BACK DOOR BOT OR TROJAN

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

BACK DOOR BOT OR TROJAN

Post by karenor on Thu 21 Feb 2013, 4:55 pm

First topic message reminder :

I have previously been infected with the Back Door Bot. The last couple of days my computer has been acting just like it did before I got the Back Door Bot infection. I am running Windows XP, service pack #3. I have CCleaner, Baseline Analyzer, Spy Bot Search and Destroy, Advanced System Cleaner, MBAM, Super Anti Spyware with Comodo Firewall and Comodo Anti Virus.

My internet has taken to shutting itself down. By that I mean that with three or four windows open I will all of a sudden have all the windows close and need to restart Windows Internet Explorer and do my searches all over again.

My computer is also very, very slow. I have cleaned and defragged.

My computer is also freezing up at times. An example would be going to Start to get email going or a Word document and the computer just sits there.

Again, all of these items were present when I was infected before.

I got someone else to try to help me and they were useless. They caused me to lose my internet and all of my restore points. They also had me delete Spy Bot, Super AntiSpyware and Advanced System Cleaner telling me that they were all snake oil. This is just so frustrating.

Thank you for helping me,
Karen

OTL logfile created on: 2/20/2013 9:17:13 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.06% Memory free
2.79 Gb Paging File | 2.42 Gb Available in Paging File | 86.66% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.76 Gb Free Space | 42.29% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 20:29:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OTL.exe
PRC - [2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
PRC - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013/01/24 22:42:40 | 000,404,688 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
MOD - [2010/07/04 13:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/01/24 22:42:42 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\zntport.sys -- (zntport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- -- (TICalc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\dwprot.sys -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/16 19:51:56 | 000,586,728 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013/01/16 19:51:56 | 000,098,752 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013/01/16 19:51:56 | 000,032,824 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/01/16 19:51:54 | 000,018,536 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/09/03 21:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/15 18:57:16 | 000,004,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti410.sys -- (ti410)
DRV - [2010/03/15 18:57:14 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns2501.sys -- (ns2501)
DRV - [2010/03/15 18:57:14 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvds.sys -- (lvds)
DRV - [2010/03/15 18:57:14 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ns387.sys -- (ns387)
DRV - [2010/03/15 18:57:14 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sii164.sys -- (sii164)
DRV - [2010/03/15 18:57:14 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\th164.sys -- (th164)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/06/04 20:42:56 | 000,256,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igdmini.sys -- (igdmini)
DRV - [2006/06/04 20:42:56 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7017.sys -- (ch7017)
DRV - [2006/06/04 20:42:56 | 000,020,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ch7009.sys -- (ch7009)
DRV - [2006/06/04 20:42:56 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fs454.sys -- (fs454)
DRV - [2006/06/04 20:42:56 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\d3dutil.sys -- (d3dUtil)
DRV - [2005/04/14 21:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {138CECA7-7232-4042-B714-FAE9103C16CD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{138CECA7-7232-4042-B714-FAE9103C16CD}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{16893532-B94A-4FE6-A974-410D82712695}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6B96F3F7-2F5E-4E37-B9A8-FC0958A166E2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9C976DE2-14F4-44C1-9413-E2935D28CA79}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

[2013/02/08 04:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/02/13 22:03:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: GeekPolice.net ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} [You must be registered and logged in to see this link.] (AxisMediaControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 17:26:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/19 15:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/02/19 14:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/02/14 10:47:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2013/02/08 16:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Comodo
[2013/02/08 15:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2013/02/08 15:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2013/02/08 15:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/02/08 15:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/02/08 15:04:05 | 130,846,192 | ---- | C] (COMODO) -- C:\Program Files\cav_installer.exe
[2013/02/08 06:44:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/02/08 06:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/08 06:23:02 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/08 06:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/08 04:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/07 18:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2013
[2013/02/06 17:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/02/06 17:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/02/06 03:15:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/02/03 14:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/02/03 14:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/02/03 14:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/02/03 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/03 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/01/28 23:52:32 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2013/01/28 23:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/27 12:54:18 | 004,189,792 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup327.exe
[2013/01/24 22:43:02 | 000,354,752 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll
[2013/01/12 13:50:29 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe
[2012/12/27 18:22:39 | 021,494,224 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2012/11/17 16:57:38 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35setup.exe
[2012/11/17 16:43:29 | 024,265,736 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[2012/11/02 16:40:08 | 004,976,384 | ---- | C] (IObit ) -- C:\Program Files\defragsetup.exe
[2012/10/27 16:17:38 | 000,038,984 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\DellPCDiagnostics.exe
[2012/10/27 14:47:09 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.AudioPlayback.Run.exe
[2012/10/27 11:10:57 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2012/02/23 16:50:33 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows7UpgradeAdvisorSetup.exe
[2011/09/14 10:56:24 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe

========== Files - Modified Within 30 Days ==========

[2013/02/20 21:21:30 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/02/20 21:11:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/20 21:11:45 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 20:58:28 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2013/02/20 20:12:57 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/02/20 20:12:57 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2013/02/20 20:12:56 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2013/02/20 20:12:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/20 20:11:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/20 18:53:01 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner0.exe
[2013/02/20 17:28:58 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/18 15:42:59 | 000,001,512 | ---- | M] () -- C:\WINDOWS\cce.INI
[2013/02/13 22:03:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/13 10:15:06 | 000,464,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 10:15:06 | 000,080,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/08 16:38:18 | 000,000,126 | ---- | M] () -- C:\WINDOWS\Autoruns.INI
[2013/02/08 15:27:50 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to Install Comodo Firewall.url
[2013/02/08 15:21:46 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Security PRO 2013, Download Internet Security 2013 - COMODO.url
[2013/02/08 15:15:49 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2013/02/08 15:04:19 | 130,846,192 | ---- | M] (COMODO) -- C:\Program Files\cav_installer.exe
[2013/02/08 06:56:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 00:36:22 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/07 22:30:39 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2013/02/07 20:33:23 | 000,015,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.778 - Order to appear - 2011 Oregon Revised Statutes.htm
[2013/02/07 20:18:25 | 000,216,903 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brook.pdf
[2013/02/07 19:00:55 | 000,018,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ORS 18.775 - Liability of garnishee - 2011 Oregon Revised Statutes.htm
[2013/02/07 18:52:08 | 000,038,390 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\judgments_report.pdf
[2013/02/07 16:54:57 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Technical Assistance for Employers Garnishments.url
[2013/02/07 14:26:29 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Utah State Courts - Writs of Garnishment.url
[2013/02/06 12:50:16 | 000,036,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/02/05 22:42:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2013/02/05 21:40:45 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2013/02/05 15:05:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/02/03 14:09:26 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/02/03 14:03:35 | 040,437,664 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2013/01/29 00:53:03 | 000,005,427 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Symptoms of a Bad Transmission Solenoid eHow.com.url
[2013/01/28 23:52:12 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2013/01/28 23:21:35 | 021,494,224 | ---- | M] (IObit ) -- C:\Program Files\asc-setup.exe
[2013/01/27 12:55:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/27 12:54:18 | 004,189,792 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup327.exe
[2013/01/27 12:26:50 | 000,444,602 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2013/01/25 19:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/25 11:18:36 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pug's Dining - GameTime.url
[2013/01/24 22:43:02 | 000,354,752 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down


Re: BACK DOOR BOT OR TROJAN

Post by karenor on Tue 26 Feb 2013, 7:37 am

Hi Super Dave:

After I sent the note to you the other day I thought about being fried as well. I do have my own OS disk. I also think that the space that Time Machine would take up on the external hard drives would be quite large. Because I do my back up each week to the two externals I think I am fairly safe. Most people probably would do just one external hard drive. I am doing two.

Thanks again for helping me. Take care of yourself.
Karen

karenor

Rookie Surfer
Rookie Surfer

Posts : 185
Joined : 2009-09-19
Operating System : xp

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Superdave on Tue 26 Feb 2013, 10:14 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: BACK DOOR BOT OR TROJAN

Post by Sponsored content Today at 11:02 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum