GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

BACK DOOR BOT OR TROJAN

View previous topic View next topic Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Feb 02, 2012 6:14 am

Hi Super Dave:

Here is the Avenger log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
--------

I do not understand how this Avenger can say that nothing was found. The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable. Also I did an AVG scan as soon as I got it reloaded. AVG declared Rootkit found: hidden=not removed.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Feb 02, 2012 2:54 pm

The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable.
Dr Web also showed this: A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;

Please run another scan with ESET and post the log. Also please run this next scanner.

Run the [You must be registered and logged in to see this link.]

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 03, 2012 1:19 am

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 03, 2012 1:23 am

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 03, 2012 1:53 am

Hi Super Dave:


Here is the Bit Defender scan.


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 02 22:41:43 2012
Machine ID: 781AED93



No infection found.
-------------------



Processes
---------
AVG Internet Security 408 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 3844 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 4088 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 4068 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 2496 C:\Program Files\AVG\AVG2012\avgrsx.exe
AVG Internet Security 208 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 2976 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
CrypKey Software Licensing System 1884 C:\WINDOWS\system32\Crypserv.exe
mcci+McciCMService 1920 C:\Program Files\Common Files\Motive\McciCMService.exe
Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\spoolsv.exe
PMB 2000 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(verified) Microsoft® Windows® Operating System 2720 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2168 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3340 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1832 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 1960 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3336 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3348 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4016 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 443 (HTTP over SSL) --> 173.194.33.5
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 98.142.98.80
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process explorer.exe (2720) connected on port 80 (HTTP) --> 65.55.11.179
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (4016) connected on port 80 (HTTP) --> 173.194.33.6

Process svchost.exe (936) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
getPlus+(R) C:\WINDOWS\Downloaded Program Files\gp.ocx
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 27cbe6684edb345083d15f2c93045df2 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files\AVG\AVG2012\avgcslx.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: cac5ec89703f3fb7ef0c172c56bdc9f0 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
MD5: 343e039c305c967478a37270209216e9 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 10b0cdf6c807cabaec3fc33c639a7d6e C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: a9262a652353f644753b90265bed1478 C:\Program Files\AVG\AVG2012\avgse.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 7e639f6e87ef2e1122097b95ab4b889b C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: a99783ada78e538fc9f5e7d9c21b33d2 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: 69a3f07fad1fed82fb70b561593bbf54 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 89b42ab664ddd9d69f1a7cb94f0d5985 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 46d748ab26eba869c6953863afd0617d c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 3270cda806521b7ba0880b873856bc57 C:\Program Files\Picasa2\npPicasa2.dll
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\qttask.exe
MD5: 94dfb62f51d7bcb03f80f9d33bb7f54f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 985eff8b21f8f825aa156b2bd268f2b9 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 627fa58adc043704f9d14ca44340956f C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
MD5: 67d2688756dd304af655349baad82bff C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: ce41e6add1886dcffb9ce10e5fdf8b7a C:\Program Files\Windows Live\Family Safety\fsapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 2bc9e43f55de8c30fc817ed56d0ee907 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
MD5: 594b9d8194e3f4ecbf0325bd10bbeb05 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 9878a6010d689b057bb2933f78124617 C:\WINDOWS\Downloaded Program Files\gp.ocx
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: b6a800d881a0176c544988870861e798 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: d05ab88927849df74cf4f1c303daeb4f c:\windows\system32\adptif.dll
MD5: 5ef7dd401771693245d46f4b0b69fe2b C:\WINDOWS\system32\ckldrv.sys
MD5: a31d3787ecb0e43ef63ce410f4e96c18 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: b995a68a741a2d6d372b4b2409edc38b C:\WINDOWS\system32\CNMLM2R.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 133f82b6391f3390becfa429c23fb2be C:\WINDOWS\system32\Crypserv.exe
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 4fa401b33c1b50c816486f6951244a14 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 69578bc9d43d614c6b3455db4af19762 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
MD5: 6df528406aa22201f392b9b19121cd6f C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
MD5: 1e01c2166b5599802bcd61b9691f7476 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
MD5: bf8118cd5e2255387b715b534d64acd1 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 1c77ef67f196466adc9924cb288afe87 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
MD5: f2038ed7284b79dcef581468121192a9 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
MD5: a6d562b612216d8d02a35ebeb92366bd C:\WINDOWS\system32\DRIVERS\avgtdix.sys
MD5: 5d7be7b19e827125e016325334e58ff1 C:\WINDOWS\System32\Drivers\BANTExt.sys
MD5: b60f57b4d9cdbc663cc03eb8af7ec34e C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\System32\DRIVERS\BCMSM.sys
MD5: 7a0b457eefef8cbaa0cc44c8819113bd C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
MD5: d4d7331d33d1fa73e588e5ce0d90a4c1 C:\WINDOWS\system32\drivers\ialmkchw.sys
MD5: 44b7d5a4f2bd9fe21aea0bb0bace38c4 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
MD5: fd1f4e9cf06c71c8d73a24acf18d8296 C:\WINDOWS\system32\drivers\ialmsbw.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 8b8b1be2dba4025da6786c645f77f123 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
MD5: cec7e2c6c1fa00c7ab2f5434f848ae51 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
MD5: 972dea0d8149d73c5b7a2c97b2e749e3 C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
MD5: 31fd0707c7dbe715234f2823b27214fe C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: df8444a8fa8fd38d8848bdd40a8403b3 C:\WINDOWS\system32\drivers\tmcomm.sys
MD5: c60dc16d4e406810fad54b98dc92d5ec C:\WINDOWS\System32\Drivers\wpdusb.sys
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\IEFRAME.dll
MD5: 515aaa9c87d5c475b06dfeba3706d74f C:\WINDOWS\system32\iepeers.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: e5926bc2e9cfa7d13f05b5e5f8e9cd52 C:\WINDOWS\system32\igfxsrvc.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 4b83fcbbe72af5f99d109798653e8b78 c:\windows\system32\ipxsap.dll
MD5: b1ded39112e0c85bafa58dcbec6718b6 C:\WINDOWS\System32\ipxwan.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 6b890b23b7b82345ae820e9d0e056b13 c:\windows\system32\macromed\flash\flash10u.ocx
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: dd8d655e1881b70a5259a23a6018a6c2 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: b92a85618a470f4406cee8785ce89b4f c:\windows\system32\rtm.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 8ea4d2fb065d9a7cb63d36f80180d08c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: a60fc9ca376dba1235c63e960996f013 C:\WINDOWS\system32\syncui.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 699fd04ec634bb3681f11b427f852187 C:\WINDOWS\System32\vsdatant.sys
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\System32\WINHTTP.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.72 KB recvd
Scanned 557 files and modules - 40 seconds

==============================================================================
Good News
Your computer appears to be clean

With 1.5 million new viruses created every month, try our award-winning software and keep your stuff protected!

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 03, 2012 2:36 pm

How's your computer working now? Any other issues?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 03, 2012 5:03 pm

Hi Super Dave:

Seems much better now with the exception of one thing. When exploring the interent I have to hit refresh to get pages to initially display. I have never had to do this before. This seems to have started after we did the Dr. Web and is now almost intolerable.

I will need help in clearing out all items you and I installed to fix the computer. I particularly can not get rid of the Qoobox.

Thanks so much,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 03, 2012 6:20 pm

When exploring the interent I have to hit refresh to get pages to initially display.
What browser? Did you try another one? We'll do some cleanup once this problem is resolved. Please try this:

Please download

Mi

niToolBox
to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat Feb 04, 2012 12:43 am

Hi Super Dave:

I use Internet Explorer. Here is the log report.

Thanks,
Karen
-------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 03-02-2012 at 21:37:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = CENTURY LINK (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "CENTURY LINK"

set address name="CENTURY LINK" source=dhcp
set dns name="CENTURY LINK" source=dhcp register=PRIMARY
set wins name="CENTURY LINK" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kurtcomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter CENTURY LINK:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-5A-2F-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.31

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Friday, February 03, 2012 9:16:13 PM

Lease Expires . . . . . . . . . . : Saturday, February 04, 2012 9:16:13 PM

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.53.104, 74.125.53.105, 74.125.53.106, 74.125.53.147
74.125.53.99, 74.125.53.103



Pinging google.com [74.125.53.103] with 32 bytes of data:



Reply from 74.125.53.103: bytes=32 time=43ms TTL=54

Reply from 74.125.53.103: bytes=32 time=50ms TTL=54



Ping statistics for 74.125.53.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 50ms, Average = 46ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=137ms TTL=55

Reply from 98.137.149.56: bytes=32 time=55ms TTL=55



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 137ms, Average = 96ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 5a 2f 31 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.31 20
10.0.0.0 255.255.255.0 10.0.0.31 10.0.0.31 20
10.0.0.31 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.31 10.0.0.31 20
255.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:37:58 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1477.96 MB
Total Pagefile: 2856.7 MB
Available Pagefile: 2315.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.27 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:14.57 GB) NTFS

========================= Users: ========================================

User accounts for \\KURTCOMPUTER

Administrator Guest HelpAssistant
JEFF Owner SUPPORT_388945a0


**** End of log ****

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat Feb 04, 2012 2:25 pm

The signal appears to be going through. Please try this: Click on Tools, Internet Options, Advanced and click Reset. Close your Browser and open a new one.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Feb 05, 2012 12:27 am

Hi Super Dave:

I did not open this topic to view your response until just a few moments ago. The computer has been running better today. Not doing the "needs refresh to see the web page" thing at all today.

I appreciate all that you have done for me. I am disburbed that there were so many viruses on my computer this time. I take good care of my computer
and I am very careful about how I surf the internet, etc.

Do you think it is safe now to delete the programs that you and I used to fix my computer?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Feb 05, 2012 2:36 pm

Ok. We can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give your computer a new, clean System Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Feb 05, 2012 11:53 pm

Hi Super Dave:

I installed Comodo. That seems nice. Did the OTL stuff, but Qoobox did not leave. I am waiting to do a system restore until we get rid of Quoobox. What shall I do to get rid of it?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Mon Feb 06, 2012 2:45 pm

OTL cleanup should have removed it. If it's just a folder, delete it then do a new System Restore Point.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Mon Feb 06, 2012 10:16 pm

Hi Super Dave:

I looked in the folder and there is another folder inside called Back Env. When I click on the Back Env. folder it says : access is denied. When I try to delete the Qoobox folder it looks like it is going to delete and then stops and gives me an error message of: Can not delete Back Env. Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.

I tried to do another OTL clean up and the link no longer works when I double click on it. Sad tearing

Do not want to do a restore point until that Qoobox is gone. Can you help?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue Feb 07, 2012 1:46 pm

I tried to do another OTL clean up and the link no longer works when I double click on it.
OTL cleanup removes itself. Please try deleting that folder using Unlocker.

You can download and install [You must be registered and logged in to see this link.] .

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue Feb 07, 2012 10:41 pm

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp
Points : 28602
# Likes : 0

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed Feb 08, 2012 2:30 pm

[You must be registered and logged in to see this link.] wrote:Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen
You're welcome Karen. Good luck and stay safe.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum