WiredWX Hobby Weather ToolsLog in

 


BACK DOOR BOT OR TROJAN

2 posters

descriptionBACK DOOR BOT OR TROJAN  EmptyBACK DOOR BOT OR TROJAN

more_horiz
I have been infected before by the Back Door Bot and Trojan Agent. My computer all of a sudden has gotten very slow. This is usually what happens right before I get infected. I am running Windows XP with Service Pack 3. All items are up to date on my computer. I also have the following items on my computer: Spy Bot, CCleaner, AVG, Super Anti Spyware, Baseline Security Analyzer and Advanced System Care.

I had recently run a ESET scan when the computer began to get slow and it found and removed three items. Computer is still slow and is acting like it is infected.

I am posting logs now.

Thanks in advance for helping me.
Karen
--------------------
OTL logfile created on: 1/21/2012 10:53:02 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.87% Memory free
2.79 Gb Paging File | 2.33 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.59 Gb Free Space | 39.16% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hello:

Having to post more OTL as I could not post all of it in the first post.

Karen
-----------------------------------------------
Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/11/09 14:01:31 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\WGAErrLog.txt

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/04/23 17:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\$AVG8.VAULT$
[2011/02/02 15:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/11/30 22:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/09/14 10:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/29 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/27 13:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/09/30 23:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2007/06/30 21:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\BJPrinter
[2005/04/26 13:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/06/15 20:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/10/26 20:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/03/11 11:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2012/01/15 03:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/05/10 08:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2012/01/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/12/15 13:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/23 19:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2008/05/07 22:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/01/05 14:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/08/26 11:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/20 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/14 16:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/09/18 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/12 18:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/03/11 11:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/11 17:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/10/05 22:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/05/07 22:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/28 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/18 22:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/19 12:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/07 22:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/19 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 15:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/03 23:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop_albumSE_en_us_320
[2011/04/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2011/09/14 11:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/25 20:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/05 22:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/11/05 21:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\s450Win2kXPv162
[2006/11/06 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/12/24 20:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/07/24 19:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/14 08:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2011/07/19 20:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/10/13 19:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2008/05/18 11:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Updater5
[2011/03/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2009/06/05 10:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch
[2011/07/19 21:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/05/09 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/05/09 14:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2012/01/05 15:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/26 23:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/23 22:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/21 23:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/07 22:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/05 09:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/05/28 13:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-11 06:49:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hello:

Posted OTL and will now post other required items.

Thanks,
Karen
-------------------------
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 23:34:47
-----------------------------
23:34:47.859 OS Version: Windows 5.1.2600 Service Pack 3
23:34:47.859 Number of processors: 1 586 0x209
23:34:47.859 ComputerName: KURTCOMPUTER UserName: Owner
23:34:50.109 Initialize success
23:35:24.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:35:24.140 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
23:35:24.171 Disk 0 MBR read successfully
23:35:24.171 Disk 0 MBR scan
23:35:24.187 Disk 0 Windows XP default MBR code
23:35:24.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
23:35:24.187 Disk 0 scanning sectors +78140160
23:35:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
23:35:43.687 Service scanning
23:35:45.406 Modules scanning
23:35:54.812 Disk 0 trace - called modules:
23:35:54.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:35:54.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5aaab8]
23:35:54.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5abd98]
23:35:54.859 Scan finished successfully
23:36:30.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:36:30.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


------------
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender Signatures
CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
BUMP please.

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
BACK DOOR BOT OR TROJAN  Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

********************************************
P2P - I see you have P2P software installed on your machine. (BearShare)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

BACK DOOR BOT OR TROJAN  DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )


Last edited by Superdave on 25th January 2012, 12:02 am; edited 1 time in total

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hello Super Dave:

Thanks for agreeing to help me out. I am posting the items you requested.

Karen
------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:24:28 on 2012-01-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mbam-setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-K5CV6.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv.view22.com/view22/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-11-12 54760]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-6-3 228344]
S4 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]
.
=============== Created Last 30 ================
.
2012-01-24 03:22:15 -------- dc----w- C:\_OTL
2012-01-24 03:21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:20:44 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18:20 -------- d-----w- c:\program files\ESET
2012-01-16 22:21:55 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-16 22:21:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-28 04:29:24 3562624 ----a-w- c:\program files\ccsetup314.exe
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48:54 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56:27 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12:45 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-24 03:56:27 5570000 ----a-w- c:\program files\avg_free_stb_en_2011_1390_free.exe
2011-07-23 09:00:17 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55:25 684297 ----a-w- c:\program files\unhide.exe
2011-06-16 00:32:56 547200 ----a-w- c:\program files\WindowsXP-KB2535512-x86-ENU.exe
2011-06-15 23:38:56 719232 ----a-w- c:\program files\WindowsXP-KB2536276-x86-ENU.exe
2011-06-15 19:14:29 10494336 ----a-w- c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
2011-06-15 17:39:33 788352 ----a-w- c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
2011-06-15 16:25:03 566144 ----a-w- c:\program files\WindowsXP-KB2503665-x86-ENU.exe
2011-06-15 15:09:32 802176 ----a-w- c:\program files\WindowsXP-KB2544893-x86-ENU.exe
2011-02-04 09:59:58 4738880 ----a-w- c:\program files\avg_free_stb_all_2011_1204_cnet.exe
2010-12-26 06:19:56 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03:20 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47:18 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18:23 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-10-03 21:10:46 1367912 ----a-w- c:\program files\NDP35SP1-KB2416473-x86.exe
2010-09-12 01:42:33 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15:26 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-07-14 02:38:55 745344 ----a-w- c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
2010-05-22 22:28:32 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37:56 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57:41 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35:28 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04:01 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 22:47:55 47205472 ----a-w- c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
2009-10-25 20:03:19 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54:04 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35:03 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24:03 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-07-15 07:12:13 498544 ----a-w- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-15 05:58:01 1044856 ----a-w- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-15 05:55:40 569208 ----a-w- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-06-05 04:01:53 9234289 ----a-w- c:\program files\7100.exe
2009-06-04 21:16:13 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-28 21:56:05 16883056 ----a-w- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-01 03:21:35 224 -c--a-w- c:\program files\fix.bat
2009-03-11 19:39:35 1466768 ----a-w- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 19:35:49 569712 ----a-w- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-02-10 23:33:21 498032 ----a-w- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 23:19:12 9006448 ----a-w- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-29 00:06:27 242743296 ----a-w- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-15 05:31:45 658288 ----a-w- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-02 22:57:39 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-12-17 22:04:39 2552176 -c--a-w- c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 22:01:54 1861488 -c--a-w- c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 22:50:29 9005936 ----a-w- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 22:42:56 639856 ----a-w- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 22:40:10 6483344 ----a-w- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 22:35:17 606064 ----a-w- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 22:29:29 523120 ----a-w- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-12 04:03:10 725360 ----a-w- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-12 03:58:19 1248808 ----a-w- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-12 03:54:35 952840 ----a-w- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-12 03:42:29 5687304 ----a-w- c:\program files\msxml4-KB954430-enu.exe
2008-11-12 03:31:49 926760 ----a-w- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-06-23 17:11:54 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32:30 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58:46 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44:05 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49:20 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 04:17:00 523576 -c--a-w- c:\program files\WindowsXP-KB920670-x86-ENU.exe
2006-10-28 04:16:02 4479288 -c--a-w- c:\program files\WindowsXP-KB921398-x86-ENU.exe
2006-10-28 04:14:08 607544 -c--a-w- c:\program files\WindowsXP-KB920683-x86-ENU.exe
2006-10-28 04:13:03 701752 -c--a-w- c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-10-28 00:46:25 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 17:19:09 681784 -c--a-w- c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
2006-10-27 16:50:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07:44 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24:09 561 -c--a-w- c:\program files\os449133.bin
.
============= FINISH: 19:26:45.06 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2004 1:12:34 PM
System Uptime: 1/23/2012 8:22:21 AM (11 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 14.416 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3062: 11/30/2011 9:14:58 PM - System Checkpoint
RP3063: 12/1/2011 9:56:17 PM - System Checkpoint
RP3064: 12/3/2011 11:59:36 AM - System Checkpoint
RP3065: 12/3/2011 2:46:30 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware version 1.51.2.1300
RP3066: 12/5/2011 9:37:14 AM - System Checkpoint
RP3067: 12/6/2011 10:05:22 AM - System Checkpoint
RP3068: 12/8/2011 8:02:21 PM - System Checkpoint
RP3069: 12/9/2011 9:33:39 PM - System Checkpoint
RP3070: 12/15/2011 11:08:26 AM - System Checkpoint
RP3071: 12/15/2011 1:39:12 PM - Software Distribution Service 3.0
RP3072: 12/17/2011 10:54:19 AM - System Checkpoint
RP3073: 12/22/2011 2:27:59 PM - System Checkpoint
RP3074: 12/23/2011 3:04:08 PM - System Checkpoint
RP3075: 12/24/2011 3:49:00 PM - System Checkpoint
RP3076: 12/25/2011 4:02:24 PM - System Checkpoint
RP3077: 12/26/2011 4:20:14 PM - System Checkpoint
RP3078: 12/27/2011 9:37:47 PM - System Checkpoint
RP3079: 12/31/2011 1:43:46 PM - System Checkpoint
RP3080: 1/1/2012 5:04:44 PM - System Checkpoint
RP3081: 1/3/2012 10:33:41 AM - System Checkpoint
RP3082: 1/5/2012 2:20:11 PM - Software Distribution Service 3.0
RP3083: 1/6/2012 2:28:27 PM - System Checkpoint
RP3084: 1/7/2012 7:15:58 PM - System Checkpoint
RP3085: 1/8/2012 7:55:26 PM - System Checkpoint
RP3086: 1/10/2012 10:42:01 PM - Software Distribution Service 3.0
RP3087: 1/13/2012 11:11:41 AM - System Checkpoint
RP3088: 1/14/2012 8:15:47 PM - System Checkpoint
RP3089: 1/15/2012 2:55:54 AM - Revo Uninstaller's restore point - Free 3GP Video Converter version 5.0.4.1228
RP3090: 1/16/2012 9:56:20 AM - System Checkpoint
RP3091: 1/16/2012 5:24:57 PM - Software Distribution Service 3.0
RP3092: 1/16/2012 6:18:35 PM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.60.0.1800
RP3093: 1/16/2012 8:45:13 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP3094: 1/19/2012 12:31:58 PM - System Checkpoint
RP3095: 1/21/2012 1:25:51 PM - System Checkpoint
RP3096: 1/21/2012 10:59:06 PM - OTL Restore Point - 1/21/2012 10:58:54 PM
RP3097: 1/23/2012 12:26:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
Apple Application Support
Apple Software Update
AVG 2012
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner
CenturyLink Help
CenturyLink Remote Control
Dell ResourceCD
ESET Online Scanner v3
Form Fill (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954708)
Intel(R) Extreme Graphics Driver
Internet Explorer (Enable DEP)
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Picasa 2
PMB
QuickTime
RealPlayer
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Segoe UI
Smart Defrag 2
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Messenger 5.1
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 8:03:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The TICalc service failed to start due to the following error: The system cannot find the file specified.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
1/16/2012 9:15:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Error: Unable to interpret <:Processes -- this is the command for killing processes.> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_192215

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hi Super Dave:

Forgot to post the MBAM information. The MBAM is a great program that I have downloaded before. As such, I wanted to keep it on my computer and rather than leave it on the desk top where I am putting other things you have asked me to download, I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?
Posting MBAM.

Thanks,
Karen
----

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KURTCOMPUTER [administrator]

1/23/2012 7:52:56 PM
mbam-log-2012-01-23 (19-52-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268888
Time elapsed: 1 hour(s), 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

c:\windows\system32\SVKP.sys 


* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
********************************************************
I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?

That's where it's supposed to be. I'm not sure what you mean by "were light". Could you give me a screenshot?

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

BACK DOOR BOT OR TROJAN  NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

BACK DOOR BOT OR TROJAN  NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

BACK DOOR BOT OR TROJAN  RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

BACK DOOR BOT OR TROJAN  Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hi Super Dave:

Here is my Combo Fix Log:



ComboFix 12-01-23.02 - Owner 01/25/2012 18:53:58.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1592 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\7100.exe
c:\program files\avg_free_stb_all_2011_1204_cnet.exe
c:\program files\avg_free_stb_en_2011_1390_free.exe
c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
c:\program files\msxml4-KB954430-enu.exe
c:\program files\msxml6-KB954459-enu-x86.exe
c:\program files\NDP35SP1-KB2416473-x86.exe
c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
c:\program files\WindowsXP-KB2503665-x86-ENU.exe
c:\program files\WindowsXP-KB2535512-x86-ENU.exe
c:\program files\WindowsXP-KB2536276-x86-ENU.exe
c:\program files\WindowsXP-KB2544893-x86-ENU.exe
c:\program files\WindowsXP-KB920670-x86-ENU.exe
c:\program files\WindowsXP-KB920683-x86-ENU.exe
c:\program files\WindowsXP-KB921398-x86-ENU.exe
c:\program files\WindowsXP-KB921883-x86-ENU.exe
c:\program files\WindowsXP-KB954459-x86-ENU.exe
c:\program files\WindowsXP-KB954600-x86-ENU.exe
c:\program files\WindowsXP-KB955069-x86-ENU.exe
c:\program files\WindowsXP-KB955839-x86-ENU.exe
c:\program files\WindowsXP-KB956802-x86-ENU.exe
c:\program files\WindowsXP-KB957097-x86-ENU.exe
c:\program files\WindowsXP-KB958687-x86-ENU.exe
c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
c:\program files\WindowsXP-KB960714-x86-ENU.exe
c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
c:\windows\system32\odbcad32(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 02:17 . 2012-01-26 02:38 -------- dc----w- C:\commy
2012-01-24 03:22 . 2012-01-24 03:22 -------- dc----w- C:\_OTL
2012-01-24 03:21 . 2012-01-24 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:21 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:20 . 2012-01-24 03:20 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18 . 2012-01-22 04:18 -------- d-----w- c:\program files\ESET
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-28 04:29 . 2011-12-28 04:29 3562624 ----a-w- c:\program files\ccsetup314.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 20:40 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-14 16:59 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 20:43 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2003-07-16 20:42 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-06-01 01:17 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48 . 2011-10-27 04:48 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56 . 2011-09-14 18:56 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12 . 2010-07-24 19:14 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57 . 2009-09-20 19:38 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 00:46 . 2006-10-28 00:46 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07 . 2006-08-02 19:07 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-14 421888]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"AVG_TRAY"=c:\program files\AVG\AVG10\avgtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/8/2011 9:30 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
Completion time: 2012-01-25 19:13:21
ComboFix-quarantined-files.txt 2012-01-26 03:12
.
Pre-Run: 15,442,825,216 bytes free
Post-Run: 15,409,852,416 bytes free
.
- - End Of File - - 22C7EB133A08C1B51C92E526A26B1FAD
---
The Jotti scan was not possible as it kept saying the file: c:\windows\system32\SVKP.sys did not exist.

Is there something different I can do instead of this?

Thanks,
Karen

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Is there something different I can do instead of this?

No, that's ok.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hello Super Dave:

Here is the log created:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: B0B26F3C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: B0B26FE4
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: B0B27080
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: B0B2711C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\My Documents\My Albums\KAREN\PURCHASES ONLINE\HISTORICAL ASSORTED\EBAY CAMERA\CAMERA THAT DID NOT ARRIVE\Forward from My Messages_ Message from eBay Member Regarding Item #220315414783 my post office no record of arrival 12
Status: Hidden

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\ammp3.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avcodec-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avformat-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avutil-49.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common\InstallHelper.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Thanks,
Karen

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Please give me an update on your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the BACK DOOR BOT OR TROJAN  EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on BACK DOOR BOT OR TROJAN  EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the BACK DOOR BOT OR TROJAN  EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check BACK DOOR BOT OR TROJAN  EsetAcceptTerms
•Click the BACK DOOR BOT OR TROJAN  EsetStart button.
•Accept any security warnings from your browser.
•Check BACK DOOR BOT OR TROJAN  EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push BACK DOOR BOT OR TROJAN  EsetListThreats
•Push BACK DOOR BOT OR TROJAN  EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the BACK DOOR BOT OR TROJAN  EsetBack button.
•Push BACK DOOR BOT OR TROJAN  EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hi Super Dave:

I am having trouble with items in my Word Perfect now with renaming files. I often will create a file by going to New and a Word Perfect document is created with the name, "New Word Perfect Document." I always immediately change that to what I want the file to be. Example: Correspondence from Super Dave. When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened? This was never like this before. I am going to do the ESET scan now, but wanted you to know about this problem. It is as if something was changed during one of the processes that you and I have done.

Thanks,
Karen

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
It is as if something was changed during one of the processes that you and I have done.

No. None of our scans would have done that.
When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened?

When you change a name of a file you need to add the same extension that the program calls for . Ex. Notepad files at .txt. What extension does Wordperfect use? If you change the extension, the file may not work.

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
Hi Super Dave:

It uses wpd. Tried that and that took care of that problem. I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.

Still waiting for ESET to finish.

Thanks,
Karen

descriptionBACK DOOR BOT OR TROJAN  EmptyRe: BACK DOOR BOT OR TROJAN

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum