248808 ----a-w- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-12 03:54:35 952840 ----a-w- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-12 03:42:29 5687304 ----a-w- c:\program files\msxml4-KB954430-enu.exe
2008-11-12 03:31:49 926760 ----a-w- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-06-23 17:11:54 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32:30 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58:46 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44:05 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49:20 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 04:17:00 523576 -c--a-w- c:\program files\WindowsXP-KB920670-x86-ENU.exe
2006-10-28 04:16:02 4479288 -c--a-w- c:\program files\WindowsXP-KB921398-x86-ENU.exe
2006-10-28 04:14:08 607544 -c--a-w- c:\program files\WindowsXP-KB920683-x86-ENU.exe
2006-10-28 04:13:03 701752 -c--a-w- c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-10-28 00:46:25 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 17:19:09 681784 -c--a-w- c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
2006-10-27 16:50:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07:44 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24:09 561 -c--a-w- c:\program files\os449133.bin
.
============= FINISH: 19:26:45.06 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2004 1:12:34 PM
System Uptime: 1/23/2012 8:22:21 AM (11 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 14.416 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3062: 11/30/2011 9:14:58 PM - System Checkpoint
RP3063: 12/1/2011 9:56:17 PM - System Checkpoint
RP3064: 12/3/2011 11:59:36 AM - System Checkpoint
RP3065: 12/3/2011 2:46:30 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware version 1.51.2.1300
RP3066: 12/5/2011 9:37:14 AM - System Checkpoint
RP3067: 12/6/2011 10:05:22 AM - System Checkpoint
RP3068: 12/8/2011 8:02:21 PM - System Checkpoint
RP3069: 12/9/2011 9:33:39 PM - System Checkpoint
RP3070: 12/15/2011 11:08:26 AM - System Checkpoint
RP3071: 12/15/2011 1:39:12 PM - Software Distribution Service 3.0
RP3072: 12/17/2011 10:54:19 AM - System Checkpoint
RP3073: 12/22/2011 2:27:59 PM - System Checkpoint
RP3074: 12/23/2011 3:04:08 PM - System Checkpoint
RP3075: 12/24/2011 3:49:00 PM - System Checkpoint
RP3076: 12/25/2011 4:02:24 PM - System Checkpoint
RP3077: 12/26/2011 4:20:14 PM - System Checkpoint
RP3078: 12/27/2011 9:37:47 PM - System Checkpoint
RP3079: 12/31/2011 1:43:46 PM - System Checkpoint
RP3080: 1/1/2012 5:04:44 PM - System Checkpoint
RP3081: 1/3/2012 10:33:41 AM - System Checkpoint
RP3082: 1/5/2012 2:20:11 PM - Software Distribution Service 3.0
RP3083: 1/6/2012 2:28:27 PM - System Checkpoint
RP3084: 1/7/2012 7:15:58 PM - System Checkpoint
RP3085: 1/8/2012 7:55:26 PM - System Checkpoint
RP3086: 1/10/2012 10:42:01 PM - Software Distribution Service 3.0
RP3087: 1/13/2012 11:11:41 AM - System Checkpoint
RP3088: 1/14/2012 8:15:47 PM - System Checkpoint
RP3089: 1/15/2012 2:55:54 AM - Revo Uninstaller's restore point - Free 3GP Video Converter version 5.0.4.1228
RP3090: 1/16/2012 9:56:20 AM - System Checkpoint
RP3091: 1/16/2012 5:24:57 PM - Software Distribution Service 3.0
RP3092: 1/16/2012 6:18:35 PM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.60.0.1800
RP3093: 1/16/2012 8:45:13 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP3094: 1/19/2012 12:31:58 PM - System Checkpoint
RP3095: 1/21/2012 1:25:51 PM - System Checkpoint
RP3096: 1/21/2012 10:59:06 PM - OTL Restore Point - 1/21/2012 10:58:54 PM
RP3097: 1/23/2012 12:26:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
Apple Application Support
Apple Software Update
AVG 2012
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner
CenturyLink Help
CenturyLink Remote Control
Dell ResourceCD
ESET Online Scanner v3
Form Fill (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954708)
Intel(R) Extreme Graphics Driver
Internet Explorer (Enable DEP)
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Picasa 2
PMB
QuickTime
RealPlayer
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Segoe UI
Smart Defrag 2
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Messenger 5.1
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 8:03:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The TICalc service failed to start due to the following error: The system cannot find the file specified.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
1/16/2012 9:15:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Error: Unable to interpret <:Processes -- this is the command for killing processes.> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_192215

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 24 Jan 2012, 4:36 pm

Hi Super Dave:

Forgot to post the MBAM information. The MBAM is a great program that I have downloaded before. As such, I wanted to keep it on my computer and rather than leave it on the desk top where I am putting other things you have asked me to download, I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?
Posting MBAM.

Thanks,
Karen
----

Malwarebytes Anti-Malware 1.60.0.1800
[You must be registered and logged in to see this link.]

Database version: v2012.01.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KURTCOMPUTER [administrator]

1/23/2012 7:52:56 PM
mbam-log-2012-01-23 (19-52-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268888
Time elapsed: 1 hour(s), 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed 25 Jan 2012, 11:14 am

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
c:\windows\system32\SVKP.sys 

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
********************************************************
I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?
That's where it's supposed to be. I'm not sure what you mean by "were light". Could you give me a screenshot?

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu 26 Jan 2012, 3:18 pm

Hi Super Dave:

Here is my Combo Fix Log:



ComboFix 12-01-23.02 - Owner 01/25/2012 18:53:58.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1592 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\7100.exe
c:\program files\avg_free_stb_all_2011_1204_cnet.exe
c:\program files\avg_free_stb_en_2011_1390_free.exe
c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
c:\program files\msxml4-KB954430-enu.exe
c:\program files\msxml6-KB954459-enu-x86.exe
c:\program files\NDP35SP1-KB2416473-x86.exe
c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
c:\program files\WindowsXP-KB2503665-x86-ENU.exe
c:\program files\WindowsXP-KB2535512-x86-ENU.exe
c:\program files\WindowsXP-KB2536276-x86-ENU.exe
c:\program files\WindowsXP-KB2544893-x86-ENU.exe
c:\program files\WindowsXP-KB920670-x86-ENU.exe
c:\program files\WindowsXP-KB920683-x86-ENU.exe
c:\program files\WindowsXP-KB921398-x86-ENU.exe
c:\program files\WindowsXP-KB921883-x86-ENU.exe
c:\program files\WindowsXP-KB954459-x86-ENU.exe
c:\program files\WindowsXP-KB954600-x86-ENU.exe
c:\program files\WindowsXP-KB955069-x86-ENU.exe
c:\program files\WindowsXP-KB955839-x86-ENU.exe
c:\program files\WindowsXP-KB956802-x86-ENU.exe
c:\program files\WindowsXP-KB957097-x86-ENU.exe
c:\program files\WindowsXP-KB958687-x86-ENU.exe
c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
c:\program files\WindowsXP-KB960714-x86-ENU.exe
c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
c:\windows\system32\odbcad32(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 02:17 . 2012-01-26 02:38 -------- dc----w- C:\commy
2012-01-24 03:22 . 2012-01-24 03:22 -------- dc----w- C:\_OTL
2012-01-24 03:21 . 2012-01-24 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:21 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:20 . 2012-01-24 03:20 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18 . 2012-01-22 04:18 -------- d-----w- c:\program files\ESET
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-28 04:29 . 2011-12-28 04:29 3562624 ----a-w- c:\program files\ccsetup314.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 20:40 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-14 16:59 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 20:43 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2003-07-16 20:42 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-06-01 01:17 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48 . 2011-10-27 04:48 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56 . 2011-09-14 18:56 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12 . 2010-07-24 19:14 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57 . 2009-09-20 19:38 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 00:46 . 2006-10-28 00:46 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07 . 2006-08-02 19:07 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-14 421888]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"AVG_TRAY"=c:\program files\AVG\AVG10\avgtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/8/2011 9:30 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-25 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
Completion time: 2012-01-25 19:13:21
ComboFix-quarantined-files.txt 2012-01-26 03:12
.
Pre-Run: 15,442,825,216 bytes free
Post-Run: 15,409,852,416 bytes free
.
- - End Of File - - 22C7EB133A08C1B51C92E526A26B1FAD
---
The Jotti scan was not possible as it kept saying the file: c:\windows\system32\SVKP.sys did not exist.

Is there something different I can do instead of this?

Thanks,
Karen


karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri 27 Jan 2012, 6:59 am

Is there something different I can do instead of this?
No, that's ok.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri 27 Jan 2012, 5:22 pm

Hello Super Dave:

Here is the log created:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: B0B26F3C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: B0B26FE4
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: B0B27080
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: B0B2711C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\My Documents\My Albums\KAREN\PURCHASES ONLINE\HISTORICAL ASSORTED\EBAY CAMERA\CAMERA THAT DID NOT ARRIVE\Forward from My Messages_ Message from eBay Member Regarding Item #220315414783 my post office no record of arrival 12
Status: Hidden

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\ammp3.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avcodec-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avformat-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avutil-49.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common\InstallHelper.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 28 Jan 2012, 6:19 am

Please give me an update on your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 28 Jan 2012, 9:15 am

Hi Super Dave:

I am having trouble with items in my Word Perfect now with renaming files. I often will create a file by going to New and a Word Perfect document is created with the name, "New Word Perfect Document." I always immediately change that to what I want the file to be. Example: Correspondence from Super Dave. When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened? This was never like this before. I am going to do the ESET scan now, but wanted you to know about this problem. It is as if something was changed during one of the processes that you and I have done.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 28 Jan 2012, 11:03 am

It is as if something was changed during one of the processes that you and I have done.
No. None of our scans would have done that.
When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened?
When you change a name of a file you need to add the same extension that the program calls for . Ex. Notepad files at .txt. What extension does Wordperfect use? If you change the extension, the file may not work.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 28 Jan 2012, 11:34 am

Hi Super Dave:

It uses wpd. Tried that and that took care of that problem. I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.

Still waiting for ESET to finish.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 28 Jan 2012, 11:51 am

I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.
We'll get rid of all those tools when we are finished. I'll wait for the ESET scan then go from there.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 28 Jan 2012, 5:27 pm

Hi Super Dave:

It did state that there were no threats.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098


Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun 29 Jan 2012, 6:06 am

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 29 Jan 2012, 4:13 pm

Hi Super Dave:

I wanted to thank you for helping me. I appreciate all you are doing. I wanted to tell you of another suspicious way in which my computer is now acting. As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before. I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.

Here is the log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-28 21:01:01
-----------------------------
21:01:01.448 OS Version: Windows 5.1.2600 Service Pack 3
21:01:01.448 Number of processors: 1 586 0x209
21:01:01.448 ComputerName: KURTCOMPUTER UserName: Owner
21:01:04.854 Initialize success
21:02:42.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:02:42.526 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
21:02:42.557 Disk 0 MBR read successfully
21:02:42.557 Disk 0 MBR scan
21:02:42.573 Disk 0 Windows XP default MBR code
21:02:42.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
21:02:42.573 Disk 0 scanning sectors +78140160
21:02:42.667 Disk 0 scanning C:\WINDOWS\system32\drivers
21:03:06.026 Service scanning
21:03:07.979 Modules scanning
21:03:17.385 Disk 0 trace - called modules:
21:03:17.417 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:03:17.417 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5bbab8]
21:03:17.417 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5b1d98]
21:03:17.432 Scan finished successfully
21:09:16.807 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:09:16.823 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 29 Jan 2012, 5:32 pm

Hi Super Dave:

I felt bad that we were not able to run the Jotti's malware scan. I looked the scan up on the internet and found out that one of the most powerful tools in Jotti's is the Dr. Web. Do you think I should download the Dr. Web?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Mon 30 Jan 2012, 6:25 am

As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before.
I get that constantly on my computer. Normal.
I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.
Yes, it really ties up the computer. I have almost the same problem when I'm on this site. I have to wait until it updates before I can move on. It probably has to do with the speed of your internet.

Please download to your Desktop: DrWebCureIt

•After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet

•Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.

•This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.

•Once the short scan has finished, Click on the Complete scan radio button.

•Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language

•Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)

•On the File types tab ensure you select All files

•Click on the Actions tab and set the following:

Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report

Infected packages Archive = Move, E-mails = Report, Containers = Move

Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move

•Do not change the Rename extension - default is: #??

•Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\

•Leave prompt on Action checked

•On the Log file tab leave the Log to file checked.

•Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

Log mode = Append

Encoding = ANSI

Details Leave Names of file packers and Statistics checked.

Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

•On the General tab leave the Scan Priority on High

•Click the Apply button at the bottom, and then the OK button.

•On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

•In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

•The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

•When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

•Click Yes to all if it asks if you want to cure/move the files.

•This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

•After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

•Save the report to your Desktop. The report will be called DrWeb.csv

•Close Dr.Web Cureit.

•Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

•After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 31 Jan 2012, 10:50 am

Dear Super Dave:

I have been preparign to do the Dr. Web Cureit scan. In doing a previous scan of ComboFix I becamse aware that I could not turn off the AVG longer than 15 minutes by default. I note in the Dr. Web Cureit literature that the Dr. Web scan may take several hours even in the Express Scan mode. Because of this factor I felt I had to obtain different protection as we did the Dr. Web scan. I chose AVAST. I note that AVAST was suggested as an addition to one of the other scans we have already done. CNET also give AVAST high marks. At any rate, it appears that AVAST can be turned off longer so that the Dr. Web scan can be completed. I removed AVG and then downloaded AVAST. I was invited to do a scan and did so. AVAST found something and moved it to its chest. It says: C:\\WINDOWS\shf_migS\KB942763\update.exe. Severity is listed as high. Status: Win32:SwPatch [Wrm] Action: Moved to chest. Result: Action succesful. After that scan it was suggested by AVAST that I do a boot scan.
I agreed to that because AVAST told me there could be something icky there. The boot scan also found something. If actually found several items it called cyclic redundancy. One threat was also found and moved to the chest. I am upset that no log can be printed of this so that you can see what was done. I have tried to right click and copy to no avail.

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue 31 Jan 2012, 1:18 pm

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.
You're better off without AVG. I would recommend MSE which is very user friendly.

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 31 Jan 2012, 8:51 pm

Hi Super Dave:

Dr. Web scans are now done. I am going to uninstall AVAST and then reinstall AVG for now. I will investigate MSE. Never heard of it. Here are the scans from Dr. Web:

GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-------
GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;Moved.;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Moved.;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;Moved.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Moved.;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;Invalid path to file ;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-----
Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed 01 Feb 2012, 5:59 am

AVENGER

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Click the Execute button.
  • You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Sponsored content Today at 11:25 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum