WiredWX Hobby Weather ToolsLog in

 


Backdoor.Bot and Trojan.Agent

3 posters

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Hello can you split the log into two posts or more if required.

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
If needed, upload it to rapidshare.com

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
I uploaded it to Rapidshare, I have no idea why the file came out so large, I hope everything is all right. Sad tearing

http://rapidshare.com/files/246080038/ComboFix.txt.html

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Just the snapshot, there was a Windows update between runs. Smile...

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Thank you again, Belahzur and Origin. Bow or Thanks

Does the ComboFix scan look okay, even though it got slowed down by the firewall at the end? Any ideas why these two .dll files keep showing up? If it makes any difference, I just remembered that I watched the whole MBAM scan yesterday and the 2 infections showed up at the very end, after all the file scanning, during the Heuristic Scanning, or something like that.

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
It def looks like malware. Do they keep showing up still?
Something may be regenerating them.

Let me know. The Combofix log looks fine btw.

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Yes, I just performed a quick scan with MBAM, the same results, 2 infections found at the end, during the 'extras and hueristics' scan.

Also, one strange thing is that twice in the past few days, after MBAM reboots after finding these things, my system tray is behaving strangely. Usually I get the little arrow I can click to access unused icons, but right now and one other time, it just shows everything with no arrow. Plus, the volume properties icon is gone. I can still turn my speakers on and get sound just fine, only that icon is gone. Last time, the AIM icon, the Steam icon and the Dell Support Alerts also didn't show up, but seemed to be running. This might be nothing, but something I've noticed. Other than that, the machine seems to be fine, albiet a little slow, but again, I might chalk that up to the new programs/add-ons.

Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/19/2009 9:22:20 AM
mbam-log-2009-06-19 (09-22-20).txt

Scan type: Quick Scan
Objects scanned: 93120
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Lets run a GMER rootkit scan.

Download the GMER rootkit scan from here: GMER

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log will be quite big, please please upload it to rapidshare.com for me to see.

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Upon clicking the link you showed me, it immediately started a download of o7t4xw2d.exe, I hope this is normal. Had the same thing with Outpost Firewall, where I opened the file and Outpost asked me to allow some files I couldn't recognize access and since I'd just opened the GMER you showed me, I allowed it. Again, I hope this is normal. The first few minutes seemed to turn up a lot of text results in the window, but then scanned for over 90 minutes with no more text appearing at all. Again, I hope, etc.

http://rapidshare.com/files/246323901/gmerlog.txt.html

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-06-19 12:03:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 74 GB (49%) free of 149 GB
Total RAM: 1022 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:08 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8094 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-01 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-28 335872]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-27 26112]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-04-19 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"DwlClient"=c:\Program Files\Common Files\Dell\EUSW\Support.exe [2004-05-27 323584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-11 1948440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-06-10 1217784]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-26 1830128]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe"="C:\Program Files\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble"
"C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe"="C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria"
"C:\Program Files\Steam\steamapps\common\7 wonders 2\Wonders2.exe"="C:\Program Files\Steam\steamapps\common\7 wonders 2\Wonders2.exe:*:Enabled:7 Wonders 2"
"C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe"="C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe"
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
"C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe"="C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe"="C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe:*:Enabled:Reaxxion"
"C:\Program Files\Steam\steamapps\common\musaic box\bin\musaic_Release.exe"="C:\Program Files\Steam\steamapps\common\musaic box\bin\musaic_Release.exe:*:Enabled:Musaic Box"
"C:\WINDOWS\SYSTEM32\dldtcoms.exe"="C:\WINDOWS\SYSTEM32\dldtcoms.exe:*:Enabled:V305 Server"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtpswx.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldttime.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldttime.exe:*:Enabled:Time Executable"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtjswx.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"C:\Program Files\Steam\steamapps\common\xcom interceptor\Interceptor.exe"="C:\Program Files\Steam\steamapps\common\xcom interceptor\Interceptor.exe:*:Enabled:X-COM: Interceptor"
"C:\Program Files\Steam\steamapps\common\ghost master\ghost.exe"="C:\Program Files\Steam\steamapps\common\ghost master\ghost.exe:*:Enabled:Ghost Master"
"C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense"
"C:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe"="C:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe:*:Enabled:X-COM: Enforcer"
"C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe"="C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars"
"C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe"="C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe:*:Enabled:Trials 2: Second Edition"
"C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe"="C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep"
"C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse"
"C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe"="C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening"
"C:\Program Files\Steam\steamapps\common\speedball 2\Speedball2.exe"="C:\Program Files\Steam\steamapps\common\speedball 2\Speedball2.exe:*:Enabled:Speedball 2 - Tournament"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\steamapps\common\venice\Venice.exe"="C:\Program Files\Steam\steamapps\common\venice\Venice.exe:*:Enabled:Venice"
"C:\Program Files\Steam\steamapps\common\sid meier's railroads demo\RailRoadsDemo.exe"="C:\Program Files\Steam\steamapps\common\sid meier's railroads demo\RailRoadsDemo.exe:*:Enabled:Sid Meier's Railroads Demo"
"C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe"="C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies"
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe"="C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs Demo"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe"="C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture"
"C:\Program Files\Steam\steamapps\common\alien shooter 2 - reloaded\AlienShooter.exe"="C:\Program Files\Steam\steamapps\common\alien shooter 2 - reloaded\AlienShooter.exe:*:Enabled:Alien Shooter 2 - Reloaded"
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe"="C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague"
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe"="C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem"
"C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe"="C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-19 12:03:38 ----D---- C:\rsit
2009-06-19 12:03:38 ----D---- C:\Program Files\trend micro
2009-06-18 18:07:21 ----D---- C:\WINDOWS\temp
2009-06-18 18:07:19 ----A---- C:\ComboFix.txt
2009-06-17 05:46:06 ----D---- C:\WINDOWS\ie8updates
2009-06-17 05:44:58 ----HDC---- C:\WINDOWS\ie8
2009-06-17 05:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-17 05:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-17 05:28:13 ----D---- C:\WINDOWS\Prefetch
2009-06-17 05:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-17 05:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-17 05:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-17 05:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-17 05:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-17 05:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-17 05:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-17 05:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-17 05:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-17 05:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-06-17 05:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-17 05:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-17 05:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-17 05:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-06-17 05:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-17 05:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-17 05:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-17 05:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-17 05:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-17 05:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-17 05:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-17 05:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-17 05:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-17 05:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-17 05:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-17 05:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-17 05:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-17 05:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-17 05:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-17 05:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-17 05:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-17 05:13:48 ----D---- C:\WINDOWS\system32\scripting
2009-06-17 05:13:47 ----D---- C:\WINDOWS\system32\en
2009-06-17 05:13:47 ----D---- C:\WINDOWS\system32\bits
2009-06-17 05:13:47 ----D---- C:\WINDOWS\l2schemas
2009-06-17 05:10:55 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-17 05:06:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-17 05:06:25 ----D---- C:\WINDOWS\EHome
2009-06-16 06:57:53 ----D---- C:\Program Files\Agnitum
2009-06-16 06:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum
2009-06-16 05:31:05 ----A---- C:\Boot.bak
2009-06-16 05:30:48 ----RASHD---- C:\cmdcons
2009-06-16 05:29:48 ----A---- C:\WINDOWS\zip.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWSC.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWREG.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\sed.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\PEV.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\grep.exe
2009-06-16 05:29:44 ----D---- C:\WINDOWS\ERDNT
2009-06-16 05:29:41 ----D---- C:\Qoobox
2009-06-15 10:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 10:56:55 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-15 10:56:55 ----D---- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2009-06-15 10:53:31 ----D---- C:\Documents and Settings\David\Application Data\Malwarebytes
2009-06-15 10:53:09 ----D---- C:\Documents and Settings\David\Application Data\Yahoo!
2009-06-15 08:24:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-15 08:15:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-15 08:15:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-15 05:50:42 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-14 10:18:16 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-06-11 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-06-11 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-06-11 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-06-10 18:33:30 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-10 08:39:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-06-03 01:07:27 ----D---- C:\Program Files\iPod
2009-06-03 01:07:18 ----D---- C:\Program Files\iTunes
2009-06-03 01:05:49 ----D---- C:\Program Files\QuickTime
2009-06-01 13:24:36 ----D---- C:\Documents and Settings\David\Application Data\Move Networks
2009-05-20 07:34:52 ----D---- C:\Program Files\Ricochet Infinity
2009-05-20 06:58:22 ----D---- C:\Program Files\Zylom Games
2009-05-20 06:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
======List of files/folders modified in the last 1 months======

2009-06-19 12:03:55 ----D---- C:\WINDOWS
2009-06-19 12:03:38 ----RD---- C:\Program Files
2009-06-19 12:01:44 ----D---- C:\Program Files\Mozilla Firefox
2009-06-19 11:59:28 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-06-19 11:58:53 ----D---- C:\Program Files\Steam
2009-06-19 11:57:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-19 09:47:30 ----D---- C:\WINDOWS\system32\DRIVERS
2009-06-19 09:38:43 ----D---- C:\Program Files\Mozilla Thunderbird
2009-06-19 09:25:43 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-06-19 09:25:38 ----D---- C:\WINDOWS\SYSTEM32
2009-06-19 09:24:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-18 17:59:50 ----A---- C:\WINDOWS\system.ini
2009-06-18 17:56:24 ----D---- C:\WINDOWS\system32\CONFIG
2009-06-18 17:49:38 ----D---- C:\WINDOWS\AppPatch
2009-06-18 17:49:19 ----D---- C:\Program Files\Common Files
2009-06-18 07:55:04 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-18 06:02:52 ----HD---- C:\$AVG8.VAULT$
2009-06-17 09:11:47 ----SHD---- C:\WINDOWS\Installer
2009-06-17 09:11:42 ----D---- C:\Program Files\Java
2009-06-17 05:49:03 ----HD---- C:\WINDOWS\INF
2009-06-17 05:49:03 ----D---- C:\WINDOWS\system32\en-US
2009-06-17 05:49:03 ----D---- C:\WINDOWS\Media
2009-06-17 05:49:03 ----D---- C:\WINDOWS\Help
2009-06-17 05:49:03 ----D---- C:\Program Files\Internet Explorer
2009-06-17 05:46:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-17 05:46:09 ----A---- C:\WINDOWS\imsins.BAK
2009-06-17 05:32:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-17 05:28:19 ----A---- C:\WINDOWS\setuplog.txt
2009-06-17 05:27:43 ----D---- C:\WINDOWS\system32\Setup
2009-06-17 05:27:42 ----RSD---- C:\WINDOWS\Fonts
2009-06-17 05:27:42 ----D---- C:\WINDOWS\system32\WBEM
2009-06-17 05:27:00 ----D---- C:\WINDOWS\SECURITY
2009-06-17 05:25:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-17 05:21:49 ----D---- C:\Program Files\Messenger
2009-06-17 05:21:43 ----D---- C:\WINDOWS\WinSxS
2009-06-17 05:13:58 ----D---- C:\WINDOWS\network diagnostic
2009-06-17 05:13:57 ----D---- C:\WINDOWS\IME
2009-06-17 05:13:48 ----D---- C:\WINDOWS\system32\USMT
2009-06-17 05:13:47 ----D---- C:\WINDOWS\PeerNet
2009-06-17 05:13:47 ----D---- C:\Program Files\Movie Maker
2009-06-17 05:10:52 ----D---- C:\WINDOWS\system32\Restore
2009-06-17 05:10:52 ----D---- C:\WINDOWS\system32\NPP
2009-06-17 05:10:51 ----D---- C:\WINDOWS\MSAGENT
2009-06-17 05:10:49 ----D---- C:\WINDOWS\SRCHASST
2009-06-17 05:10:49 ----D---- C:\Program Files\NetMeeting
2009-06-17 05:10:47 ----D---- C:\WINDOWS\system32\Com
2009-06-17 05:10:46 ----D---- C:\Program Files\Windows Media Player
2009-06-17 05:10:45 ----D---- C:\Program Files\Windows NT
2009-06-17 05:10:45 ----D---- C:\Program Files\Outlook Express
2009-06-17 05:10:42 ----D---- C:\Program Files\Common Files\System
2009-06-17 05:10:33 ----D---- C:\WINDOWS\system32\OOBE
2009-06-17 05:10:30 ----D---- C:\WINDOWS\SYSTEM
2009-06-17 05:08:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-16 05:31:05 ----RASH---- C:\BOOT.INI
2009-06-16 05:22:33 ----D---- C:\Program Files\McAfee.com
2009-06-16 05:20:53 ----SD---- C:\WINDOWS\Tasks
2009-06-16 05:20:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-15 11:13:21 ----A---- C:\WINDOWS\wininit.ini
2009-06-15 08:26:46 ----D---- C:\Documents and Settings
2009-06-14 17:37:05 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-14 10:19:53 ----D---- C:\Program Files\AIM6
2009-06-10 18:34:24 ----D---- C:\Documents and Settings\David\Application Data\uTorrent
2009-06-10 08:39:41 ----D---- C:\Program Files\Yahoo!
2009-06-05 22:26:37 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-05 22:26:37 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-03 01:07:15 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 01:04:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-29 13:36:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-23 12:28:03 ----D---- C:\Program Files\Heroes Of Hellas

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-11 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-01 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-27 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-02-10 257432]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-10-27 28352]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-15 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-19 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dldt_device;dldt_device; C:\WINDOWS\system32\dldtcoms.exe [2008-02-25 595184]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2009-02-25 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
info.txt logfile of random's system information tool 1.06 2009-06-19 12:04:11

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7 Wonders - The Treasures of Seven-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16030
7 Wonders 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15900
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alien Shooter 2 - Reloaded-->"C:\Program Files\Steam\steam.exe" steam://uninstall/33120
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aquaria-->"C:\Program Files\Steam\steam.exe" steam://uninstall/24420
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Blueberry Garden Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29170
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bookworm Adventures Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3470
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Cogs Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/26510
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Dangerous High School Girls in Trouble-->"C:\Program Files\Steam\steam.exe" steam://uninstall/27400
Defense Grid: The Awakening-->"C:\Program Files\Steam\steam.exe" steam://uninstall/18500
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Emote-Launcher (remove only)-->"C:\Program Files\emote\launcher\Emote-Launcher-uninst.exe"
Geometry Wars-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8400
Ghost Master-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6200
Heavy Weapon Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3410
Heroes Of Hellas-->"C:\Program Files\Heroes Of Hellas\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musaic Box-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29130
Music Rescue-->MsiExec.exe /X{3364BD16-5A28-4862-86A1-A8FF5FD23919}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
MUSICMATCH®️ Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Penumbra Overture-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22180
Penumbra: Black Plague-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22120
Penumbra: Requiem-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22140
Plants Vs Zombies-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3590
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Raycatcher Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/32010
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Reaxxion-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15950
Ricochet Infinity-->"C:\Program Files\Ricochet Infinity\ReflexiveArcade\unins000.exe"

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sid Meier's Railroads Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7630
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Speedball 2 - Tournament-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10700
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Path-->"C:\Program Files\Steam\steam.exe" steam://uninstall/27000
Trials 2: Second Edition-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16600
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Venice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3490
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000
X-COM: Apocalypse-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7660
X-COM: Enforcer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7770
X-COM: Interceptor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7730
X-COM: Terror from the Deep-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7650
X-COM: UFO Defense-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7760
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zeno Clash Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22220
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Security center information======

AV: AVG Anti-Virus Free
FW: Outpost Firewall

descriptionBackdoor.Bot and Trojan.Agent - Page 2 EmptyRe: Backdoor.Bot and Trojan.Agent

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum