BACK DOOR BOT OR TROJAN

View previous topic View next topic Go down

BACK DOOR BOT OR TROJAN

Post by karenor on Thu Feb 21, 2013 5:55 am

I have previously been infected with the Back Door Bot. The last couple of days my computer has been acting just like it did before I got the Back Door Bot infection. I am running Windows XP, service pack #3. I have CCleaner, Baseline Analyzer, Spy Bot Search and Destroy, Advanced System Cleaner, MBAM, Super Anti Spyware with Comodo Firewall and Comodo Anti Virus.

My internet has taken to shutting itself down. By that I mean that with three or four windows open I will all of a sudden have all the windows close and need to restart Windows Internet Explorer and do my searches all over again.

My computer is also very, very slow. I have cleaned and defragged.

My computer is also freezing up at times. An example would be going to Start to get email going or a Word document and the computer just sits there.

Again, all of these items were present when I was infected before.

I got someone else to try to help me and they were useless. They caused me to lose my internet and all of my restore points. They also had me delete Spy Bot, Super AntiSpyware and Advanced System Cleaner telling me that they were all snake oil. This is just so frustrating.

Thank you for helping me,
Karen

OTL logfile created on: 2/20/2013 9:17:13 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.06% Memory free
2.79 Gb Paging File | 2.42 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.76 Gb Free Space | 42.29% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 20:29:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OTL.exe
PRC - [2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
PRC - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013/01/24 22:42:40 | 000,404,688 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
MOD - [2010/07/04 13:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/01/24 22:42:42 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\zntport.sys -- (zntport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- -- (TICalc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\dwprot.sys -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/16 19:51:56 | 000,586,728 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013/01/16 19:51:56 | 000,098,752 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013/01/16 19:51:56 | 000,032,824 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/01/16 19:51:54 | 000,018,536 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/09/03 21:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/15 18:57:16 | 000,004,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti410.sys -- (ti410)
DRV - [2010/03/15 18:57:14 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns2501.sys -- (ns2501)
DRV - [2010/03/15 18:57:14 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvds.sys -- (lvds)
DRV - [2010/03/15 18:57:14 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns387.sys -- (ns387)
DRV - [2010/03/15 18:57:14 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sii164.sys -- (sii164)
DRV - [2010/03/15 18:57:14 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\th164.sys -- (th164)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/06/04 20:42:56 | 000,256,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igdmini.sys -- (igdmini)
DRV - [2006/06/04 20:42:56 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7017.sys -- (ch7017)
DRV - [2006/06/04 20:42:56 | 000,020,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7009.sys -- (ch7009)
DRV - [2006/06/04 20:42:56 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fs454.sys -- (fs454)
DRV - [2006/06/04 20:42:56 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\d3dutil.sys -- (d3dUtil)
DRV - [2005/04/14 21:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {138CECA7-7232-4042-B714-FAE9103C16CD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{138CECA7-7232-4042-B714-FAE9103C16CD}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{16893532-B94A-4FE6-A974-410D82712695}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6B96F3F7-2F5E-4E37-B9A8-FC0958A166E2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9C976DE2-14F4-44C1-9413-E2935D28CA79}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

[2013/02/08 04:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/02/13 22:03:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: GeekPolice.net ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} [You must be registered and logged in to see this link.] (AxisMediaControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 17:26:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/19 15:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/02/19 14:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/02/14 10:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2013/02/08 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Comodo
[2013/02/08 15:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2013/02/08 15:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2013/02/08 15:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/02/08 15:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/02/08 15:04:05 | 130,846,192 | ---- | C] (COMODO) -- C:\Program Files\cav_installer.exe
[2013/02/08 06:44:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/02/08 06:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/08 06:23:02 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/08 06:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/08 04:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/07 18:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2013
[2013/02/06 17:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/02/06 17:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/02/06 03:15:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/02/03 14:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/02/03 14:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/02/03 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/02/03 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/03 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/01/28 23:52:32 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2013/01/28 23:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/27 12:54:18 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup327.exe
[2013/01/24 22:43:02 | 000,354,752 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll
[2013/01/12 13:50:29 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe
[2012/12/27 18:22:39 | 021,494,224 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2012/11/17 16:57:38 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[2012/11/17 16:43:29 | 024,265,736 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[2012/11/02 16:40:08 | 004,976,384 | ---- | C] (IObit ) -- C:\Program Files\defragsetup.exe
[2012/10/27 16:17:38 | 000,038,984 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\DellPCDiagnostics.exe
[2012/10/27 14:47:09 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.AudioPlayback.Run.exe
[2012/10/27 11:10:57 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2012/02/23 16:50:33 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows7UpgradeAdvisorSetup.exe
[2011/09/14 10:56:24 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe

========== Files - Modified Within 30 Days ==========

[2013/02/20 21:21:30 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/02/20 21:11:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/20 21:11:45 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 20:58:28 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2013/02/20 20:12:57 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/02/20 20:12:57 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2013/02/20 20:12:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2013/02/20 20:12:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/20 20:11:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
[2013/02/20 17:28:58 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/18 15:42:59 | 000,001,512 | ---- | M] () -- C:\WINDOWS\cce.INI
[2013/02/13 22:03:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/13 10:15:06 | 000,464,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 10:15:06 | 000,080,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/08 16:38:18 | 000,000,126 | ---- | M] () -- C:\WINDOWS\Autoruns.INI
[2013/02/08 15:27:50 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to Install Comodo Firewall.url
[2013/02/08 15:21:46 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Security PRO 2013, Download Internet Security 2013 - COMODO.url
[2013/02/08 15:15:49 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2013/02/08 15:04:19 | 130,846,192 | ---- | M] (COMODO) -- C:\Program Files\cav_installer.exe
[2013/02/08 06:56:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 00:36:22 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/07 22:30:39 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2013/02/07 20:33:23 | 000,015,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.778 - Order to appear - 2011 Oregon Revised Statutes.htm
[2013/02/07 20:18:25 | 000,216,903 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brook.pdf
[2013/02/07 19:00:55 | 000,018,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.775 - Liability of garnishee - 2011 Oregon Revised Statutes.htm
[2013/02/07 18:52:08 | 000,038,390 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\judgments_report.pdf
[2013/02/07 16:54:57 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Technical Assistance for Employers Garnishments.url
[2013/02/07 14:26:29 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Utah State Courts - Writs of Garnishment.url
[2013/02/06 12:50:16 | 000,036,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/02/05 22:42:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2013/02/05 21:40:45 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2013/02/05 15:05:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/02/03 14:09:26 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/02/03 14:03:35 | 040,437,664 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2013/01/29 00:53:03 | 000,005,427 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Symptoms of a Bad Transmission Solenoid eHow.com.url
[2013/01/28 23:52:12 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2013/01/28 23:21:35 | 021,494,224 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe
[2013/01/27 12:55:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/27 12:54:18 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup327.exe
[2013/01/27 12:26:50 | 000,444,602 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2013/01/25 19:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/25 11:18:36 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pug's Dining - GameTime.url
[2013/01/24 22:43:02 | 000,354,752 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Feb 21, 2013 5:57 am

========== Files Created - No Company Name ==========

[2013/02/20 18:52:57 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
[2013/02/08 16:38:18 | 000,000,126 | ---- | C] () -- C:\WINDOWS\Autoruns.INI
[2013/02/08 16:32:40 | 000,001,512 | ---- | C] () -- C:\WINDOWS\cce.INI
[2013/02/08 15:27:50 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How to Install Comodo Firewall.url
[2013/02/08 15:21:04 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/02/08 15:21:02 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2013/02/08 15:21:01 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2013/02/08 15:20:58 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2013/02/08 15:15:49 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2013/02/08 07:43:37 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Security PRO 2013, Download Internet Security 2013 - COMODO.url
[2013/02/08 06:56:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 20:33:22 | 000,015,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.778 - Order to appear - 2011 Oregon Revised Statutes.htm
[2013/02/07 20:18:25 | 000,216,903 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\brook.pdf
[2013/02/07 19:00:54 | 000,018,412 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.775 - Liability of garnishee - 2011 Oregon Revised Statutes.htm
[2013/02/07 18:52:08 | 000,038,390 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\judgments_report.pdf
[2013/02/07 16:54:57 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Technical Assistance for Employers Garnishments.url
[2013/02/07 14:26:21 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Utah State Courts - Writs of Garnishment.url
[2013/02/06 04:02:09 | 000,036,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/02/03 14:09:26 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/02/03 14:06:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/01/29 00:53:02 | 000,005,427 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Symptoms of a Bad Transmission Solenoid eHow.com.url
[2013/01/28 23:52:15 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/01/25 11:18:36 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Pug's Dining - GameTime.url
[2013/01/09 16:42:46 | 000,079,686 | ---- | C] () -- C:\Program Files\windowsupdate.diagcab
[2012/11/17 15:38:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2012/10/30 00:54:06 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/10/29 23:58:32 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
[2012/10/27 11:32:03 | 000,026,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\ch7017.sys
[2012/10/27 11:32:03 | 000,020,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\ch7009.sys
[2012/10/27 11:32:03 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\ns2501.sys
[2012/10/27 11:32:03 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ns387.sys
[2012/10/27 11:32:03 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\sii164.sys
[2012/10/27 11:32:03 | 000,004,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\ti410.sys
[2012/10/27 11:32:03 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\d3dutil.sys
[2012/10/27 11:32:02 | 000,317,184 | ---- | C] () -- C:\WINDOWS\System32\igd3dalm.dll
[2012/10/27 11:32:02 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\fs454.sys
[2012/10/27 11:32:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvds.sys
[2012/10/27 11:32:02 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\th164.sys
[2012/02/15 20:24:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 20:31:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/11/09 13:40:53 | 000,000,409 | ---- | C] () -- C:\Documents and Settings\Owner\WGANotify.settings
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/07/20 14:57:08 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Owner\maxdesk.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini

========== ZeroAccess Check ==========

[2007/09/22 13:27:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/12/23 22:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2013/01/16 19:51:54 | 000,018,536 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmderd.sys
[2013/01/16 19:51:56 | 000,586,728 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdGuard.sys
[2013/01/16 19:51:56 | 000,032,824 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys
[2013/01/16 19:51:56 | 000,098,752 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >
[2004/05/28 04:52:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/05/28 04:52:12 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/05/28 04:52:11 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2013/02/01 22:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/11/30 22:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2013/02/03 14:06:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/08/09 12:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2012/07/21 17:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Axis Communications
[2010/04/27 13:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/09/30 23:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2007/06/30 21:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\BJPrinter
[2005/04/26 13:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/06/15 20:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2013/01/27 12:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/03/11 11:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2013/02/13 21:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2013/02/08 15:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2012/10/27 16:49:15 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2011/05/10 08:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2012/11/25 18:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2012/11/09 10:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2013/02/13 10:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2013/02/17 10:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2013/02/13 22:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/05/07 22:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/01/05 14:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/02/23 07:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/20 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/17 08:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/09/18 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/12 18:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/03/11 11:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/11 17:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2013/02/08 04:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/11/17 17:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/09/27 11:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/05/07 22:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/28 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/18 22:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/19 12:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/07 22:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/19 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 15:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/05/24 18:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop Album Starter Edition
[2009/01/03 23:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop_albumSE_en_us_320
[2011/04/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2013/02/03 14:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/25 20:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/05 22:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/11/05 21:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\s450Win2kXPv162
[2006/11/06 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/12/24 20:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2005/10/13 19:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2012/12/10 17:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2008/05/18 11:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Updater5
[2011/03/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2009/06/05 10:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch
[2011/07/19 21:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/05/09 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/05/09 14:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2012/01/05 15:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/26 23:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/23 22:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/21 23:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/07 22:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/05 09:17:24 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/05/28 13:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2004/05/28 04:53:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2013/02/07 22:30:39 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/11/09 19:05:34 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB

< MD5 for: AFD.SYS >
[2011/08/17 05:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 05:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 05:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 07:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 02:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 02:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\SoftwareDistribution\Download\e59aa0bf8ffee6bb7d565028a40e2f6e\SP3QFE\afd.sys
[2008/08/14 01:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\SoftwareDistribution\Download\e59aa0bf8ffee6bb7d565028a40e2f6e\SP2GDR\afd.sys
[2004/08/03 22:14:14 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/08/14 01:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\SoftwareDistribution\Download\e59aa0bf8ffee6bb7d565028a40e2f6e\SP2QFE\afd.sys
[2008/10/16 06:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\SoftwareDistribution\Download\e59aa0bf8ffee6bb7d565028a40e2f6e\SP3GDR\afd.sys
[2011/02/16 05:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 03:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011/08/17 05:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/03 23:56:41 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/14 04:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/14 04:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 10:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2008/02/19 21:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 09:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/14 04:41:54 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2013/01/25 18:34:29 | 000,009,168 | ---- | M] () MD5=1D3E71BC0FF12F94D2479F85E9290146 -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\Locales\es.dll
[2005/07/25 20:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2013/01/18 00:06:26 | 000,009,168 | ---- | M] () MD5=6BF736F8BBC6EFEFEC53703E5F4EF987 -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\Locales\es.dll
[2005/07/25 20:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
[2008/07/07 12:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 12:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 12:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 12:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/03 23:56:42 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/14 04:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/14 04:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/03 22:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/03 22:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 23:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 23:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 10:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 10:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/03 23:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/14 04:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 02:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/01/13 21:07:42 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=94456045BEB4545B5EBE1DCC85951AFA -- C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[2005/07/25 20:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/07/25 20:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 11:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 04:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/03 23:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 23:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 23:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/03 22:06:25 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/14 04:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 04:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 04:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/03 23:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/01/13 09:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005/05/25 11:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 08:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007/10/30 09:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/04/13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 03:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 03:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 04:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/03 22:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/14 04:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/14 04:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/03 23:56:46 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/03 23:56:46 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/14 04:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/14 04:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/03 23:56:46 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/14 04:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/14 04:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >
# AdwCleaner v2.112 - Logfile created 02/20/2013 at 21:07:25
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - KURTCOMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [535 octets] - [20/02/2013 21:07:25]

########## EOF - C:\AdwCleaner[R1].txt - [594 octets] ##########

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Feb 21, 2013 8:32 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Thu Feb 21, 2013 10:25 pm

Hello Super Dave:

Thanks for agreeing to help me. I am concerned particularly about the System Restore being turned off. I check this morning and there was a checkpoint restore point done last night. Does this mean that System Restore is now workign again? I had to manually turn it back on!

Thanks,
Karen

Posting Adw Cleaner for you:

AdwCleaner v2.112 - Logfile created 02/21/2013 at 13:52:06
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - KURTCOMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [535 octets] - [21/02/2013 13:52:06]

########## EOF - C:\AdwCleaner[R1].txt - [594 octets] ##########

Posting Security Check:
Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
COMODO Internet Security
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender Signatures
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Posting Mbam:
Malwarebytes Anti-Malware 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2013.02.21.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KURTCOMPUTER [administrator]

2/21/2013 2:01:17 PM
mbam-log-2013-02-21 (14-01-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264731
Time elapsed: 22 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Thu Feb 21, 2013 11:11 pm

Does this mean that System Restore is now workign again?
Yes.

Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 12:59 am

Hi Super Dave:

I have tried repeatedly to download Combo Fix. It will not download. I keep getting an error as it begins to extract. I ask it to retry and it does, but finally have to abort.

Can we try something else?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 22, 2013 1:07 am

Download ComboFix by sUBs from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

***********************************************************

Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 1:16 am

Hi Super Dave:

Trying to download Combo Fix and rename it. Also, just now noticed that my Recycle bin no longer shows its contents. I deliberately made a wordperfect document and deleted it to the recycle bin. Nothing showed up. I checked the contents by asking to empty the recycle bin and was asked if I wanted to delete the eleven items it contained. But I still can not see them.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 1:31 am

Hi Super Dave:

Renamed Combo Fix to Combo-Fix and that does not work either. Got this message:

C:\32788R22FWJFW\AWF.CMD

Error opening file for writing. Given the choices: abort, retry or ignore.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 22, 2013 1:33 am

Please reboot in Safe Mode with NetWorking and try downloading it.


  • Please download Unhide by Grinler from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click unhide.exe to run the tool.
  • It will take some time to go through all your files, so please be patient.
  • If this tool doesn´t fix the problem, please let me know.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 2:11 am

Hi Super Dave:

Got the Recyle Bin to work properly once gain. Ran disk clean up and then did another word perfect document. Deleted the document and sent it to the Recyle Bin. I could see it!

What can we do about my Combo Fix problem?

Thanks,
Karen

Pasting Aswmbr:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-21 18:02:56
-----------------------------
18:02:56.703 OS Version: Windows 5.1.2600 Service Pack 3
18:02:56.703 Number of processors: 1 586 0x209
18:02:56.703 ComputerName: KURTCOMPUTER UserName: Owner
18:02:57.453 Initialize success
18:03:26.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:03:26.515 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
18:03:26.546 Disk 0 MBR read successfully
18:03:26.562 Disk 0 MBR scan
18:03:26.562 Disk 0 Windows XP default MBR code
18:03:26.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
18:03:26.593 Disk 0 scanning sectors +78140160
18:03:26.671 Disk 0 scanning C:\WINDOWS\system32\drivers
18:04:01.625 Service scanning
18:04:22.875 Modules scanning
18:04:32.453 Disk 0 trace - called modules:
18:04:32.468 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:04:32.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a615ab8]
18:04:32.468 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a611b00]
18:04:32.468 Scan finished successfully
18:07:46.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:07:46.500 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 22, 2013 3:00 am


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
***********************************************************************

  • Download [You must be registered and logged in to see this link.] on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 3:06 am

Hi Super Dave:

Got Combo Fix to run and install in Safe Mode. Here is the log.

Thanks,
Karen

ComboFix 13-02-21.02 - Owner 02/21/2013 18:36:02.16.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1731 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-19 22:36 . 2013-02-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-15 08:18 . 2013-02-15 08:18 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-09 00:23 . 2013-02-09 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\program files\COMODO
2013-02-08 23:04 . 2013-02-08 23:04 130846192 ----a-w- c:\program files\cav_installer.exe
2013-02-08 14:23 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 14:23 . 2013-02-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 02:21 . 2013-02-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2013
2013-02-07 01:40 . 2013-02-07 01:40 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2013-02-07 01:11 . 2013-02-07 01:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-02-06 12:02 . 2013-02-06 20:50 36760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-06 11:15 . 2013-02-06 11:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-02-03 22:08 . 2013-02-03 22:09 -------- d-----w- c:\program files\QuickTime
2013-02-03 22:08 . 2013-02-03 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-02-03 22:07 . 2013-02-03 22:07 -------- d-----w- c:\program files\Common Files\Apple
2013-02-03 22:06 . 2013-02-03 22:06 -------- d-----w- c:\program files\Apple Software Update
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-29 07:52 . 2012-05-09 02:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-29 07:52 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-27 20:54 . 2013-01-27 20:54 4189792 ----a-w- c:\program files\ccsetup327.exe
2013-01-25 06:43 . 2013-01-25 06:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-25 06:43 . 2013-01-25 06:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-25 06:42 . 2013-01-25 06:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-25 06:42 . 2013-01-25 06:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 22:03 . 2011-09-14 18:56 40437664 ----a-w- c:\program files\QuickTimeInstaller.exe
2013-01-29 07:21 . 2012-12-28 02:22 21494224 ----a-w- c:\program files\asc-setup.exe
2013-01-26 03:55 . 2003-07-16 20:40 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-17 03:51 . 2013-01-17 03:51 98752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-17 03:51 . 2013-01-17 03:51 586728 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-01-17 03:51 . 2013-01-17 03:51 32824 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-17 03:51 . 2013-01-17 03:51 18536 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-01-16 02:49 . 2012-12-28 03:56 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-12 21:50 . 2013-01-12 21:50 4178040 ----a-w- c:\program files\ccsetup326.exe
2013-01-12 20:32 . 2012-11-24 22:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 20:32 . 2011-07-22 08:54 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 00:40 . 2012-11-18 00:43 24265736 ----a-w- c:\program files\dotnetfx.exe
2013-01-07 01:16 . 2003-07-16 20:39 2193024 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-07-16 20:34 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-12-18 19:00 . 2012-11-03 00:40 4976384 ----a-w- c:\program files\defragsetup.exe
2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-18 00:57 . 2012-11-18 00:57 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2012-10-28 00:17 . 2012-10-28 00:17 38984 ----a-w- c:\program files\DellPCDiagnostics.exe
2012-10-27 22:47 . 2012-10-27 22:47 347424 ----a-w- c:\program files\MicrosoftFixit.AudioPlayback.Run.exe
2012-10-27 19:10 . 2012-10-27 19:10 10669896 ----a-w- c:\program files\mbam-setup.exe
2012-02-24 00:50 . 2012-02-24 00:50 8669472 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" "c:\program files\CheckPoint\Install\Install.exe" /r install /c "c:\program files\CheckPoint\Install\Install.xml" /l /w
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"COMODO Internet Security"=c:\program files\COMODO\COMODO Internet Security\cistray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/28/2013 11:52 PM 14776]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/16/2013 7:51 PM 18536]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/16/2013 7:51 PM 32824]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [1/16/2013 7:51 PM 586728]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [10/27/2012 11:32 AM 20224]
S3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [10/27/2012 11:32 AM 26368]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [1/24/2013 10:42 PM 127184]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [10/27/2012 11:32 AM 2560]
S3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [10/27/2012 11:32 AM 15616]
S3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [10/27/2012 11:32 AM 256896]
S3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [10/27/2012 11:32 AM 5632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [10/27/2012 11:32 AM 7424]
S3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [10/27/2012 11:32 AM 5376]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [9/3/2012 9:54 PM 22640]
S3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [10/27/2012 11:32 AM 4992]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys [?]
S3 th164;th164;c:\windows\system32\drivers\th164.sys [10/27/2012 11:32 AM 4736]
S3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [10/27/2012 11:32 AM 4864]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TICALC
*NewlyCreated* - ZNTPORT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-22 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-22 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-22 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-05 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2012-12-18 19:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: facebook.com\www
Trusted Zone: GeekPolice.net\www
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-02-21 18:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,89,37,d4,0f,f6,56,43,88,58,fb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
Completion time: 2013-02-21 18:52:00
ComboFix-quarantined-files.txt 2013-02-22 02:51
.
Pre-Run: 16,621,518,848 bytes free
Post-Run: 16,662,409,216 bytes free
.
- - End Of File - - 9571CED2064F22906D631D8C37EDD704

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 4:28 am

Hi Super Dave:

Here is the TDSSKILLER results. I was unable to get the Rogue Killer to work properly. During the scan my computer got weird. No report was generated. I had to do a System Restore to Wednesday, yesterday, to calm things down. During the oddness my computer lost part of my screen saver. I have a photo of the barber shop where my son works. Part of the picture was removed. Everything appears to be fine now.
19:18:42.0515 3072 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:18:43.0859 3072 ============================================================
19:18:43.0859 3072 Current date / time: 2013/02/21 19:18:43.0859
19:18:43.0859 3072 SystemInfo:
19:18:43.0859 3072
19:18:43.0875 3072 OS Version: 5.1.2600 ServicePack: 3.0
19:18:43.0875 3072 Product type: Workstation
19:18:43.0875 3072 ComputerName: KURTCOMPUTER
19:18:43.0875 3072 UserName: Owner
19:18:43.0875 3072 Windows directory: C:\WINDOWS
19:18:43.0875 3072 System windows directory: C:\WINDOWS
19:18:43.0875 3072 Processor architecture: Intel x86
19:18:43.0875 3072 Number of processors: 1
19:18:43.0875 3072 Page size: 0x1000
19:18:43.0875 3072 Boot type: Normal boot
19:18:43.0875 3072 ============================================================
19:18:46.0421 3072 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:18:46.0453 3072 ============================================================
19:18:46.0453 3072 \Device\Harddisk0\DR0:
19:18:46.0453 3072 MBR partitions:
19:18:46.0453 3072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:18:46.0453 3072 ============================================================
19:18:46.0484 3072 C: <-> \Device\Harddisk0\DR0\Partition1
19:18:46.0484 3072 ============================================================
19:18:46.0484 3072 Initialize success
19:18:46.0484 3072 ============================================================
19:18:51.0687 3052 ============================================================
19:18:51.0687 3052 Scan started
19:18:51.0687 3052 Mode: Manual;
19:18:51.0687 3052 ============================================================
19:18:53.0078 3052 ================ Scan system memory ========================
19:18:53.0140 3052 System memory - ok
19:18:53.0140 3052 ================ Scan services =============================
19:18:53.0359 3052 Abiosdsk - ok
19:18:53.0390 3052 abp480n5 - ok
19:18:53.0937 3052 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:18:53.0937 3052 ACPI - ok
19:18:54.0015 3052 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:18:54.0031 3052 ACPIEC - ok
19:18:54.0046 3052 adpu160m - ok
19:18:54.0125 3052 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:18:54.0125 3052 aeaudio - ok
19:18:54.0171 3052 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:18:54.0171 3052 aec - ok
19:18:54.0250 3052 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:18:54.0265 3052 Afc - ok
19:18:54.0343 3052 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:18:54.0359 3052 AFD - ok
19:18:54.0375 3052 Aha154x - ok
19:18:54.0406 3052 aic78u2 - ok
19:18:54.0421 3052 aic78xx - ok
19:18:54.0484 3052 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:18:54.0515 3052 Alerter - ok
19:18:54.0578 3052 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:18:54.0578 3052 ALG - ok
19:18:54.0609 3052 AliIde - ok
19:18:54.0640 3052 amsint - ok
19:18:54.0656 3052 AppMgmt - ok
19:18:54.0671 3052 asc - ok
19:18:54.0703 3052 asc3350p - ok
19:18:54.0718 3052 asc3550 - ok
19:18:54.0921 3052 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:18:55.0031 3052 aspnet_state - ok
19:18:55.0078 3052 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:18:55.0078 3052 AsyncMac - ok
19:18:55.0140 3052 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:18:55.0140 3052 atapi - ok
19:18:55.0171 3052 Atdisk - ok
19:18:55.0218 3052 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:18:55.0218 3052 Atmarpc - ok
19:18:55.0296 3052 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:18:55.0296 3052 AudioSrv - ok
19:18:55.0359 3052 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:18:55.0359 3052 audstub - ok
19:18:55.0437 3052 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:18:55.0437 3052 BANTExt - ok
19:18:55.0546 3052 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:18:55.0546 3052 bcm4sbxp - ok
19:18:55.0625 3052 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:18:55.0750 3052 BCMModem - ok
19:18:55.0828 3052 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:18:55.0828 3052 Beep - ok
19:18:55.0937 3052 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:18:56.0531 3052 BITS - ok
19:18:56.0593 3052 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:18:56.0703 3052 Browser - ok
19:18:56.0890 3052 catchme - ok
19:18:56.0968 3052 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:18:56.0968 3052 cbidf2k - ok
19:18:57.0031 3052 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:18:57.0031 3052 CCDECODE - ok
19:18:57.0046 3052 cd20xrnt - ok
19:18:57.0109 3052 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:18:57.0125 3052 Cdaudio - ok
19:18:57.0187 3052 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:18:57.0187 3052 Cdfs - ok
19:18:57.0234 3052 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:18:57.0234 3052 Cdrom - ok
19:18:57.0312 3052 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:18:57.0312 3052 ch7009 - ok
19:18:57.0343 3052 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:18:57.0343 3052 ch7017 - ok
19:18:57.0375 3052 Changer - ok
19:18:57.0437 3052 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:18:57.0437 3052 CiSvc - ok
19:18:57.0500 3052 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:18:57.0515 3052 ClipSrv - ok
19:18:57.0609 3052 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:57.0921 3052 clr_optimization_v2.0.50727_32 - ok
19:18:58.0312 3052 [ DAA199690ED70FFE5765FBC3BCB48E7C ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:18:58.0343 3052 cmdAgent - ok
19:18:58.0390 3052 [ 60F9E45290DF5209DE2756812B3414C6 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:18:58.0406 3052 cmderd - ok
19:18:58.0468 3052 [ 7B470691BF8494AE294C0B4C546899ED ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:18:58.0500 3052 cmdGuard - ok
19:18:58.0531 3052 [ DD3EC4E63708D3519F6E4418AC5203A8 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:18:58.0531 3052 cmdHlp - ok
19:18:58.0546 3052 CmdIde - ok
19:18:58.0609 3052 [ 2BB9FB821D508758916CF4C78E68694A ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
19:18:58.0625 3052 cmdvirth - ok
19:18:58.0687 3052 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:18:58.0687 3052 CoachUsb - ok
19:18:58.0703 3052 CoachVc - ok
19:18:58.0718 3052 COMSysApp - ok
19:18:58.0765 3052 Cpqarray - ok
19:18:58.0781 3052 Crypkey License - ok
19:18:58.0843 3052 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:18:58.0859 3052 CryptSvc - ok
19:18:58.0875 3052 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:18:58.0875 3052 d3dUtil - ok
19:18:58.0890 3052 dac2w2k - ok
19:18:58.0921 3052 dac960nt - ok
19:18:59.0015 3052 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:18:59.0203 3052 DcomLaunch - ok
19:18:59.0250 3052 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:18:59.0265 3052 Dhcp - ok
19:18:59.0328 3052 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:18:59.0328 3052 Disk - ok
19:18:59.0343 3052 dmadmin - ok
19:18:59.0437 3052 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:18:59.0468 3052 dmboot - ok
19:18:59.0515 3052 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:18:59.0515 3052 dmio - ok
19:18:59.0562 3052 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:18:59.0562 3052 dmload - ok
19:18:59.0609 3052 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:18:59.0625 3052 dmserver - ok
19:18:59.0718 3052 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:18:59.0718 3052 DMusic - ok
19:18:59.0796 3052 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:18:59.0796 3052 Dnscache - ok
19:18:59.0843 3052 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:18:59.0859 3052 Dot3svc - ok
19:18:59.0875 3052 dpti2o - ok
19:18:59.0937 3052 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:18:59.0937 3052 drmkaud - ok
19:18:59.0953 3052 DwProt - ok
19:19:00.0015 3052 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:19:00.0015 3052 EapHost - ok
19:19:00.0078 3052 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:19:00.0093 3052 ERSvc - ok
19:19:00.0171 3052 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:19:00.0234 3052 Eventlog - ok
19:19:00.0281 3052 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:19:00.0296 3052 EventSystem - ok
19:19:00.0328 3052 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:19:00.0328 3052 Fastfat - ok
19:19:00.0390 3052 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:19:00.0500 3052 FastUserSwitchingCompatibility - ok
19:19:00.0609 3052 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:19:00.0609 3052 Fdc - ok
19:19:00.0640 3052 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:19:00.0656 3052 Fips - ok
19:19:00.0703 3052 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:19:00.0703 3052 Flpydisk - ok
19:19:00.0843 3052 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:19:00.0859 3052 FltMgr - ok
19:19:01.0078 3052 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:19:01.0093 3052 FontCache3.0.0.0 - ok
19:19:01.0187 3052 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:19:01.0187 3052 fs454 - ok
19:19:01.0296 3052 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:19:01.0296 3052 fssfltr - ok
19:19:01.0484 3052 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:19:01.0718 3052 fsssvc - ok
19:19:01.0796 3052 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:19:01.0796 3052 Fs_Rec - ok
19:19:01.0875 3052 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:19:01.0890 3052 Ftdisk - ok
19:19:01.0953 3052 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:19:01.0968 3052 Gpc - ok
19:19:02.0078 3052 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:19:02.0078 3052 gupdate - ok
19:19:02.0109 3052 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:19:02.0125 3052 gupdatem - ok
19:19:02.0218 3052 helpsvc - ok
19:19:02.0250 3052 HidServ - ok
19:19:02.0328 3052 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:19:02.0343 3052 hkmsvc - ok
19:19:02.0359 3052 hpn - ok
19:19:02.0453 3052 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:19:02.0453 3052 HTTP - ok
19:19:02.0515 3052 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:19:02.0718 3052 HTTPFilter - ok
19:19:02.0734 3052 i2omgmt - ok
19:19:02.0750 3052 i2omp - ok
19:19:02.0812 3052 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:19:02.0828 3052 i8042prt - ok
19:19:02.0953 3052 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:19:03.0015 3052 ialm - ok
19:19:03.0171 3052 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:19:03.0234 3052 idsvc - ok
19:19:03.0328 3052 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:19:03.0343 3052 igdmini - ok
19:19:03.0390 3052 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:19:03.0406 3052 Imapi - ok
19:19:03.0484 3052 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:19:03.0500 3052 ImapiService - ok
19:19:03.0531 3052 ini910u - ok
19:19:03.0625 3052 [ 5FDF42923656BF77DD5D7A5D8D0E1268 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:19:03.0625 3052 Inspect - ok
19:19:03.0703 3052 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:19:03.0703 3052 IntelIde - ok
19:19:03.0765 3052 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:19:03.0765 3052 intelppm - ok
19:19:03.0812 3052 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:19:03.0812 3052 ip6fw - ok
19:19:03.0859 3052 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:19:03.0859 3052 IpFilterDriver - ok
19:19:03.0906 3052 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:19:03.0906 3052 IpInIp - ok
19:19:03.0984 3052 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:19:03.0984 3052 IpNat - ok
19:19:04.0015 3052 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:19:04.0015 3052 IPSec - ok
19:19:04.0062 3052 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:19:04.0062 3052 IRENUM - ok
19:19:04.0125 3052 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:19:04.0171 3052 isapnp - ok
19:19:04.0187 3052 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:19:04.0203 3052 Kbdclass - ok
19:19:04.0250 3052 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:19:04.0265 3052 kmixer - ok
19:19:04.0343 3052 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:19:04.0359 3052 KSecDD - ok
19:19:04.0437 3052 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:19:04.0453 3052 lanmanserver - ok
19:19:04.0546 3052 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:19:04.0640 3052 lanmanworkstation - ok
19:19:04.0656 3052 lbrtfdc - ok
19:19:04.0750 3052 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:19:04.0750 3052 LmHosts - ok
19:19:04.0781 3052 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:19:04.0781 3052 lvds - ok
19:19:05.0000 3052 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:19:05.0218 3052 McciCMService - ok
19:19:05.0281 3052 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:19:05.0281 3052 Messenger - ok
19:19:05.0328 3052 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:19:05.0328 3052 mnmdd - ok
19:19:05.0406 3052 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:19:05.0406 3052 mnmsrvc - ok
19:19:05.0484 3052 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:19:05.0484 3052 Modem - ok
19:19:05.0546 3052 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:19:05.0546 3052 MODEMCSA - ok
19:19:05.0593 3052 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:19:05.0593 3052 Mouclass - ok
19:19:05.0625 3052 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:19:05.0640 3052 MountMgr - ok
19:19:05.0656 3052 mraid35x - ok
19:19:05.0734 3052 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:19:05.0734 3052 MREMP50 - ok
19:19:05.0781 3052 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:19:05.0781 3052 MREMPR5 - ok
19:19:05.0828 3052 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:19:05.0828 3052 MRENDIS5 - ok
19:19:05.0875 3052 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:19:05.0875 3052 MRESP50 - ok
19:19:05.0921 3052 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:19:05.0937 3052 MRxDAV - ok
19:19:06.0921 3052 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:19:06.0953 3052 MRxSmb - ok
19:19:07.0015 3052 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:19:07.0031 3052 MSDTC - ok
19:19:07.0109 3052 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:19:07.0109 3052 Msfs - ok
19:19:07.0125 3052 MSIServer - ok
19:19:07.0187 3052 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:19:07.0187 3052 MSKSSRV - ok
19:19:07.0218 3052 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:19:07.0234 3052 MSPCLOCK - ok
19:19:07.0250 3052 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:19:07.0250 3052 MSPQM - ok
19:19:07.0312 3052 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:19:07.0312 3052 mssmbios - ok
19:19:07.0359 3052 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:19:07.0359 3052 MSTEE - ok
19:19:07.0453 3052 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:19:07.0468 3052 Mup - ok
19:19:07.0546 3052 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:19:07.0546 3052 NABTSFEC - ok
19:19:07.0609 3052 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:19:07.0671 3052 napagent - ok
19:19:07.0734 3052 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:19:07.0750 3052 NDIS - ok
19:19:07.0812 3052 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:19:07.0812 3052 NdisIP - ok
19:19:07.0875 3052 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:19:07.0875 3052 NdisTapi - ok
19:19:07.0906 3052 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:19:07.0906 3052 Ndisuio - ok
19:19:07.0968 3052 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:19:07.0968 3052 NdisWan - ok
19:19:08.0093 3052 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:19:08.0093 3052 NDProxy - ok
19:19:08.0171 3052 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:19:08.0171 3052 NetBIOS - ok
19:19:08.0250 3052 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:19:08.0250 3052 NetBT - ok
19:19:08.0328 3052 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:19:08.0328 3052 NetDDE - ok
19:19:08.0343 3052 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:19:08.0359 3052 NetDDEdsdm - ok
19:19:08.0421 3052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:19:08.0437 3052 Netlogon - ok
19:19:08.0500 3052 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:19:08.0515 3052 Netman - ok
19:19:08.0562 3052 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:19:08.0578 3052 NetTcpPortSharing - ok
19:19:08.0640 3052 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:19:08.0640 3052 NetworkX - ok
19:19:08.0734 3052 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:19:08.0750 3052 Nla - ok
19:19:08.0796 3052 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:19:08.0796 3052 Npfs - ok
19:19:08.0859 3052 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:19:08.0859 3052 ns2501 - ok
19:19:08.0890 3052 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:19:08.0890 3052 ns387 - ok
19:19:08.0984 3052 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:19:09.0000 3052 Ntfs - ok
19:19:09.0031 3052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:19:09.0046 3052 NtLmSsp - ok
19:19:09.0140 3052 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:19:09.0171 3052 NtmsSvc - ok
19:19:09.0234 3052 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:19:09.0234 3052 Null - ok
19:19:09.0281 3052 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:19:09.0281 3052 NwlnkFlt - ok
19:19:09.0328 3052 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:19:09.0328 3052 NwlnkFwd - ok
19:19:09.0375 3052 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:19:09.0390 3052 NwlnkIpx - ok
19:19:09.0468 3052 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:19:09.0468 3052 NwlnkNb - ok
19:19:09.0500 3052 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:19:09.0531 3052 NwlnkSpx - ok
19:19:09.0609 3052 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:19:09.0609 3052 NwSapAgent - ok
19:19:09.0656 3052 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:19:09.0656 3052 OMCI - ok
19:19:09.0750 3052 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:19:09.0765 3052 Parport - ok
19:19:09.0781 3052 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:19:09.0796 3052 PartMgr - ok
19:19:09.0843 3052 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:19:09.0843 3052 ParVdm - ok
19:19:09.0937 3052 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{E9D79540-57D5953E-06020200}_0 c:\program files\dell support center\pcdsrvc.pkms
19:19:09.0968 3052 PCDSRVC{E9D79540-57D5953E-06020200}_0 - ok
19:19:10.0015 3052 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:19:10.0031 3052 PCI - ok
19:19:10.0046 3052 PCIDump - ok
19:19:10.0125 3052 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:19:10.0125 3052 PCIIde - ok
19:19:10.0187 3052 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:19:10.0203 3052 Pcmcia - ok
19:19:10.0218 3052 PDCOMP - ok
19:19:10.0234 3052 PDFRAME - ok
19:19:10.0250 3052 PDRELI - ok
19:19:10.0265 3052 PDRFRAME - ok
19:19:10.0281 3052 perc2 - ok
19:19:10.0296 3052 perc2hib - ok
19:19:10.0343 3052 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:19:10.0359 3052 PlugPlay - ok
19:19:10.0921 3052 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:19:11.0203 3052 PMBDeviceInfoProvider - ok
19:19:11.0250 3052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:19:11.0265 3052 PolicyAgent - ok
19:19:11.0328 3052 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:19:11.0343 3052 PptpMiniport - ok
19:19:11.0375 3052 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:19:11.0375 3052 Processor - ok
19:19:11.0390 3052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:19:11.0390 3052 ProtectedStorage - ok
19:19:11.0421 3052 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:19:11.0421 3052 PSched - ok
19:19:11.0484 3052 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:19:11.0484 3052 Ptilink - ok
19:19:11.0562 3052 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:19:11.0562 3052 PxHelp20 - ok
19:19:11.0578 3052 ql1080 - ok
19:19:11.0609 3052 Ql10wnt - ok
19:19:11.0625 3052 ql12160 - ok
19:19:11.0656 3052 ql1240 - ok
19:19:11.0671 3052 ql1280 - ok
19:19:11.0734 3052 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:19:11.0734 3052 RasAcd - ok
19:19:11.0812 3052 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:19:11.0812 3052 RasAuto - ok
19:19:11.0859 3052 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:19:11.0859 3052 Rasl2tp - ok
19:19:11.0937 3052 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:19:11.0953 3052 RasMan - ok
19:19:11.0984 3052 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:19:12.0000 3052 RasPppoe - ok
19:19:12.0062 3052 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:19:12.0062 3052 Raspti - ok
19:19:12.0093 3052 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:19:12.0109 3052 Rdbss - ok
19:19:12.0140 3052 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:19:12.0140 3052 RDPCDD - ok
19:19:12.0218 3052 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:19:12.0218 3052 RDPWD - ok
19:19:12.0281 3052 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:19:12.0296 3052 RDSessMgr - ok
19:19:12.0359 3052 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:19:12.0359 3052 redbook - ok
19:19:12.0406 3052 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:19:12.0421 3052 RemoteAccess - ok
19:19:12.0468 3052 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:19:12.0468 3052 RpcLocator - ok
19:19:12.0562 3052 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:19:12.0578 3052 RpcSs - ok
19:19:12.0671 3052 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:19:12.0687 3052 RSVP - ok
19:19:12.0750 3052 SABProcEnum - ok
19:19:12.0781 3052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:19:12.0781 3052 SamSs - ok
19:19:12.0828 3052 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:19:12.0843 3052 SCardSvr - ok
19:19:12.0953 3052 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:19:12.0968 3052 Schedule - ok
19:19:13.0031 3052 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:19:13.0046 3052 Secdrv - ok
19:19:13.0078 3052 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:19:13.0078 3052 seclogon - ok
19:19:13.0125 3052 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:19:13.0125 3052 SENS - ok
19:19:13.0187 3052 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:19:13.0187 3052 serenum - ok
19:19:13.0218 3052 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:19:13.0218 3052 Serial - ok
19:19:13.0296 3052 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:19:13.0312 3052 Sfloppy - ok
19:19:13.0406 3052 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:19:13.0468 3052 SharedAccess - ok
19:19:13.0500 3052 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:19:13.0515 3052 ShellHWDetection - ok
19:19:13.0531 3052 [ 2327F5FFA223EC9B415F4A0CDBDF4EE1 ] sii164 C:\WINDOWS\system32\DRIVERS\sii164.sys
19:19:13.0546 3052 sii164 - ok
19:19:13.0562 3052 Simbad - ok
19:19:13.0625 3052 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:19:13.0640 3052 SLIP - ok
19:19:13.0703 3052 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:19:13.0703 3052 SmartDefragDriver - ok
19:19:13.0843 3052 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:19:13.0875 3052 smwdm - ok
19:19:13.0890 3052 Sparrow - ok
19:19:13.0921 3052 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:19:13.0921 3052 splitter - ok
19:19:14.0000 3052 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:19:14.0109 3052 Spooler - ok
19:19:14.0156 3052 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:19:14.0156 3052 sr - ok
19:19:14.0218 3052 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:19:14.0234 3052 srservice - ok
19:19:14.0328 3052 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:19:14.0359 3052 Srv - ok
19:19:14.0437 3052 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:19:14.0437 3052 SSDPSRV - ok
19:19:14.0515 3052 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:19:14.0531 3052 STAC97 - ok
19:19:14.0625 3052 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:19:14.0718 3052 stisvc - ok
19:19:14.0781 3052 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:19:14.0796 3052 streamip - ok
19:19:14.0812 3052 SVKP - ok
19:19:14.0859 3052 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:19:14.0875 3052 swenum - ok
19:19:14.0953 3052 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:19:14.0953 3052 swmidi - ok
19:19:14.0968 3052 SwPrv - ok
19:19:15.0000 3052 symc810 - ok
19:19:15.0015 3052 symc8xx - ok
19:19:15.0046 3052 sym_hi - ok
19:19:15.0062 3052 sym_u3 - ok
19:19:15.0093 3052 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:19:15.0109 3052 sysaudio - ok
19:19:15.0156 3052 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:19:15.0171 3052 SysmonLog - ok
19:19:15.0312 3052 SysProtDrv.sys - ok
19:19:15.0390 3052 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:19:15.0406 3052 TapiSrv - ok
19:19:15.0515 3052 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:19:15.0562 3052 Tcpip - ok
19:19:15.0625 3052 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:19:15.0640 3052 TDPIPE - ok
19:19:15.0703 3052 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:19:15.0703 3052 TDTCP - ok
19:19:15.0750 3052 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:19:15.0750 3052 TermDD - ok
19:19:15.0859 3052 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:19:15.0890 3052 TermService - ok
19:19:15.0953 3052 [ 201BE1C73FA333A8872AD738AC49B9B4 ] th164 C:\WINDOWS\system32\DRIVERS\th164.sys
19:19:15.0953 3052 th164 - ok
19:19:15.0984 3052 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:19:16.0000 3052 Themes - ok
19:19:16.0031 3052 [ AB9720ADBE304893516521D2E440BD45 ] ti410 C:\WINDOWS\system32\DRIVERS\ti410.sys
19:19:16.0031 3052 ti410 - ok
19:19:16.0046 3052 TICalc - ok
19:19:16.0125 3052 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:19:16.0140 3052 tmcomm - ok
19:19:16.0156 3052 TosIde - ok
19:19:16.0218 3052 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:19:16.0234 3052 TrkWks - ok
19:19:16.0281 3052 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:19:16.0281 3052 Udfs - ok
19:19:16.0328 3052 ultra - ok
19:19:16.0421 3052 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:19:16.0453 3052 Update - ok
19:19:16.0500 3052 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:19:16.0515 3052 upnphost - ok
19:19:16.0578 3052 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:19:16.0578 3052 UPS - ok
19:19:16.0640 3052 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:19:16.0640 3052 usbehci - ok
19:19:16.0703 3052 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:19:16.0718 3052 usbhub - ok
19:19:16.0781 3052 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:19:16.0781 3052 usbscan - ok
19:19:16.0828 3052 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:19:16.0828 3052 USBSTOR - ok
19:19:16.0859 3052 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:19:16.0875 3052 usbuhci - ok
19:19:16.0890 3052 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:19:16.0921 3052 VgaSave - ok
19:19:16.0937 3052 ViaIde - ok
19:19:17.0015 3052 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:19:17.0015 3052 VolSnap - ok
19:19:17.0078 3052 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:19:17.0109 3052 VSS - ok
19:19:17.0187 3052 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:19:17.0218 3052 W32Time - ok
19:19:17.0265 3052 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:19:17.0265 3052 Wanarp - ok
19:19:17.0281 3052 WDICA - ok
19:19:17.0359 3052 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:19:17.0359 3052 wdmaud - ok
19:19:17.0421 3052 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:19:17.0421 3052 WebClient - ok
19:19:17.0562 3052 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:19:17.0578 3052 winmgmt - ok
19:19:17.0718 3052 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:19:17.0921 3052 WinRM - ok
19:19:18.0000 3052 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:19:18.0109 3052 WmdmPmSN - ok
19:19:18.0171 3052 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:19:18.0187 3052 WmiApSrv - ok
19:19:18.0218 3052 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:19:18.0218 3052 WpdUsb - ok
19:19:18.0296 3052 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:19:18.0296 3052 WS2IFSL - ok
19:19:18.0390 3052 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:19:18.0406 3052 wscsvc - ok
19:19:18.0421 3052 WSearch - ok
19:19:18.0484 3052 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:19:18.0484 3052 WSTCODEC - ok
19:19:18.0546 3052 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:19:18.0593 3052 wuauserv - ok
19:19:18.0656 3052 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:19:18.0656 3052 WudfPf - ok
19:19:18.0718 3052 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:19:18.0718 3052 WudfRd - ok
19:19:18.0765 3052 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:19:18.0781 3052 WudfSvc - ok
19:19:18.0843 3052 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:19:18.0875 3052 xmlprov - ok
19:19:18.0890 3052 zntport - ok
19:19:18.0953 3052 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:19:18.0953 3052 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:19:19.0031 3052 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:19:19.0046 3052 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:19:19.0046 3052 ================ Scan global ===============================
19:19:19.0109 3052 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:19:19.0187 3052 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:19:19.0234 3052 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:19:19.0281 3052 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:19:19.0281 3052 [Global] - ok
19:19:19.0296 3052 ================ Scan MBR ==================================
19:19:19.0328 3052 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:19:19.0578 3052 \Device\Harddisk0\DR0 - ok
19:19:19.0578 3052 ================ Scan VBR ==================================
19:19:19.0578 3052 [ D1DAFF5B33FC746EBC58ADAEC37E6BBC ] \Device\Harddisk0\DR0\Partition1
19:19:19.0578 3052 \Device\Harddisk0\DR0\Partition1 - ok
19:19:19.0593 3052 ============================================================
19:19:19.0593 3052 Scan finished
19:19:19.0593 3052 ============================================================
19:19:19.0625 0532 Detected object count: 0
19:19:19.0625 0532 Actual detected object count: 0
19:20:18.0265 1440 ==============================================


Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 4:37 am

Hi Super Dave:

Posting second half of the TDSSKILLER.

Thanks,
Karen

8.0265 1440 Scan started
19:20:18.0265 1440 Mode: Manual;
19:20:18.0265 1440 ============================================================
19:20:18.0500 1440 ================ Scan system memory ========================
19:20:18.0546 1440 System memory - ok
19:20:18.0546 1440 ================ Scan services =============================
19:20:18.0812 1440 Abiosdsk - ok
19:20:18.0828 1440 abp480n5 - ok
19:20:18.0921 1440 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:20:18.0921 1440 ACPI - ok
19:20:19.0000 1440 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:20:19.0000 1440 ACPIEC - ok
19:20:19.0031 1440 adpu160m - ok
19:20:19.0109 1440 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:20:19.0125 1440 aeaudio - ok
19:20:19.0156 1440 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:20:19.0171 1440 aec - ok
19:20:19.0250 1440 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:20:19.0250 1440 Afc - ok
19:20:19.0312 1440 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:20:19.0328 1440 AFD - ok
19:20:19.0343 1440 Aha154x - ok
19:20:19.0375 1440 aic78u2 - ok
19:20:19.0406 1440 aic78xx - ok
19:20:19.0453 1440 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:20:19.0453 1440 Alerter - ok
19:20:19.0515 1440 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:20:19.0515 1440 ALG - ok
19:20:19.0546 1440 AliIde - ok
19:20:19.0578 1440 amsint - ok
19:20:19.0593 1440 AppMgmt - ok
19:20:19.0625 1440 asc - ok
19:20:19.0656 1440 asc3350p - ok
19:20:19.0671 1440 asc3550 - ok
19:20:19.0875 1440 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:20:19.0875 1440 aspnet_state - ok
19:20:19.0937 1440 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:20:19.0937 1440 AsyncMac - ok
19:20:20.0000 1440 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:20:20.0000 1440 atapi - ok
19:20:20.0031 1440 Atdisk - ok
19:20:20.0078 1440 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:20:20.0078 1440 Atmarpc - ok
19:20:20.0156 1440 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:20:20.0156 1440 AudioSrv - ok
19:20:20.0218 1440 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:20:20.0218 1440 audstub - ok
19:20:20.0296 1440 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:20:20.0296 1440 BANTExt - ok
19:20:20.0390 1440 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:20:20.0390 1440 bcm4sbxp - ok
19:20:20.0484 1440 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:20:20.0500 1440 BCMModem - ok
19:20:20.0578 1440 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:20:20.0578 1440 Beep - ok
19:20:20.0687 1440 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:20:20.0703 1440 BITS - ok
19:20:20.0781 1440 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:20:20.0781 1440 Browser - ok
19:20:20.0984 1440 catchme - ok
19:20:21.0046 1440 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:20:21.0062 1440 cbidf2k - ok
19:20:21.0109 1440 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:20:21.0109 1440 CCDECODE - ok
19:20:21.0125 1440 cd20xrnt - ok
19:20:21.0187 1440 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:20:21.0187 1440 Cdaudio - ok
19:20:21.0281 1440 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:20:21.0281 1440 Cdfs - ok
19:20:21.0312 1440 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:20:21.0328 1440 Cdrom - ok
19:20:21.0406 1440 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:20:21.0406 1440 ch7009 - ok
19:20:21.0437 1440 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:20:21.0437 1440 ch7017 - ok
19:20:21.0468 1440 Changer - ok
19:20:21.0531 1440 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:20:21.0531 1440 CiSvc - ok
19:20:21.0609 1440 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:20:21.0609 1440 ClipSrv - ok
19:20:21.0687 1440 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:21.0687 1440 clr_optimization_v2.0.50727_32 - ok
19:20:22.0015 1440 [ DAA199690ED70FFE5765FBC3BCB48E7C ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:20:22.0046 1440 cmdAgent - ok
19:20:22.0125 1440 [ 60F9E45290DF5209DE2756812B3414C6 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:20:22.0125 1440 cmderd - ok
19:20:22.0203 1440 [ 7B470691BF8494AE294C0B4C546899ED ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:20:22.0203 1440 cmdGuard - ok
19:20:22.0250 1440 [ DD3EC4E63708D3519F6E4418AC5203A8 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:20:22.0250 1440 cmdHlp - ok
19:20:22.0265 1440 CmdIde - ok
19:20:22.0343 1440 [ 2BB9FB821D508758916CF4C78E68694A ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
19:20:22.0343 1440 cmdvirth - ok
19:20:22.0406 1440 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:20:22.0406 1440 CoachUsb - ok
19:20:22.0437 1440 CoachVc - ok
19:20:22.0468 1440 COMSysApp - ok
19:20:22.0500 1440 Cpqarray - ok
19:20:22.0531 1440 Crypkey License - ok
19:20:22.0609 1440 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:20:22.0609 1440 CryptSvc - ok
19:20:22.0671 1440 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:20:22.0671 1440 d3dUtil - ok
19:20:22.0687 1440 dac2w2k - ok
19:20:22.0718 1440 dac960nt - ok
19:20:22.0828 1440 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:20:22.0828 1440 DcomLaunch - ok
19:20:22.0890 1440 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:20:22.0906 1440 Dhcp - ok
19:20:22.0984 1440 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:20:22.0984 1440 Disk - ok
19:20:23.0000 1440 dmadmin - ok
19:20:23.0109 1440 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:20:23.0125 1440 dmboot - ok
19:20:23.0171 1440 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:20:23.0171 1440 dmio - ok
19:20:23.0234 1440 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:20:23.0234 1440 dmload - ok
19:20:23.0281 1440 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:20:23.0296 1440 dmserver - ok
19:20:23.0390 1440 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:20:23.0390 1440 DMusic - ok
19:20:23.0484 1440 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:20:23.0484 1440 Dnscache - ok
19:20:23.0546 1440 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:20:23.0546 1440 Dot3svc - ok
19:20:23.0578 1440 dpti2o - ok
19:20:23.0640 1440 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:20:23.0656 1440 drmkaud - ok
19:20:23.0671 1440 DwProt - ok
19:20:23.0734 1440 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:20:23.0734 1440 EapHost - ok
19:20:23.0812 1440 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:20:23.0812 1440 ERSvc - ok
19:20:23.0906 1440 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:20:23.0906 1440 Eventlog - ok
19:20:23.0984 1440 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:20:23.0984 1440 EventSystem - ok
19:20:24.0031 1440 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:20:24.0046 1440 Fastfat - ok
19:20:24.0109 1440 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:20:24.0125 1440 FastUserSwitchingCompatibility - ok
19:20:24.0218 1440 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:20:24.0218 1440 Fdc - ok
19:20:24.0265 1440 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:20:24.0265 1440 Fips - ok
19:20:24.0343 1440 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:20:24.0343 1440 Flpydisk - ok
19:20:24.0421 1440 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:20:24.0421 1440 FltMgr - ok
19:20:24.0546 1440 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:20:24.0546 1440 FontCache3.0.0.0 - ok
19:20:24.0625 1440 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:20:24.0625 1440 fs454 - ok
19:20:24.0718 1440 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:20:24.0734 1440 fssfltr - ok
19:20:24.0906 1440 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:20:24.0921 1440 fsssvc - ok
19:20:25.0000 1440 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:20:25.0000 1440 Fs_Rec - ok
19:20:25.0078 1440 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:20:25.0078 1440 Ftdisk - ok
19:20:25.0140 1440 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:20:25.0156 1440 Gpc - ok
19:20:25.0265 1440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:20:25.0265 1440 gupdate - ok
19:20:25.0296 1440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:20:25.0296 1440 gupdatem - ok
19:20:25.0406 1440 helpsvc - ok
19:20:25.0421 1440 HidServ - ok
19:20:25.0484 1440 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:20:25.0500 1440 hkmsvc - ok
19:20:25.0515 1440 hpn - ok
19:20:25.0609 1440 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:20:25.0609 1440 HTTP - ok
19:20:25.0687 1440 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:20:25.0703 1440 HTTPFilter - ok
19:20:25.0718 1440 i2omgmt - ok
19:20:25.0750 1440 i2omp - ok
19:20:25.0828 1440 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:20:25.0828 1440 i8042prt - ok
19:20:25.0937 1440 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:20:25.0937 1440 ialm - ok
19:20:26.0093 1440 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:20:26.0109 1440 idsvc - ok
19:20:26.0203 1440 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:20:26.0203 1440 igdmini - ok
19:20:26.0281 1440 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:20:26.0281 1440 Imapi - ok
19:20:26.0359 1440 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:20:26.0375 1440 ImapiService - ok
19:20:26.0406 1440 ini910u - ok
19:20:26.0500 1440 [ 5FDF42923656BF77DD5D7A5D8D0E1268 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:20:26.0500 1440 Inspect - ok
19:20:26.0531 1440 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:20:26.0531 1440 IntelIde - ok
19:20:26.0609 1440 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:20:26.0609 1440 intelppm - ok
19:20:26.0671 1440 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:20:26.0671 1440 ip6fw - ok
19:20:26.0750 1440 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:20:26.0750 1440 IpFilterDriver - ok
19:20:26.0781 1440 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:20:26.0781 1440 IpInIp - ok
19:20:26.0859 1440 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:20:26.0859 1440 IpNat - ok
19:20:26.0906 1440 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:20:26.0906 1440 IPSec - ok
19:20:26.0968 1440 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:20:26.0968 1440 IRENUM - ok
19:20:27.0031 1440 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:20:27.0031 1440 isapnp - ok
19:20:27.0062 1440 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:20:27.0062 1440 Kbdclass - ok
19:20:27.0125 1440 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:20:27.0125 1440 kmixer - ok
19:20:27.0187 1440 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:20:27.0203 1440 KSecDD - ok
19:20:27.0265 1440 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:20:27.0281 1440 lanmanserver - ok
19:20:27.0375 1440 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:20:27.0390 1440 lanmanworkstation - ok
19:20:27.0406 1440 lbrtfdc - ok
19:20:27.0515 1440 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:20:27.0515 1440 LmHosts - ok
19:20:27.0546 1440 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:20:27.0562 1440 lvds - ok
19:20:27.0750 1440 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:20:27.0765 1440 McciCMService - ok
19:20:27.0812 1440 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:20:27.0828 1440 Messenger - ok
19:20:27.0890 1440 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:20:27.0890 1440 mnmdd - ok
19:20:27.0968 1440 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:20:27.0984 1440 mnmsrvc - ok
19:20:28.0062 1440 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:20:28.0062 1440 Modem - ok
19:20:28.0125 1440 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:20:28.0125 1440 MODEMCSA - ok
19:20:28.0171 1440 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:20:28.0171 1440 Mouclass - ok
19:20:28.0203 1440 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:20:28.0218 1440 MountMgr - ok
19:20:28.0234 1440 mraid35x - ok
19:20:28.0296 1440 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:20:28.0296 1440 MREMP50 - ok
19:20:28.0375 1440 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:20:28.0375 1440 MREMPR5 - ok
19:20:28.0437 1440 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:20:28.0437 1440 MRENDIS5 - ok
19:20:28.0468 1440 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:20:28.0468 1440 MRESP50 - ok
19:20:28.0531 1440 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:20:28.0531 1440 MRxDAV - ok
19:20:28.0656 1440 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:20:28.0656 1440 MRxSmb - ok
19:20:28.0734 1440 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:20:28.0750 1440 MSDTC - ok
19:20:28.0828 1440 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:20:28.0828 1440 Msfs - ok
19:20:28.0843 1440 MSIServer - ok
19:20:28.0890 1440 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:20:28.0890 1440 MSKSSRV - ok
19:20:28.0921 1440 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:20:28.0937 1440 MSPCLOCK - ok
19:20:28.0968 1440 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:20:28.0968 1440 MSPQM - ok
19:20:29.0031 1440 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:20:29.0031 1440 mssmbios - ok
19:20:29.0093 1440 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:20:29.0093 1440 MSTEE - ok
19:20:29.0187 1440 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:20:29.0203 1440 Mup - ok
19:20:29.0281 1440 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:20:29.0281 1440 NABTSFEC - ok
19:20:29.0359 1440 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:20:29.0375 1440 napagent - ok
19:20:29.0453 1440 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:20:29.0453 1440 NDIS - ok
19:20:29.0531 1440 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:20:29.0531 1440 NdisIP - ok
19:20:29.0593 1440 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:20:29.0593 1440 NdisTapi - ok
19:20:29.0640 1440 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:20:29.0640 1440 Ndisuio - ok
19:20:29.0718 1440 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:20:29.0718 1440 NdisWan - ok
19:20:29.0796 1440 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:20:29.0796 1440 NDProxy - ok
19:20:29.0843 1440 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:20:29.0843 1440 NetBIOS - ok
19:20:29.0906 1440 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:20:29.0906 1440 NetBT - ok
19:20:29.0968 1440 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:20:29.0984 1440 NetDDE - ok
19:20:30.0000 1440 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:20:30.0015 1440 NetDDEdsdm - ok
19:20:30.0093 1440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:20:30.0093 1440 Netlogon - ok
19:20:30.0187 1440 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:20:30.0187 1440 Netman - ok
19:20:30.0265 1440 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:20:30.0265 1440 NetTcpPortSharing - ok
19:20:30.0328 1440 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:20:30.0343 1440 NetworkX - ok
19:20:30.0437 1440 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:20:30.0453 1440 Nla - ok
19:20:30.0500 1440 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:20:30.0500 1440 Npfs - ok
19:20:30.0578 1440 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:20:30.0578 1440 ns2501 - ok
19:20:30.0640 1440 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:20:30.0640 1440 ns387 - ok
19:20:30.0750 1440 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:20:30.0765 1440 Ntfs - ok
19:20:30.0796 1440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:20:30.0812 1440 NtLmSsp - ok
19:20:30.0906 1440 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:20:30.0921 1440 NtmsSvc - ok
19:20:30.0984 1440 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:20:30.0984 1440 Null - ok
19:20:31.0046 1440 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:20:31.0046 1440 NwlnkFlt - ok
19:20:31.0093 1440 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:20:31.0093 1440 NwlnkFwd - ok
19:20:31.0156 1440 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:20:31.0156 1440 NwlnkIpx - ok
19:20:31.0250 1440 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:20:31.0250 1440 NwlnkNb - ok
19:20:31.0296 1440 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:20:31.0296 1440 NwlnkSpx - ok
19:20:31.0390 1440 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:20:31.0390 1440 NwSapAgent - ok
19:20:31.0421 1440 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:20:31.0437 1440 OMCI - ok
19:20:31.0531 1440 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:20:31.0546 1440 Parport - ok
19:20:31.0578 1440 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:20:31.0578 1440 PartMgr - ok
19:20:31.0640 1440 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:20:31.0656 1440 ParVdm - ok
19:20:31.0765 1440 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{E9D79540-57D5953E-06020200}_0 c:\program files\dell support center\pcdsrvc.pkms
19:20:31.0781 1440 PCDSRVC{E9D79540-57D5953E-06020200}_0 - ok
19:20:31.0828 1440 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:20:31.0828 1440 PCI - ok
19:20:31.0859 1440 PCIDump - ok
19:20:31.0953 1440 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:20:31.0953 1440 PCIIde - ok
19:20:32.0031 1440 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:20:32.0046 1440 Pcmcia - ok
19:20:32.0062 1440 PDCOMP - ok
19:20:32.0093 1440 PDFRAME - ok
19:20:32.0125 1440 PDRELI - ok
19:20:32.0156 1440 PDRFRAME - ok
19:20:32.0187 1440 perc2 - ok
19:20:32.0203 1440 perc2hib - ok
19:20:32.0296 1440 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:20:32.0312 1440 PlugPlay - ok
19:20:32.0500 1440 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:20:32.0500 1440 PMBDeviceInfoProvider - ok
19:20:32.0546 1440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:20:32.0546 1440 PolicyAgent - ok
19:20:32.0640 1440 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:20:32.0640 1440 PptpMiniport - ok
19:20:32.0718 1440 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:20:32.0718 1440 Processor - ok
19:20:32.0750 1440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:20:32.0750 1440 ProtectedStorage - ok
19:20:32.0781 1440 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:20:32.0781 1440 PSched - ok
19:20:32.0859 1440 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:20:32.0859 1440 Ptilink - ok
19:20:32.0937 1440 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:20:32.0953 1440 PxHelp20 - ok
19:20:32.0968 1440 ql1080 - ok
19:20:33.0000 1440 Ql10wnt - ok
19:20:33.0031 1440 ql12160 - ok
19:20:33.0062 1440 ql1240 - ok
19:20:33.0078 1440 ql1280 - ok
19:20:33.0109 1440 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:20:33.0125 1440 RasAcd - ok
19:20:33.0187 1440 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:20:33.0187 1440 RasAuto - ok
19:20:33.0250 1440 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:20:33.0250 1440 Rasl2tp - ok
19:20:33.0328 1440 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:20:33.0343 1440 RasMan - ok
19:20:33.0421 1440 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:20:33.0421 1440 RasPppoe - ok
19:20:33.0515 1440 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:20:33.0515 1440 Raspti - ok
19:20:33.0562 1440 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:20:33.0562 1440 Rdbss - ok
19:20:33.0593 1440 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:20:33.0593 1440 RDPCDD - ok
19:20:33.0734 1440 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:20:33.0734 1440 RDPWD - ok
19:20:33.0828 1440 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:20:33.0843 1440 RDSessMgr - ok
19:20:33.0906 1440 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:20:33.0906 1440 redbook - ok
19:20:33.0968 1440 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:20:33.0984 1440 RemoteAccess - ok
19:20:34.0046 1440 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:20:34.0046 1440 RpcLocator - ok
19:20:34.0140 1440 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:20:34.0140 1440 RpcSs - ok
19:20:34.0218 1440 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:20:34.0234 1440 RSVP - ok
19:20:34.0296 1440 SABProcEnum - ok
19:20:34.0328 1440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:20:34.0328 1440 SamSs - ok
19:20:34.0390 1440 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:20:34.0390 1440 SCardSvr - ok
19:20:34.0484 1440 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:20:34.0484 1440 Schedule - ok
19:20:34.0578 1440 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:20:34.0578 1440 Secdrv - ok
19:20:34.0609 1440 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:20:34.0609 1440 seclogon - ok
19:20:34.0671 1440 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:20:34.0671 1440 SENS - ok
19:20:34.0765 1440 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:20:34.0765 1440 serenum - ok
19:20:34.0796 1440 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:20:34.0812 1440 Serial - ok
19:20:34.0875 1440 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:20:34.0875 1440 Sfloppy - ok
19:20:34.0968 1440 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:20:34.0984 1440 SharedAccess - ok
19:20:35.0031 1440 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:20:35.0031 1440 ShellHWDetection - ok
19:20:35.0062 1440 [ 2327F5FFA223EC9B415F4A0CDBDF4EE1 ] sii164 C:\WINDOWS\system32\DRIVERS\sii164.sys
19:20:35.0078 1440 sii164 - ok
19:20:35.0093 1440 Simbad - ok
19:20:35.0171 1440 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:20:35.0171 1440 SLIP - ok
19:20:35.0265 1440 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:20:35.0281 1440 SmartDefragDriver - ok
19:20:35.0406 1440 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:20:35.0421 1440 smwdm - ok
19:20:35.0453 1440 Sparrow - ok
19:20:35.0484 1440 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:20:35.0500 1440 splitter - ok
19:20:35.0578 1440 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:20:35.0578 1440 Spooler - ok
19:20:35.0625 1440 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:20:35.0625 1440 sr - ok
19:20:35.0718 1440 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:20:35.0734 1440 srservice - ok
19:20:35.0812 1440 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:20:35.0828 1440 Srv - ok
19:20:35.0875 1440 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:20:35.0875 1440 SSDPSRV - ok
19:20:35.0953 1440 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:20:35.0968 1440 STAC97 - ok
19:20:36.0078 1440 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:20:36.0093 1440 stisvc - ok
19:20:36.0125 1440 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:20:36.0125 1440 streamip - ok
19:20:36.0156 1440 SVKP - ok
19:20:36.0234 1440 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:20:36.0234 1440 swenum - ok
19:20:36.0296 1440 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:20:36.0296 1440 swmidi - ok
19:20:36.0328 1440 SwPrv - ok
19:20:36.0375 1440 symc810 - ok
19:20:36.0390 1440 symc8xx - ok
19:20:36.0421 1440 sym_hi - ok
19:20:36.0453 1440 sym_u3 - ok
19:20:36.0500 1440 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:20:36.0500 1440 sysaudio - ok
19:20:36.0562 1440 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:20:36.0562 1440 SysmonLog - ok
19:20:36.0703 1440 SysProtDrv.sys - ok
19:20:36.0796 1440 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:20:36.0796 1440 TapiSrv - ok
19:20:36.0921 1440 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:20:36.0921 1440 Tcpip - ok
19:20:37.0000 1440 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:20:37.0000 1440 TDPIPE - ok
19:20:37.0062 1440 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:20:37.0062 1440 TDTCP - ok
19:20:37.0125 1440 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:20:37.0125 1440 TermDD - ok
19:20:37.0234 1440 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:20:37.0250 1440 TermService - ok
19:20:37.0312 1440 [ 201BE1C73FA333A8872AD738AC49B9B4 ] th164 C:\WINDOWS\system32\DRIVERS\th164.sys
19:20:37.0328 1440 th164 - ok
19:20:37.0359 1440 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:20:37.0375 1440 Themes - ok
19:20:37.0421 1440 [ AB9720ADBE304893516521D2E440BD45 ] ti410 C:\WINDOWS\system32\DRIVERS\ti410.sys
19:20:37.0421 1440 ti410 - ok
19:20:37.0437 1440 TICalc - ok
19:20:37.0531 1440 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:20:37.0531 1440 tmcomm - ok
19:20:37.0546 1440 TosIde - ok
19:20:37.0625 1440 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:20:37.0625 1440 TrkWks - ok
19:20:37.0687 1440 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:20:37.0703 1440 Udfs - ok
19:20:37.0750 1440 ultra - ok
19:20:37.0843 1440 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:20:37.0859 1440 Update - ok
19:20:37.0921 1440 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:20:37.0937 1440 upnphost - ok
19:20:38.0015 1440 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:20:38.0031 1440 UPS - ok
19:20:38.0093 1440 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:20:38.0093 1440 usbehci - ok
19:20:38.0156 1440 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:20:38.0156 1440 usbhub - ok
19:20:38.0203 1440 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:20:38.0218 1440 usbscan - ok
19:20:38.0296 1440 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:20:38.0296 1440 USBSTOR - ok
19:20:38.0359 1440 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:20:38.0375 1440 usbuhci - ok
19:20:38.0421 1440 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:20:38.0421 1440 VgaSave - ok
19:20:38.0453 1440 ViaIde - ok
19:20:38.0546 1440 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:38.0546 1440 VolSnap - ok
19:20:38.0625 1440 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:20:38.0640 1440 VSS - ok
19:20:38.0750 1440 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:20:38.0750 1440 W32Time - ok
19:20:38.0812 1440 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:38.0812 1440 Wanarp - ok
19:20:38.0843 1440 WDICA - ok
19:20:38.0921 1440 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:38.0921 1440 wdmaud - ok
19:20:38.0968 1440 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:20:38.0984 1440 WebClient - ok
19:20:39.0140 1440 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:20:39.0140 1440 winmgmt - ok
19:20:39.0296 1440 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:20:39.0328 1440 WinRM - ok
19:20:39.0421 1440 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:20:39.0421 1440 WmdmPmSN - ok
19:20:39.0515 1440 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:20:39.0515 1440 WmiApSrv - ok
19:20:39.0562 1440 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:20:39.0562 1440 WpdUsb - ok
19:20:39.0640 1440 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:20:39.0640 1440 WS2IFSL - ok
19:20:39.0734 1440 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:20:39.0750 1440 wscsvc - ok
19:20:39.0781 1440 WSearch - ok
19:20:39.0859 1440 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:20:39.0859 1440 WSTCODEC - ok
19:20:39.0906 1440 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:20:39.0921 1440 wuauserv - ok
19:20:39.0984 1440 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:20:40.0000 1440 WudfPf - ok
19:20:40.0031 1440 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:20:40.0046 1440 WudfRd - ok
19:20:40.0093 1440 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:20:40.0109 1440 WudfSvc - ok
19:20:40.0156 1440 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:20:40.0171 1440 xmlprov - ok
19:20:40.0203 1440 zntport - ok
19:20:40.0265 1440 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:20:40.0265 1440 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:20:40.0359 1440 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:20:40.0359 1440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:20:40.0375 1440 ================ Scan global ===============================
19:20:40.0421 1440 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:20:40.0500 1440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:20:40.0562 1440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:20:40.0593 1440 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:20:40.0609 1440 [Global] - ok
19:20:40.0609 1440 ================ Scan MBR ==================================
19:20:40.0640 1440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:20:40.0921 1440 \Device\Harddisk0\DR0 - ok
19:20:40.0921 1440 ================ Scan VBR ==================================
19:20:40.0937 1440 [ D1DAFF5B33FC746EBC58ADAEC37E6BBC ] \Device\Harddisk0\DR0\Partition1
19:20:40.0937 1440 \Device\Harddisk0\DR0\Partition1 - ok
19:20:40.0937 1440 ============================================================
19:20:40.0937 1440 Scan finished
19:20:40.0937 1440 ============================================================
19:20:40.0968 1316 Detected object count: 0
19:20:40.0968 1316 Actual detected object count: 0
19:21:09.0296 3460 Deinitialize success

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Fri Feb 22, 2013 8:36 pm

The log shows you have two AV programs on your computer. Only one should be enabled at any given time otherwise, they will cause conflicts.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: facebook.com\www
    Trusted Zone: GeekPolice.net\www

    DDS::
    Trusted Zone: facebook.com\www
    Trusted Zone: GeekPolice.net\www

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log if you run this script.


I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Fri Feb 22, 2013 9:18 pm

Hi Super Dave:

I had briefly installed Zone Alarm on my computer. I thought it would be good because it was a combo virus and firewall. It didnot work well on my computer. I uninstalled it.

Is Zone Alarm still lurking somewhere? I show in the Control Panel that Comodo is in charge of the anti virus and firewall. I have done a search on the computer and can not get any results for Zone Alarm.

I also do not understand how to create CFScript.txt. I do not know how to start notepad. Where is it located?

I will run the ESET in the mean time.
Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat Feb 23, 2013 7:14 pm

Hi Super Dave:

ESET scan finished. It is clean. How do I get rid of that Zone Alarm problem? I can not find it anywhere on my machine. I obviously do not want two anti virus programs running at the same time.

Also, when I do the Combo Fix this time after you tell me how to do that script, do I run it in SAFE MODE like last time?

What specifically will this do to my machine? I see the only things listed are GeekPolice and Facebook in the trusted area. How can this be bad?

Thanks,
Karen

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-26 08:31:28
# local_time=2012-11-26 12:31:28 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 71 0 3552049 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60199
# found=0
# cleaned=0
# scan_time=19069
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2012-12-08 12:22:38
# local_time=2012-12-07 04:22:38 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 71 0 4571820 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 104180 104180 0 0
# scanned=6985
# found=0
# cleaned=0
# scan_time=6761
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-02 11:54:28
# local_time=2013-02-02 03:54:28 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 9441870 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4974230 4974230 0 0
# scanned=62004
# found=7
# cleaned=7
# scan_time=16629
C:\Documents and Settings\Owner\My Documents\Downloads\Unlocker1.9.1.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\cbsidlm-tr1_8-Unlocker-ORG2-10493998.exe Win32/DownloadAdmin.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\registry-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554566.exe Win32/DownloadAdmin.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554567.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3402\A0554568.exe a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-03 10:24:48
# local_time=2013-02-03 02:24:48 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 9514256 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5046616 5046616 0 0
# scanned=62594
# found=0
# cleaned=0
# scan_time=25252
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-06 05:05:06
# local_time=2013-02-06 09:05:06 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 5653527 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5338983 5338983 0 0
# scanned=64900
# found=0
# cleaned=0
# scan_time=16102
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-08 07:47:06
# local_time=2013-02-08 11:47:06 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 5522530 5522530 0 0
# scanned=63771
# found=0
# cleaned=0
# scan_time=15078
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-15 02:13:21
# local_time=2013-02-15 06:13:21 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 6420019 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6105475 6105475 0 0
# scanned=61998
# found=5
# cleaned=5
# scan_time=16908
C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3453\A0564019.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0004.dta Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0008.dta a variant of Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0016.dta a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.02.2013_21.06.18\tdlfs0000\tsk0017.dta a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-17 02:05:36
# local_time=2013-02-16 06:05:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 14968 6551388 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6236844 6236844 0 0
# scanned=61726
# found=7
# cleaned=7
# scan_time=14677
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{084F2941-A1D6-45AD-A865-5BC86E91645E} Win64/Olmasco.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{286A5BF6-8680-43B7-B62D-C69C32C784A5} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{39D02971-7680-44E2-A1A7-63367093A210} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{659A37AD-63DB-4035-8822-6986182A0210} a variant of Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{CB2D049E-D698-4553-9D60-2BB8906BD740} a variant of Win32/Kryptik.QQF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{EFC1C5BB-7BBC-4DE4-B516-4C92DEDB0F22} Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{F396A1FF-5F13-41F3-A8FD-BF4F3E0679ED} Win64/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-17 08:55:44
# local_time=2013-02-17 12:55:44 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 6576976 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6262432 6262432 0 0
# scanned=61809
# found=0
# cleaned=0
# scan_time=13693
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-20 03:10:02
# local_time=2013-02-19 07:10:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 7502 6814879 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6500335 6500335 0 0
# scanned=62051
# found=0
# cleaned=0
# scan_time=14251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f02e0c7cae594e4db4f99450798049b3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-23 02:07:11
# local_time=2013-02-22 06:07:11 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 57 0 7067404 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 6752860 6752860 0 0
# scanned=63821
# found=0
# cleaned=0
# scan_time=17154

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sat Feb 23, 2013 8:12 pm

Also, when I do the Combo Fix this time after you tell me how to do that script, do I run it in SAFE MODE like last time?
No, you should be able to run it in Normal Mode.

What specifically will this do to my machine? I see the only things listed are GeekPolice and Facebook in the trusted area. How can this be bad?
Please read the warning I provided in red. It will explain why trusted zones are not advisable.

Notepad is found in Start, All Programs, Accessories. I've changed the CF Script to remove ZoneAlarm. Just check the new log after you run CFScript to see if ZoneAlarm has been removed. No need to post the log.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    SecCenter::
    {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

    Firefox::
    Trusted Zone: facebook.com\www
    Trusted Zone: GeekPolice.net\www

    DDS::
    Trusted Zone: facebook.com\www
    Trusted Zone: GeekPolice.net\www

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sat Feb 23, 2013 10:07 pm

Hi Super Dave:

Had to run Combo Fix in SAFE MODE. I hope it did what you were hoping for with that CFScript. I did peek and saw that Facebook and GeekPolice were no longer listed in the Trusted Sites area. I do not know where to look for Zone Alarm as I do not know where it was hiding to begin with. Hopefully it is gone as well.

How does the Combo Fix report look to you now?

ComboFix 13-02-23.01 - Owner 02/23/2013 13:30:10.16.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1608 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))
.
.
2013-02-23 21:14 . 2013-02-23 21:14 -------- dc----w- C:\Combo-Fix
2013-02-22 03:54 . 2013-02-22 03:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-19 22:36 . 2013-02-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2013-02-09 00:23 . 2013-02-09 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\program files\COMODO
2013-02-08 23:04 . 2013-02-08 23:04 130846192 ----a-w- c:\program files\cav_installer.exe
2013-02-08 14:23 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 14:23 . 2013-02-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 02:21 . 2013-02-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2013
2013-02-07 01:40 . 2013-02-07 01:40 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2013-02-07 01:11 . 2013-02-07 01:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-02-06 12:02 . 2013-02-06 20:50 36760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-06 11:15 . 2013-02-06 11:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-02-03 22:08 . 2013-02-03 22:09 -------- d-----w- c:\program files\QuickTime
2013-02-03 22:08 . 2013-02-03 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-02-03 22:07 . 2013-02-03 22:07 -------- d-----w- c:\program files\Common Files\Apple
2013-02-03 22:06 . 2013-02-03 22:06 -------- d-----w- c:\program files\Apple Software Update
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-29 07:52 . 2012-05-09 02:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-29 07:52 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-27 20:54 . 2013-01-27 20:54 4189792 ----a-w- c:\program files\ccsetup327.exe
2013-01-25 06:43 . 2013-01-25 06:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-25 06:43 . 2013-01-25 06:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-25 06:42 . 2013-01-25 06:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-25 06:42 . 2013-01-25 06:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 22:03 . 2011-09-14 18:56 40437664 ----a-w- c:\program files\QuickTimeInstaller.exe
2013-01-29 07:21 . 2012-12-28 02:22 21494224 ----a-w- c:\program files\asc-setup.exe
2013-01-26 03:55 . 2003-07-16 20:40 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-17 03:51 . 2013-01-17 03:51 98752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-17 03:51 . 2013-01-17 03:51 586728 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-01-17 03:51 . 2013-01-17 03:51 32824 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-17 03:51 . 2013-01-17 03:51 18536 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-01-16 02:49 . 2012-12-28 03:56 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-12 21:50 . 2013-01-12 21:50 4178040 ----a-w- c:\program files\ccsetup326.exe
2013-01-12 20:32 . 2012-11-24 22:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 20:32 . 2011-07-22 08:54 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 00:40 . 2012-11-18 00:43 24265736 ----a-w- c:\program files\dotnetfx.exe
2013-01-07 01:16 . 2003-07-16 20:39 2193024 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-07-16 20:34 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-12-18 19:00 . 2012-11-03 00:40 4976384 ----a-w- c:\program files\defragsetup.exe
2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-18 00:57 . 2012-11-18 00:57 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2012-10-28 00:17 . 2012-10-28 00:17 38984 ----a-w- c:\program files\DellPCDiagnostics.exe
2012-10-27 22:47 . 2012-10-27 22:47 347424 ----a-w- c:\program files\MicrosoftFixit.AudioPlayback.Run.exe
2012-10-27 19:10 . 2012-10-27 19:10 10669896 ----a-w- c:\program files\mbam-setup.exe
2012-02-24 00:50 . 2012-02-24 00:50 8669472 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" "c:\program files\CheckPoint\Install\Install.exe" /r install /c "c:\program files\CheckPoint\Install\Install.xml" /l /w
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"COMODO Internet Security"=c:\program files\COMODO\COMODO Internet Security\cistray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/28/2013 11:52 PM 14776]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/16/2013 7:51 PM 18536]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [1/16/2013 7:51 PM 586728]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/16/2013 7:51 PM 32824]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [10/27/2012 11:32 AM 20224]
R3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [10/27/2012 11:32 AM 26368]
R3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [10/27/2012 11:32 AM 15616]
R3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [10/27/2012 11:32 AM 256896]
R3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [10/27/2012 11:32 AM 5632]
R3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [10/27/2012 11:32 AM 7424]
R3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [10/27/2012 11:32 AM 5376]
R3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [10/27/2012 11:32 AM 4992]
R3 th164;th164;c:\windows\system32\drivers\th164.sys [10/27/2012 11:32 AM 4736]
R3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [10/27/2012 11:32 AM 4864]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [1/24/2013 10:42 PM 127184]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [10/27/2012 11:32 AM 2560]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [9/3/2012 9:54 PM 22640]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys [?]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-05 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2012-12-18 19:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-02-23 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,89,37,d4,0f,f6,56,43,88,58,fb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(744)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
.
**************************************************************************
.
Completion time: 2013-02-23 13:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-23 21:57
.
Pre-Run: 16,315,092,992 bytes free
Post-Run: 16,370,515,968 bytes free
.
- - End Of File - - 116E12C9F1A6A2D6CCBAD24515A865FF


Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Feb 24, 2013 12:52 am

How does the Combo Fix report look to you now?
Yup, all gone.
If there are no other issues, we can do some cleanup.


To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Feb 24, 2013 2:20 am

Hi Super Dave:

Doing clean up now. I see you are having me install Spy Bot. As I told you in my first post the friend that helped me before I asked you to help told me to get rid of Spy Bot, Super Anti Spyware and Advanced System Care. He said they were all snake oil!

Should I add Advanced System Care and Super Antii Spyware back along with Spy Bot?

I also wanted to ask a question about the end of Windows XP. What will that be like for me in 2014? Will my computer stop working? Should I buy and prepare a new computer before then? If I need to get a new computer do you think I can get a good one off Ebay?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Feb 24, 2013 2:51 am

that helped me before I asked you to help told me to get rid of Spy Bot, Super Anti Spyware and Advanced System Care.
I didn't suggest SuperAntiSpyware. I suggested SpywareBlaster. Spybot is an older program but you can find an up-to-date review [You must be registered and logged in to see this link.] I've used it for years but dumped it when I started using MicroSoft Security Essentials. As for Advanced System Care I'm not sure if it's good or not. You can google it to find some reviews.
I also wanted to ask a question about the end of Windows XP. What will that be like for me in 2014? Will my computer stop working? Should I buy and prepare a new computer before then? If I need to get a new computer do you think I can get a good one off Ebay?
No, your computer will keep on working. I ran Windows 98 for many years after the support was ended and Windows XP will have to be pried from my dead, cold hands.lol Buying anything of Ebay is a crap shoot. If you're talking about a pre-owned computer you may get a good one or you may get a dud.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Sun Feb 24, 2013 3:20 am

Hi Super Dave:

You misread my question about Super Anti Spyware. I was telling you that the guy that helped me before you helped me told me, "Karen get rid of Spy Bot, Super Anti Spyware and Advanced System Care 6. They are all snake oil." I have had Advanced System Care on my computer for at least four years. Spy Bot longer than that. Super Anti Spyware I have also had for some time. I have no feelings one way or the other about Super Anti Spyware. But as for Spy Bot and Advanced System Care, I thought they were helping me.

So I am OK with Windows XP coming to an end. I guess I will just see what happens when someone at Microsoft pulls the switch on Windows XP. I wonder if the end of support will be stopped as there are so many businesses with Windows XP.

One thing I also wondered about adding to my life is the Comodo Time Machine. I do back up once per week on two My Book Essential Edition external hard drives. I do not want to take up precious space on my hard drive to install the Time Machine so I thought I would install it both of the hard drives. Each week I would run the program off each of the external hard drives and back up my system. The two external hard drives are each 500 gb. I would think that I could have two back ups on each hard drive and each week delete the oldest back up. If something were to happen to my computer I would have a total of our back ups. Two on each external hard drive. Surely this would keep me safe and I could recreate my life with minimal problems. The only thing I would not be able to take advantage of would be the fact that the write up says that even with a complete computer break down one can boot from the Time Machine.

What are your thoughts about this? I am finishing my clean up and my System Restore.

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Sun Feb 24, 2013 7:47 pm

I guess I will just see what happens when someone at Microsoft pulls the switch on Windows XP. I wonder if the end of support will be stopped as there are so many businesses with Windows XP.
They won't shut it down; they will just stop with the updates and patches. They've already extended it so they just may extend it again.
The only thing I would not be able to take advantage of would be the fact that the write up says that even with a complete computer break down one can boot from the Time Machine.
Backing up to external hardrives is an excellent idea. I don't see how the Time Machine can boot your computer if the motherboard or harddrive are fried. If something happens to the OS there are many rescue disks that will boot your computer.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by karenor on Mon Feb 25, 2013 8:37 pm

Hi Super Dave:

After I sent the note to you the other day I thought about being fried as well. I do have my own OS disk. I also think that the space that Time Machine would take up on the external hard drives would be quite large. Because I do my back up each week to the two externals I think I am fairly safe. Most people probably would do just one external hard drive. I am doing two.

Thanks again for helping me. Take care of yourself.
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Mon Feb 25, 2013 11:14 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum