BACK DOOR BOT OR TROJAN

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

BACK DOOR BOT OR TROJAN

Post by karenor on Sun 22 Jan 2012, 6:24 pm

First topic message reminder :

I have been infected before by the Back Door Bot and Trojan Agent. My computer all of a sudden has gotten very slow. This is usually what happens right before I get infected. I am running Windows XP with Service Pack 3. All items are up to date on my computer. I also have the following items on my computer: Spy Bot, CCleaner, AVG, Super Anti Spyware, Baseline Security Analyzer and Advanced System Care.

I had recently run a ESET scan when the computer began to get slow and it found and removed three items. Computer is still slow and is acting like it is infected.

I am posting logs now.

Thanks in advance for helping me.
Karen
--------------------
OTL logfile created on: 1/21/2012 10:53:02 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.87% Memory free
2.79 Gb Paging File | 2.33 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.59 Gb Free Space | 39.16% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe


karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down


Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu 02 Feb 2012, 10:14 pm

Hi Super Dave:

Here is the Avenger log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
--------

I do not understand how this Avenger can say that nothing was found. The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable. Also I did an AVG scan as soon as I got it reloaded. AVG declared Rootkit found: hidden=not removed.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri 03 Feb 2012, 6:54 am

The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable.
Dr Web also showed this: A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;

Please run another scan with ESET and post the log. Also please run this next scanner.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri 03 Feb 2012, 5:19 pm

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri 03 Feb 2012, 5:23 pm

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri 03 Feb 2012, 5:53 pm

Hi Super Dave:


Here is the Bit Defender scan.


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 02 22:41:43 2012
Machine ID: 781AED93



No infection found.
-------------------



Processes
---------
AVG Internet Security 408 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 3844 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 4088 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 4068 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 2496 C:\Program Files\AVG\AVG2012\avgrsx.exe
AVG Internet Security 208 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 2976 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
CrypKey Software Licensing System 1884 C:\WINDOWS\system32\Crypserv.exe
mcci+McciCMService 1920 C:\Program Files\Common Files\Motive\McciCMService.exe
Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\spoolsv.exe
PMB 2000 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(verified) Microsoft® Windows® Operating System 2720 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2168 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3340 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1832 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 1960 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3336 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3348 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4016 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 443 (HTTP over SSL) --> 173.194.33.5
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 98.142.98.80
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process explorer.exe (2720) connected on port 80 (HTTP) --> 65.55.11.179
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (4016) connected on port 80 (HTTP) --> 173.194.33.6

Process svchost.exe (936) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
getPlus+(R) C:\WINDOWS\Downloaded Program Files\gp.ocx
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 27cbe6684edb345083d15f2c93045df2 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files\AVG\AVG2012\avgcslx.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: cac5ec89703f3fb7ef0c172c56bdc9f0 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
MD5: 343e039c305c967478a37270209216e9 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 10b0cdf6c807cabaec3fc33c639a7d6e C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: a9262a652353f644753b90265bed1478 C:\Program Files\AVG\AVG2012\avgse.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 7e639f6e87ef2e1122097b95ab4b889b C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: a99783ada78e538fc9f5e7d9c21b33d2 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: 69a3f07fad1fed82fb70b561593bbf54 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 89b42ab664ddd9d69f1a7cb94f0d5985 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 46d748ab26eba869c6953863afd0617d c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 3270cda806521b7ba0880b873856bc57 C:\Program Files\Picasa2\npPicasa2.dll
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\qttask.exe
MD5: 94dfb62f51d7bcb03f80f9d33bb7f54f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 985eff8b21f8f825aa156b2bd268f2b9 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 627fa58adc043704f9d14ca44340956f C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
MD5: 67d2688756dd304af655349baad82bff C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: ce41e6add1886dcffb9ce10e5fdf8b7a C:\Program Files\Windows Live\Family Safety\fsapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 2bc9e43f55de8c30fc817ed56d0ee907 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
MD5: 594b9d8194e3f4ecbf0325bd10bbeb05 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 9878a6010d689b057bb2933f78124617 C:\WINDOWS\Downloaded Program Files\gp.ocx
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: b6a800d881a0176c544988870861e798 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: d05ab88927849df74cf4f1c303daeb4f c:\windows\system32\adptif.dll
MD5: 5ef7dd401771693245d46f4b0b69fe2b C:\WINDOWS\system32\ckldrv.sys
MD5: a31d3787ecb0e43ef63ce410f4e96c18 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: b995a68a741a2d6d372b4b2409edc38b C:\WINDOWS\system32\CNMLM2R.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 133f82b6391f3390becfa429c23fb2be C:\WINDOWS\system32\Crypserv.exe
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 4fa401b33c1b50c816486f6951244a14 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 69578bc9d43d614c6b3455db4af19762 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
MD5: 6df528406aa22201f392b9b19121cd6f C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
MD5: 1e01c2166b5599802bcd61b9691f7476 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
MD5: bf8118cd5e2255387b715b534d64acd1 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 1c77ef67f196466adc9924cb288afe87 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
MD5: f2038ed7284b79dcef581468121192a9 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
MD5: a6d562b612216d8d02a35ebeb92366bd C:\WINDOWS\system32\DRIVERS\avgtdix.sys
MD5: 5d7be7b19e827125e016325334e58ff1 C:\WINDOWS\System32\Drivers\BANTExt.sys
MD5: b60f57b4d9cdbc663cc03eb8af7ec34e C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\System32\DRIVERS\BCMSM.sys
MD5: 7a0b457eefef8cbaa0cc44c8819113bd C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
MD5: d4d7331d33d1fa73e588e5ce0d90a4c1 C:\WINDOWS\system32\drivers\ialmkchw.sys
MD5: 44b7d5a4f2bd9fe21aea0bb0bace38c4 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
MD5: fd1f4e9cf06c71c8d73a24acf18d8296 C:\WINDOWS\system32\drivers\ialmsbw.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 8b8b1be2dba4025da6786c645f77f123 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
MD5: cec7e2c6c1fa00c7ab2f5434f848ae51 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
MD5: 972dea0d8149d73c5b7a2c97b2e749e3 C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
MD5: 31fd0707c7dbe715234f2823b27214fe C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: df8444a8fa8fd38d8848bdd40a8403b3 C:\WINDOWS\system32\drivers\tmcomm.sys
MD5: c60dc16d4e406810fad54b98dc92d5ec C:\WINDOWS\System32\Drivers\wpdusb.sys
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\IEFRAME.dll
MD5: 515aaa9c87d5c475b06dfeba3706d74f C:\WINDOWS\system32\iepeers.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: e5926bc2e9cfa7d13f05b5e5f8e9cd52 C:\WINDOWS\system32\igfxsrvc.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 4b83fcbbe72af5f99d109798653e8b78 c:\windows\system32\ipxsap.dll
MD5: b1ded39112e0c85bafa58dcbec6718b6 C:\WINDOWS\System32\ipxwan.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 6b890b23b7b82345ae820e9d0e056b13 c:\windows\system32\macromed\flash\flash10u.ocx
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: dd8d655e1881b70a5259a23a6018a6c2 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: b92a85618a470f4406cee8785ce89b4f c:\windows\system32\rtm.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 8ea4d2fb065d9a7cb63d36f80180d08c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: a60fc9ca376dba1235c63e960996f013 C:\WINDOWS\system32\syncui.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 699fd04ec634bb3681f11b427f852187 C:\WINDOWS\System32\vsdatant.sys
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\System32\WINHTTP.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.72 KB recvd
Scanned 557 files and modules - 40 seconds

==============================================================================
Good News
Your computer appears to be clean

With 1.5 million new viruses created every month, try our award-winning software and keep your stuff protected!

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 04 Feb 2012, 6:36 am

How's your computer working now? Any other issues?

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 04 Feb 2012, 9:03 am

Hi Super Dave:

Seems much better now with the exception of one thing. When exploring the interent I have to hit refresh to get pages to initially display. I have never had to do this before. This seems to have started after we did the Dr. Web and is now almost intolerable.

I will need help in clearing out all items you and I installed to fix the computer. I particularly can not get rid of the Qoobox.

Thanks so much,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat 04 Feb 2012, 10:20 am

When exploring the interent I have to hit refresh to get pages to initially display.
What browser? Did you try another one? We'll do some cleanup once this problem is resolved. Please try this:

Please download

Mi

niToolBox
to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat 04 Feb 2012, 4:43 pm

Hi Super Dave:

I use Internet Explorer. Here is the log report.

Thanks,
Karen
-------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 03-02-2012 at 21:37:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = CENTURY LINK (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "CENTURY LINK"

set address name="CENTURY LINK" source=dhcp
set dns name="CENTURY LINK" source=dhcp register=PRIMARY
set wins name="CENTURY LINK" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kurtcomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter CENTURY LINK:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-5A-2F-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.31

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Friday, February 03, 2012 9:16:13 PM

Lease Expires . . . . . . . . . . : Saturday, February 04, 2012 9:16:13 PM

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.53.104, 74.125.53.105, 74.125.53.106, 74.125.53.147
74.125.53.99, 74.125.53.103



Pinging google.com [74.125.53.103] with 32 bytes of data:



Reply from 74.125.53.103: bytes=32 time=43ms TTL=54

Reply from 74.125.53.103: bytes=32 time=50ms TTL=54



Ping statistics for 74.125.53.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 50ms, Average = 46ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=137ms TTL=55

Reply from 98.137.149.56: bytes=32 time=55ms TTL=55



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 137ms, Average = 96ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 5a 2f 31 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.31 20
10.0.0.0 255.255.255.0 10.0.0.31 10.0.0.31 20
10.0.0.31 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.31 10.0.0.31 20
255.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:37:58 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1477.96 MB
Total Pagefile: 2856.7 MB
Available Pagefile: 2315.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.27 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:14.57 GB) NTFS

========================= Users: ========================================

User accounts for \\KURTCOMPUTER

Administrator Guest HelpAssistant
JEFF Owner SUPPORT_388945a0


**** End of log ****

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun 05 Feb 2012, 6:25 am

The signal appears to be going through. Please try this: Click on Tools, Internet Options, Advanced and click Reset. Close your Browser and open a new one.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun 05 Feb 2012, 4:27 pm

Hi Super Dave:

I did not open this topic to view your response until just a few moments ago. The computer has been running better today. Not doing the "needs refresh to see the web page" thing at all today.

I appreciate all that you have done for me. I am disburbed that there were so many viruses on my computer this time. I take good care of my computer
and I am very careful about how I surf the internet, etc.

Do you think it is safe now to delete the programs that you and I used to fix my computer?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Mon 06 Feb 2012, 6:36 am

Ok. We can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give your computer a new, clean System Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Mon 06 Feb 2012, 3:53 pm

Hi Super Dave:

I installed Comodo. That seems nice. Did the OTL stuff, but Qoobox did not leave. I am waiting to do a system restore until we get rid of Quoobox. What shall I do to get rid of it?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue 07 Feb 2012, 6:45 am

OTL cleanup should have removed it. If it's just a folder, delete it then do a new System Restore Point.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 07 Feb 2012, 2:16 pm

Hi Super Dave:

I looked in the folder and there is another folder inside called Back Env. When I click on the Back Env. folder it says : access is denied. When I try to delete the Qoobox folder it looks like it is going to delete and then stops and gives me an error message of: Can not delete Back Env. Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.

I tried to do another OTL clean up and the link no longer works when I double click on it.

Do not want to do a restore point until that Qoobox is gone. Can you help?

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Wed 08 Feb 2012, 5:46 am

I tried to do another OTL clean up and the link no longer works when I double click on it.
OTL cleanup removes itself. Please try deleting that folder using Unlocker.

You can download and install Unlocker .

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Wed 08 Feb 2012, 2:41 pm

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu 09 Feb 2012, 6:30 am

karenor wrote:Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen
You're welcome Karen. Good luck and stay safe.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Sponsored content Today at 11:14 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum