BACK DOOR BOT OR TROJAN

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: BACK DOOR BOT OR TROJAN 29th October 2012, 11:42 pm

Hi Super Dave:

Uninstalling AVG. Leaving Comodo for my AV protection. Will Comodo also be my firewall?

AVG had an application that searched for root kits. Do you have anything that will do that? Something that will not be a conflict .

Updated the Adobe Reader.

Husband has a heart condition and just got out of the hospital. Must go to help him and then I can do the Combo Fix.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 29th October 2012, 11:50 pm

Will Comodo also be my firewall?

Yes, it's all combined.

Husband has a heart condition and just got out of the hospital. Must go to help him and then I can do the Combo Fix.

No hurry. Anytime you're ready.

Re: BACK DOOR BOT OR TROJAN 30th October 2012, 5:58 am

Hi Super Dave:

Just finished with my husband and he is settled for the night. I looked at the Control Panel after I logged on to my computer. It still says Anti Virus is AVG and the Firewall is Comodo. I did uninstall the AVG. I don't understand why it is still listed. I use Revo Uninstaller. Looking in the programs area under Local Disk C, I see AVG listed. There is also an AVG Vault listed. There is also an AVG Self Extractor listed as well. What gives? Should I delete what is left in this area?

Going to do the Combo Fix now.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 30th October 2012, 8:04 am

Hi Super Dave:

Here is the Combo Fix log:

ComboFix 12-10-29.05 - Owner 10/30/2012 0:33.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1565 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\avg_free_stb_all_2012_2195_cnet.exe
c:\program files\Soundmax5240.exe
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\_detmp.6
c:\windows\iun6002.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\iSafProd.1
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unicows.1
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-30 )))))))))))))))))))))))))))))))
.
.
2012-10-30 07:22 . 2012-10-30 07:22 -------- d-----w- c:\windows\LastGood
2012-10-30 06:59 . 2012-10-30 06:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2012-10-29 05:22 . 2012-10-29 05:22 -------- dc----w- C:\_OTL
2012-10-28 12:17 . 2012-10-28 12:17 -------- dc----w- C:\cabs
2012-10-28 00:44 . 2012-10-28 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Dell
2012-10-28 00:43 . 2012-10-28 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-10-28 00:41 . 2012-10-28 00:49 -------- d-----w- c:\program files\Dell Support Center
2012-10-28 00:19 . 2012-10-28 00:45 -------- d-----w- c:\documents and settings\Owner\Application Data\PCDr
2012-10-28 00:17 . 2012-10-28 00:17 38984 ----a-w- c:\program files\DellPCDiagnostics.exe
2012-10-27 22:47 . 2012-10-27 22:47 347424 ----a-w- c:\program files\MicrosoftFixit.AudioPlayback.Run.exe
2012-10-27 22:01 . 2012-10-27 22:01 -------- d-----w- c:\program files\Sigmatel
2012-10-27 22:00 . 2012-10-27 22:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Innovative Solutions
2012-10-27 22:00 . 2012-10-27 22:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2012-10-27 19:38 . 2005-04-15 05:00 273296 ----a-w- c:\windows\system32\drivers\STAC97.sys
2012-10-27 19:38 . 2005-04-15 05:00 102912 ----a-w- c:\windows\system32\staco.dll
2012-10-27 19:10 . 2012-10-27 19:10 10669896 ----a-w- c:\program files\mbam-setup.exe
2012-10-23 21:52 . 2012-10-23 21:58 -------- d-----w- c:\program files\Google
2012-10-23 21:51 . 2012-10-23 21:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2012-10-22 03:34 . 2012-10-22 03:34 3941312 ----a-w- c:\program files\ccsetup323.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 00:29 . 2012-04-10 23:49 71669304 ----a-w- c:\program files\msert.exe
2012-09-11 19:55 . 2012-09-11 19:55 3927560 ----a-w- c:\program files\ccsetup322.exe
2012-08-28 15:14 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-08-24 22:43 . 2011-07-11 09:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2003-07-16 20:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2003-07-16 20:39 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-09 20:22 . 2012-08-09 20:22 5015384 ----a-w- c:\program files\duplicate-file-finder-setup.exe
2012-07-26 20:11 . 2012-07-26 20:11 3907920 ----a-w- c:\program files\ccsetup321.exe
2012-03-23 08:10 . 2012-03-23 08:10 15160720 ----a-w- c:\program files\AdobeAIRInstaller.exe
2012-02-24 00:50 . 2012-02-24 00:50 8669472 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2012-02-16 02:52 . 2012-02-16 02:52 14809712 ----a-w- c:\program files\SUPERAntiSpyware.exe
2012-02-06 04:12 . 2012-02-06 04:12 60407496 ----a-w- c:\program files\cfw_installer_x86.exe
2012-02-06 03:48 . 2012-02-06 03:48 5912232 ----a-w- c:\program files\registry-defrag-setup.exe
2011-09-14 18:56 . 2011-09-14 18:56 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12 . 2010-07-24 19:14 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 00:46 . 2006-10-28 00:46 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-14 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-09-14 18:51 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/4/2012 9:31 PM 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/17/2012 10:00 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 7:59 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 4:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [10/11/2012 9:15 AM 1853584]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [10/27/2012 12:32 PM 20224]
R3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [10/27/2012 12:32 PM 26368]
R3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [10/27/2012 12:32 PM 15616]
R3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [10/27/2012 12:32 PM 256896]
R3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [10/27/2012 12:32 PM 5632]
R3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [10/27/2012 12:32 PM 7424]
R3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [10/27/2012 12:32 PM 5376]
R3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [10/27/2012 12:32 PM 4992]
R3 th164;th164;c:\windows\system32\drivers\th164.sys [10/27/2012 12:32 PM 4736]
R3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [10/27/2012 12:32 PM 4864]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2012 2:52 PM 116648]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [10/27/2012 12:32 PM 2560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2012 2:52 PM 116648]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 1:47 PM 14336]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [9/3/2012 10:54 PM 22640]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGWD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-30 00:50
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(684)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-10-30 00:56:59
ComboFix-quarantined-files.txt 2012-10-30 07:56
.
Pre-Run: 15,209,701,376 bytes free
Post-Run: 15,272,939,520 bytes free
.
- - End Of File - - EEEF47FAF1B60D9DC34A55DB4A1435B0
-------
Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 30th October 2012, 8:07 am

Hi Super Dave:

I had to install AVG again so that I could disable it. Combo Fix made me do that before it could begin its work. I am going to uninstall AVG again.

If there are left over AVG items as I told you in a previous post what should I do about them?

Also, is there a stand alone program that replaces ESET now?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 30th October 2012, 6:59 pm

I am going to uninstall AVG again.

If there are left over AVG items as I told you in a previous post what should I do about them?

Before you unistall AVG you should check Comodo to make sure the AV is turned on because ComboFix doesn't show Comodo as your AV. If you cannot uninstall AVG, you can use the AVG Removal tool below.

AVG Antivirus - AVG Antivirus Remover utility

************************************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

********************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: BACK DOOR BOT OR TROJAN 31st October 2012, 2:48 am

Hi Super Dave:

Here is the Rogue Kill report:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/30/2012 19:34:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400EB-75CPF0 +++++
--- User ---
[MBR] 4e653a2a6234a6be6ae4b0dbeb097c9f
[BSP] f49789793de47e240f41ae14e0e5fc8e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
----------
It said items have not been deleted before I closed it. I did not delete anything.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 31st October 2012, 2:50 am

Re: BACK DOOR BOT OR TROJAN 31st October 2012, 3:09 am

Hi Super Dave:

Here is the SysProt log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: B16DD7E4
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: B16DCD90
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: B16DD44A
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: B16DE040
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: B16DFC20
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: B16DFF9E
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: B16DC77C
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: B16DD9D0
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: B16DDBE8
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: B16DC582
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: B16DE82A
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: B16DEA80
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: B16DF652
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: B16DD058
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: B16DD626
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: B16DE030
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: B16DC1B0
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: B16DD2F2
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: B16DC3B4
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: B16DEC8E
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: B16DF0E2
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: B16DEEA0
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: B16DE5B2
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: B16DDE54
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: B16DF93E
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: B16DE30A
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: B16DCFC2
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: B16DD1DE
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: B16DCB92
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: B16DC980
Driver Base: B16D3000
Driver End: B174A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetProcessInheritedFromUniqueProcessId
At Address: 804FD889
Jump To: EABC805A
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\My Documents\My Albums\KAREN\PURCHASES ONLINE\HISTORICAL ASSORTED\EBAY CAMERA\CAMERA THAT DID NOT ARRIVE\Forward from My Messages_ Message from eBay Member Regarding Item #220315414783 my post office no record of arrival 12
Status: Hidden

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\ammp3.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avcodec-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avformat-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avutil-49.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common\InstallHelper.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common
Status: Access denied

---------

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 31st October 2012, 3:14 am

Hi Super Dave:

AVG seems to be completely gone now. I have Comodo for Anti Virus and the Fire Wall. I also installed Comodo Internet Security. Are all of these items safe and good for my computer?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 31st October 2012, 5:38 pm

Are all of these items safe and good for my computer?

Yes, that should suffice. How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the BACK DOOR BOT OR TROJAN - Page 1 EsetOnline

BACK DOOR BOT OR TROJAN - Page 1 EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

BACK DOOR BOT OR TROJAN - Page 1 EsetAcceptTerms

•Click the BACK DOOR BOT OR TROJAN - Page 1 EsetStart

button.
•Accept any security warnings from your browser.
•Check BACK DOOR BOT OR TROJAN - Page 1 EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push BACK DOOR BOT OR TROJAN - Page 1 EsetListThreats

BACK DOOR BOT OR TROJAN - Page 1 EsetListThreats

•Push

BACK DOOR BOT OR TROJAN - Page 1 EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the BACK DOOR BOT OR TROJAN - Page 1 EsetBack

BACK DOOR BOT OR TROJAN - Page 1 EsetBack

button.
•Push BACK DOOR BOT OR TROJAN - Page 1 EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: BACK DOOR BOT OR TROJAN 1st November 2012, 12:33 am

Hi Super Dave:

I have tried five times to run the ESET scan. The firs three times I got an error message: Unexpected Error 2003.

The last two times I tried to run the scan I got the message: Can not get update. Is Proxy configured?

What should I do?

Thanks,

Karen

Re: BACK DOOR BOT OR TROJAN 1st November 2012, 1:19 am

Ok. Let's try this one.

Scan your computer with Panda ActiveScan

* Once you are on the Panda site click the Scan your PC now button.
* A new window will open...click the Scan Now button.
* If it wants to install an ActiveX component allow it.
* It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
* You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
* The scan will begin. Please be patient as it can take an hour or more to complete.
* When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
* Save the ActiveScan.txt to a convenient location like your desktop.
* Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

* Post the contents of the ActiveScan report in your next reply.

Re: BACK DOOR BOT OR TROJAN 2nd November 2012, 6:57 pm

Hi Super Dave:

I am sorry. I did not see the information about doing the Panda Scan until after I started the ESET scan. The ESET scan has been at 28% for some time now, but I think it might finish properly. I will post those results and then do the Panda scan for you.

Yesterday Comodo did a scan and declared that there were four threats to this computer. Comodo also said that all threats could not be removed. That is discouraging. I had marked the scan previously to scan for root kits. You will recall that you had me get rid of AVG and install Comodo. I will post the Comodo scan results for you now.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

---------
You asked how my computer is running and it is still odd. One thing that is new and is also odd is that most all internet activity now gets a "Not Responding." Even when signing into your website!

I wanted to ask you about deleting my son as a user on this computer. I am the main user and the administrator. My son has not used the computer for several months. He lives somewhere else most of the time now. Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 3rd November 2012, 1:34 am

Can I delete him as a user on this computer? Will that help the computer? Will that harm the computer? Would it save any space on the comptuer?

If he doesn't use the computer, you can delete his account but I don't think it will make much difference but it could save some space if you uninstall the programs that he had installed, if any. I'll wait for the ESET scan results and we'll take it from there.

Re: BACK DOOR BOT OR TROJAN 3rd November 2012, 4:53 pm

Hi Super Dave:

I was able to do the Padna Scan. It took a long, long time. Scan results say nothing was found. Posting this and then trying to do the ESET once again.
---------------
Today you are not infected.

We have detected that the COMODO Antivirus protection on your PC is enabled and up-to-date.

It is advisable to run a complete scan with ActiveScan 2.0 from time to time. This will minimize the chances of infection.
--------

Doing ESET now.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 4th November 2012, 1:07 am

Hi Super Dave:

I didn't get a chance to push anything for the report. Here is what the results said:

No threats found.
Scanned Files: 68,541
Infected Files: 0
Cleaned Files: 0
Total Scanned Time: 4:35:49
Scan Status: Finished

During the scan process Comodo went crazy. Comodo says it found threats that could not be deleted. What is up with this? If Comodo found stuff why didn't ESET? Is Comodo doing false positives?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 4th November 2012, 1:50 am

Ok. Let's do some cleanup and if Comodo keeps acting up, please let me know.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
**************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

BACK DOOR BOT OR TROJAN - Page 1 Diskcleanup2

BACK DOOR BOT OR TROJAN - Page 1 Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

BACK DOOR BOT OR TROJAN - Page 1 Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: BACK DOOR BOT OR TROJAN 6th November 2012, 4:40 am

Hi Super Dave:

Well the computer is running faster. That is good. Today I did the Comodo scan. Once again four threats were found and sadly Comodo reports that it can not clear all four threats. This is disturbing. I am pasting what was found here for your. What can be done to clear these items up? They appear to be root kits.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------------
Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 6th November 2012, 8:40 pm

All the scans we ran didn't detect any rootkits. Let's try a few more.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..
**********************************************************************
Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Re: BACK DOOR BOT OR TROJAN 7th November 2012, 3:50 am

Hi Super Dave:

Nothing found here. I know that the Kaspersky is well respected. I don't understand why Comodo keeps saying that it finds things.

19:34:23.0906 4000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:25.0171 4000 ============================================================
19:34:25.0171 4000 Current date / time: 2012/11/06 19:34:25.0171
19:34:25.0171 4000 SystemInfo:
19:34:25.0171 4000
19:34:25.0171 4000 OS Version: 5.1.2600 ServicePack: 3.0
19:34:25.0171 4000 Product type: Workstation
19:34:25.0171 4000 ComputerName: KURTCOMPUTER
19:34:25.0171 4000 UserName: Owner
19:34:25.0171 4000 Windows directory: C:\WINDOWS
19:34:25.0171 4000 System windows directory: C:\WINDOWS
19:34:25.0171 4000 Processor architecture: Intel x86
19:34:25.0171 4000 Number of processors: 1
19:34:25.0171 4000 Page size: 0x1000
19:34:25.0171 4000 Boot type: Normal boot
19:34:25.0171 4000 ============================================================
19:34:28.0500 4000 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:34:28.0500 4000 ============================================================
19:34:28.0500 4000 \Device\Harddisk0\DR0:
19:34:28.0500 4000 MBR partitions:
19:34:28.0500 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:34:28.0500 4000 ============================================================
19:34:28.0546 4000 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:28.0546 4000 ============================================================
19:34:28.0546 4000 Initialize success
19:34:28.0546 4000 ============================================================
19:35:39.0953 0512 ============================================================
19:35:39.0953 0512 Scan started
19:35:39.0953 0512 Mode: Manual;
19:35:39.0953 0512 ============================================================
19:35:40.0421 0512 ================ Scan system memory ========================
19:35:40.0421 0512 System memory - ok
19:35:40.0437 0512 ================ Scan services =============================
19:35:40.0625 0512 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:35:40.0781 0512 !SASCORE - ok
19:35:40.0953 0512 Abiosdsk - ok
19:35:40.0984 0512 abp480n5 - ok
19:35:41.0062 0512 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:41.0078 0512 ACPI - ok
19:35:41.0156 0512 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:41.0156 0512 ACPIEC - ok
19:35:41.0187 0512 adpu160m - ok
19:35:41.0265 0512 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:35:41.0265 0512 aeaudio - ok
19:35:41.0328 0512 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:35:41.0343 0512 aec - ok
19:35:41.0406 0512 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:35:41.0406 0512 Afc - ok
19:35:41.0468 0512 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:35:41.0484 0512 AFD - ok
19:35:41.0500 0512 Aha154x - ok
19:35:41.0515 0512 aic78u2 - ok
19:35:41.0531 0512 aic78xx - ok
19:35:41.0593 0512 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:35:41.0625 0512 Alerter - ok
19:35:41.0671 0512 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:35:41.0671 0512 ALG - ok
19:35:41.0703 0512 AliIde - ok
19:35:41.0734 0512 amsint - ok
19:35:41.0750 0512 AppMgmt - ok
19:35:41.0781 0512 asc - ok
19:35:41.0812 0512 asc3350p - ok
19:35:41.0828 0512 asc3550 - ok
19:35:42.0015 0512 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:35:42.0046 0512 aspnet_state - ok
19:35:42.0093 0512 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:42.0093 0512 AsyncMac - ok
19:35:42.0156 0512 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:42.0171 0512 atapi - ok
19:35:42.0187 0512 Atdisk - ok
19:35:42.0250 0512 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:42.0265 0512 Atmarpc - ok
19:35:42.0328 0512 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:35:42.0343 0512 AudioSrv - ok
19:35:42.0406 0512 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:42.0406 0512 audstub - ok
19:35:42.0468 0512 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:35:42.0468 0512 BANTExt - ok
19:35:42.0593 0512 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:35:42.0593 0512 bcm4sbxp - ok
19:35:42.0671 0512 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:35:42.0687 0512 BCMModem - ok
19:35:42.0765 0512 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:35:42.0781 0512 Beep - ok
19:35:42.0859 0512 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:35:43.0312 0512 BITS - ok
19:35:43.0390 0512 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:35:43.0500 0512 Browser - ok
19:35:43.0578 0512 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:43.0593 0512 cbidf2k - ok
19:35:43.0640 0512 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:35:43.0640 0512 CCDECODE - ok
19:35:43.0671 0512 cd20xrnt - ok
19:35:43.0734 0512 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:43.0734 0512 Cdaudio - ok
19:35:43.0828 0512 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:43.0828 0512 Cdfs - ok
19:35:43.0859 0512 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:43.0859 0512 Cdrom - ok
19:35:43.0937 0512 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:35:44.0046 0512 ch7009 - ok
19:35:44.0062 0512 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:35:44.0171 0512 ch7017 - ok
19:35:44.0203 0512 Changer - ok
19:35:44.0265 0512 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:35:44.0265 0512 CiSvc - ok
19:35:44.0312 0512 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:35:44.0312 0512 ClipSrv - ok
19:35:44.0359 0512 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:44.0500 0512 clr_optimization_v2.0.50727_32 - ok
19:35:44.0750 0512 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:35:44.0781 0512 cmdAgent - ok
19:35:44.0859 0512 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:35:44.0984 0512 cmderd - ok
19:35:45.0046 0512 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:35:45.0234 0512 cmdGuard - ok
19:35:45.0296 0512 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:35:45.0390 0512 cmdHlp - ok
19:35:45.0421 0512 CmdIde - ok
19:35:45.0484 0512 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:35:45.0593 0512 CoachUsb - ok
19:35:45.0609 0512 CoachVc - ok
19:35:45.0640 0512 COMSysApp - ok
19:35:45.0671 0512 Cpqarray - ok
19:35:45.0703 0512 Crypkey License - ok
19:35:45.0750 0512 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:35:45.0750 0512 CryptSvc - ok
19:35:45.0812 0512 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:35:45.0906 0512 d3dUtil - ok
19:35:45.0921 0512 dac2w2k - ok
19:35:45.0953 0512 dac960nt - ok
19:35:46.0046 0512 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:35:46.0140 0512 DcomLaunch - ok
19:35:46.0203 0512 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:35:46.0203 0512 Dhcp - ok
19:35:46.0281 0512 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:46.0281 0512 Disk - ok
19:35:46.0312 0512 dmadmin - ok
19:35:46.0406 0512 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:35:46.0437 0512 dmboot - ok
19:35:46.0484 0512 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:35:46.0500 0512 dmio - ok
19:35:46.0562 0512 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:35:46.0562 0512 dmload - ok
19:35:46.0625 0512 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:35:46.0625 0512 dmserver - ok
19:35:46.0687 0512 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:35:46.0703 0512 DMusic - ok
19:35:46.0781 0512 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:35:46.0781 0512 Dnscache - ok
19:35:46.0859 0512 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:35:46.0859 0512 Dot3svc - ok
19:35:46.0890 0512 dpti2o - ok
19:35:46.0953 0512 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:46.0953 0512 drmkaud - ok
19:35:46.0984 0512 DwProt - ok
19:35:47.0046 0512 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:35:47.0046 0512 EapHost - ok
19:35:47.0109 0512 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:35:47.0109 0512 ERSvc - ok
19:35:47.0171 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:35:47.0234 0512 Eventlog - ok
19:35:47.0312 0512 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:35:47.0328 0512 EventSystem - ok
19:35:47.0375 0512 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:47.0375 0512 Fastfat - ok
19:35:47.0484 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:35:47.0593 0512 FastUserSwitchingCompatibility - ok
19:35:47.0656 0512 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:47.0671 0512 Fdc - ok
19:35:47.0718 0512 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:35:47.0718 0512 Fips - ok
19:35:47.0750 0512 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:47.0750 0512 Flpydisk - ok
19:35:47.0828 0512 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:35:47.0828 0512 FltMgr - ok
19:35:48.0000 0512 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:48.0000 0512 FontCache3.0.0.0 - ok
19:35:48.0078 0512 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:35:48.0156 0512 fs454 - ok
19:35:48.0234 0512 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:35:48.0343 0512 fssfltr - ok
19:35:48.0500 0512 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:48.0687 0512 fsssvc - ok
19:35:48.0765 0512 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:48.0765 0512 Fs_Rec - ok
19:35:48.0843 0512 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:48.0843 0512 Ftdisk - ok
19:35:48.0921 0512 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:48.0937 0512 Gpc - ok
19:35:49.0031 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0046 0512 gupdate - ok
19:35:49.0062 0512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:49.0062 0512 gupdatem - ok
19:35:49.0140 0512 helpsvc - ok
19:35:49.0171 0512 HidServ - ok
19:35:49.0265 0512 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:35:49.0265 0512 hkmsvc - ok
19:35:49.0296 0512 hpn - ok
19:35:49.0390 0512 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:49.0390 0512 HTTP - ok
19:35:49.0453 0512 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:35:49.0562 0512 HTTPFilter - ok
19:35:49.0593 0512 i2omgmt - ok
19:35:49.0625 0512 i2omp - ok
19:35:49.0671 0512 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:35:49.0671 0512 i8042prt - ok
19:35:49.0781 0512 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:35:49.0828 0512 ialm - ok
19:35:49.0984 0512 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:50.0031 0512 idsvc - ok
19:35:50.0125 0512 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:35:50.0250 0512 igdmini - ok
19:35:50.0328 0512 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:35:50.0328 0512 Imapi - ok
19:35:50.0437 0512 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:35:50.0437 0512 ImapiService - ok
19:35:50.0468 0512 ini910u - ok
19:35:50.0546 0512 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:35:50.0656 0512 Inspect - ok
19:35:50.0703 0512 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:35:50.0703 0512 IntelIde - ok
19:35:50.0765 0512 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:35:50.0781 0512 intelppm - ok
19:35:50.0828 0512 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:35:50.0828 0512 ip6fw - ok
19:35:50.0890 0512 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:35:50.0890 0512 IpFilterDriver - ok
19:35:50.0937 0512 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:35:50.0937 0512 IpInIp - ok
19:35:51.0015 0512 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:35:51.0015 0512 IpNat - ok
19:35:51.0062 0512 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:35:51.0062 0512 IPSec - ok
19:35:51.0109 0512 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:35:51.0109 0512 IRENUM - ok
19:35:51.0171 0512 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:35:51.0187 0512 isapnp - ok
19:35:51.0234 0512 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:35:51.0234 0512 Kbdclass - ok
19:35:51.0296 0512 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:35:51.0296 0512 kmixer - ok
19:35:51.0359 0512 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:35:51.0359 0512 KSecDD - ok
19:35:51.0453 0512 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:35:51.0593 0512 lanmanserver - ok
19:35:51.0671 0512 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:35:51.0734 0512 lanmanworkstation - ok
19:35:51.0765 0512 lbrtfdc - ok
19:35:51.0859 0512 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:35:51.0875 0512 LmHosts - ok
19:35:51.0906 0512 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:35:52.0015 0512 lvds - ok
19:35:52.0218 0512 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:35:52.0421 0512 McciCMService - ok
19:35:52.0484 0512 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:35:52.0484 0512 Messenger - ok
19:35:52.0531 0512 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:35:52.0546 0512 mnmdd - ok
19:35:52.0609 0512 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:35:52.0609 0512 mnmsrvc - ok
19:35:52.0671 0512 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:35:52.0671 0512 Modem - ok
19:35:52.0734 0512 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:35:52.0734 0512 MODEMCSA - ok
19:35:52.0765 0512 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:35:52.0765 0512 Mouclass - ok
19:35:52.0812 0512 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:35:52.0812 0512 MountMgr - ok
19:35:52.0859 0512 mraid35x - ok
19:35:52.0921 0512 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:35:53.0031 0512 MREMP50 - ok
19:35:53.0093 0512 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:35:53.0203 0512 MREMPR5 - ok
19:35:53.0218 0512 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:35:53.0328 0512 MRENDIS5 - ok
19:35:53.0359 0512 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:35:53.0468 0512 MRESP50 - ok
19:35:53.0515 0512 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:35:53.0531 0512 MRxDAV - ok
19:35:53.0640 0512 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:35:53.0656 0512 MRxSmb - ok
19:35:53.0718 0512 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:35:53.0734 0512 MSDTC - ok
19:35:53.0765 0512 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:35:53.0781 0512 Msfs - ok
19:35:53.0796 0512 MSIServer - ok
19:35:53.0843 0512 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:35:53.0843 0512 MSKSSRV - ok
19:35:53.0875 0512 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:35:53.0890 0512 MSPCLOCK - ok
19:35:53.0921 0512 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:35:53.0921 0512 MSPQM - ok
19:35:53.0984 0512 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:35:53.0984 0512 mssmbios - ok
19:35:54.0062 0512 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:35:54.0062 0512 MSTEE - ok
19:35:54.0156 0512 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:35:54.0296 0512 Mup - ok
19:35:54.0343 0512 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:35:54.0359 0512 NABTSFEC - ok
19:35:54.0421 0512 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:35:54.0468 0512 napagent - ok
19:35:54.0531 0512 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:35:54.0546 0512 NDIS - ok
19:35:54.0625 0512 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:35:54.0625 0512 NdisIP - ok
19:35:54.0687 0512 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:35:54.0687 0512 NdisTapi - ok
19:35:54.0750 0512 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:35:54.0750 0512 Ndisuio - ok
19:35:54.0812 0512 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:35:54.0812 0512 NdisWan - ok
19:35:54.0890 0512 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:35:55.0000 0512 NDProxy - ok
19:35:55.0031 0512 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:35:55.0031 0512 NetBIOS - ok
19:35:55.0078 0512 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:35:55.0109 0512 NetBT - ok
19:35:55.0171 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:35:55.0171 0512 NetDDE - ok
19:35:55.0203 0512 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:35:55.0218 0512 NetDDEdsdm - ok
19:35:55.0296 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:35:55.0296 0512 Netlogon - ok
19:35:55.0343 0512 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:35:55.0359 0512 Netman - ok
19:35:55.0421 0512 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:55.0421 0512 NetTcpPortSharing - ok
19:35:55.0484 0512 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:35:55.0500 0512 NetworkX - ok
19:35:55.0593 0512 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:35:55.0609 0512 Nla - ok
19:35:55.0671 0512 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:35:55.0671 0512 Npfs - ok
19:35:55.0734 0512 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:35:55.0843 0512 ns2501 - ok
19:35:55.0875 0512 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:35:55.0984 0512 ns387 - ok
19:35:56.0093 0512 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:56.0125 0512 Ntfs - ok
19:35:56.0171 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:35:56.0171 0512 NtLmSsp - ok
19:35:56.0281 0512 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:35:56.0359 0512 NtmsSvc - ok
19:35:56.0421 0512 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:35:56.0437 0512 Null - ok
19:35:56.0500 0512 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:56.0515 0512 NwlnkFlt - ok
19:35:56.0562 0512 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:56.0578 0512 NwlnkFwd - ok
19:35:56.0625 0512 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:35:56.0625 0512 NwlnkIpx - ok
19:35:56.0734 0512 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:35:56.0750 0512 NwlnkNb - ok
19:35:56.0781 0512 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:35:56.0796 0512 NwlnkSpx - ok
19:35:56.0875 0512 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:35:56.0890 0512 NwSapAgent - ok
19:35:56.0937 0512 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:35:57.0062 0512 OMCI - ok
19:35:57.0125 0512 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:35:57.0140 0512 Parport - ok
19:35:57.0187 0512 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:57.0187 0512 PartMgr - ok
19:35:57.0250 0512 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:57.0265 0512 ParVdm - ok
19:35:57.0359 0512 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{E9D79540-57D5953E-06020200}_0 c:\program files\dell support center\pcdsrvc.pkms
19:35:57.0531 0512 PCDSRVC{E9D79540-57D5953E-06020200}_0 - ok
19:35:57.0562 0512 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:57.0562 0512 PCI - ok
19:35:57.0593 0512 PCIDump - ok
19:35:57.0656 0512 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
19:35:57.0671 0512 PCIIde - ok
19:35:57.0734 0512 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:57.0750 0512 Pcmcia - ok
19:35:57.0781 0512 PDCOMP - ok
19:35:57.0812 0512 PDFRAME - ok
19:35:57.0828 0512 PDRELI - ok
19:35:57.0859 0512 PDRFRAME - ok
19:35:57.0890 0512 perc2 - ok
19:35:57.0937 0512 perc2hib - ok
19:35:58.0046 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:35:58.0062 0512 PlugPlay - ok
19:35:58.0234 0512 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:35:58.0562 0512 PMBDeviceInfoProvider - ok
19:35:58.0625 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:35:58.0625 0512 PolicyAgent - ok
19:35:58.0703 0512 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:58.0718 0512 PptpMiniport - ok
19:35:58.0750 0512 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:35:58.0765 0512 Processor - ok
19:35:58.0796 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:35:58.0796 0512 ProtectedStorage - ok
19:35:58.0828 0512 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:35:58.0828 0512 PSched - ok
19:35:58.0906 0512 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:58.0906 0512 Ptilink - ok
19:35:59.0000 0512 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:35:59.0000 0512 PxHelp20 - ok
19:35:59.0031 0512 ql1080 - ok
19:35:59.0062 0512 Ql10wnt - ok
19:35:59.0093 0512 ql12160 - ok
19:35:59.0125 0512 ql1240 - ok
19:35:59.0156 0512 ql1280 - ok
19:35:59.0218 0512 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:59.0218 0512 RasAcd - ok
19:35:59.0296 0512 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:35:59.0312 0512 RasAuto - ok
19:35:59.0343 0512 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:59.0343 0512 Rasl2tp - ok
19:35:59.0437 0512 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:35:59.0453 0512 RasMan - ok
19:35:59.0500 0512 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:59.0515 0512 RasPppoe - ok
19:35:59.0562 0512 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:35:59.0562 0512 Raspti - ok
19:35:59.0640 0512 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:59.0640 0512 Rdbss - ok
19:35:59.0687 0512 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:35:59.0687 0512 RDPCDD - ok
19:35:59.0812 0512 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:35:59.0921 0512 RDPWD - ok
19:36:00.0000 0512 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:36:00.0015 0512 RDSessMgr - ok
19:36:00.0078 0512 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:00.0078 0512 redbook - ok
19:36:00.0140 0512 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:36:00.0156 0512 RemoteAccess - ok
19:36:00.0234 0512 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:36:00.0250 0512 RpcLocator - ok
19:36:00.0328 0512 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:36:00.0343 0512 RpcSs - ok
19:36:00.0421 0512 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:36:00.0453 0512 RSVP - ok
19:36:00.0531 0512 SABProcEnum - ok
19:36:00.0578 0512 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:36:00.0578 0512 SamSs - ok
19:36:00.0656 0512 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:36:00.0671 0512 SASDIFSV - ok
19:36:00.0718 0512 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:36:00.0718 0512 SASKUTIL - ok
19:36:00.0781 0512 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:36:00.0796 0512 SCardSvr - ok
19:36:00.0890 0512 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:36:00.0906 0512 Schedule - ok
19:36:00.0984 0512 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:01.0000 0512 Secdrv - ok
19:36:01.0046 0512 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:36:01.0062 0512 seclogon - ok
19:36:01.0125 0512 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:36:01.0125 0512 SENS - ok
19:36:01.0203 0512 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:01.0218 0512 serenum - ok
19:36:01.0281 0512 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:01.0281 0512 Serial - ok
19:36:01.0390 0512 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:01.0406 0512 Sfloppy - ok
19:36:01.0500 0512 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:36:01.0531 0512 SharedAccess - ok
19:36:01.0578 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:01.0593 0512 ShellHWDetection - ok
19:36:01.0625 0512 [ 2327F5FFA223EC9B415F4A0CDBDF4EE1 ] sii164 C:\WINDOWS\system32\DRIVERS\sii164.sys
19:36:01.0734 0512 sii164 - ok
19:36:01.0765 0512 Simbad - ok
19:36:01.0843 0512 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:01.0859 0512 SLIP - ok
19:36:01.0921 0512 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:36:02.0046 0512 SmartDefragDriver - ok
19:36:02.0187 0512 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:36:02.0187 0512 smwdm - ok
19:36:02.0234 0512 Sparrow - ok
19:36:02.0296 0512 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:36:02.0296 0512 splitter - ok
19:36:02.0375 0512 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:36:02.0390 0512 Spooler - ok
19:36:02.0453 0512 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:02.0468 0512 sr - ok
19:36:02.0546 0512 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:36:02.0562 0512 srservice - ok
19:36:02.0671 0512 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:02.0687 0512 Srv - ok
19:36:02.0781 0512 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:36:02.0781 0512 SSDPSRV - ok
19:36:02.0875 0512 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
19:36:03.0062 0512 STAC97 - ok
19:36:03.0203 0512 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:36:03.0265 0512 stisvc - ok
19:36:03.0328 0512 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:03.0328 0512 streamip - ok
19:36:03.0359 0512 SVKP - ok
19:36:03.0421 0512 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:03.0437 0512 swenum - ok
19:36:03.0484 0512 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:36:03.0484 0512 swmidi - ok
19:36:03.0515 0512 SwPrv - ok
19:36:03.0562 0512 symc810 - ok
19:36:03.0593 0512 symc8xx - ok
19:36:03.0625 0512 sym_hi - ok
19:36:03.0656 0512 sym_u3 - ok
19:36:03.0703 0512 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:03.0718 0512 sysaudio - ok
19:36:03.0765 0512 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:36:03.0781 0512 SysmonLog - ok
19:36:04.0015 0512 SysProtDrv.sys - ok
19:36:04.0093 0512 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:36:04.0109 0512 TapiSrv - ok
19:36:04.0218 0512 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:04.0234 0512 Tcpip - ok
19:36:04.0296 0512 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:04.0296 0512 TDPIPE - ok
19:36:04.0375 0512 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:04.0375 0512 TDTCP - ok
19:36:04.0437 0512 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:04.0468 0512 TermDD - ok
19:36:04.0546 0512 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:36:04.0593 0512 TermService - ok
19:36:04.0656 0512 [ 201BE1C73FA333A8872AD738AC49B9B4 ] th164 C:\WINDOWS\system32\DRIVERS\th164.sys
19:36:04.0781 0512 th164 - ok
19:36:04.0828 0512 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:36:04.0843 0512 Themes - ok
19:36:04.0875 0512 [ AB9720ADBE304893516521D2E440BD45 ] ti410 C:\WINDOWS\system32\DRIVERS\ti410.sys
19:36:04.0984 0512 ti410 - ok
19:36:05.0015 0512 TICalc - ok
19:36:05.0109 0512 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
19:36:05.0218 0512 tmcomm - ok
19:36:05.0250 0512 TosIde - ok
19:36:05.0343 0512 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:36:05.0359 0512 TrkWks - ok
19:36:05.0421 0512 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:36:05.0437 0512 Udfs - ok
19:36:05.0515 0512 ultra - ok
19:36:05.0609 0512 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:36:05.0640 0512 Update - ok
19:36:05.0718 0512 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:36:05.0734 0512 upnphost - ok
19:36:05.0796 0512 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:36:05.0796 0512 UPS - ok
19:36:05.0859 0512 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:05.0859 0512 usbehci - ok
19:36:05.0937 0512 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:05.0937 0512 usbhub - ok
19:36:06.0015 0512 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:06.0015 0512 usbscan - ok
19:36:06.0062 0512 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:06.0078 0512 USBSTOR - ok
19:36:06.0109 0512 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:06.0125 0512 usbuhci - ok
19:36:06.0156 0512 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:36:06.0187 0512 VgaSave - ok
19:36:06.0234 0512 ViaIde - ok
19:36:06.0296 0512 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:06.0312 0512 VolSnap - ok
19:36:06.0406 0512 [ 699FD04EC634BB3681F11B427F852187 ] vsdatant C:\WINDOWS\System32\vsdatant.sys
19:36:06.0562 0512 vsdatant - ok
19:36:06.0640 0512 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:36:06.0687 0512 VSS - ok
19:36:06.0765 0512 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:36:06.0781 0512 W32Time - ok
19:36:06.0843 0512 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:06.0843 0512 Wanarp - ok
19:36:06.0890 0512 WDICA - ok
19:36:06.0968 0512 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:06.0968 0512 wdmaud - ok
19:36:07.0031 0512 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:36:07.0046 0512 WebClient - ok
19:36:07.0218 0512 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:07.0265 0512 winmgmt - ok
19:36:07.0406 0512 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:36:07.0515 0512 WmdmPmSN - ok
19:36:07.0609 0512 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:07.0609 0512 WmiApSrv - ok
19:36:07.0656 0512 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:36:07.0781 0512 WpdUsb - ok
19:36:07.0859 0512 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:07.0859 0512 WS2IFSL - ok
19:36:07.0953 0512 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:36:08.0015 0512 wscsvc - ok
19:36:08.0046 0512 WSearch - ok
19:36:08.0125 0512 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:08.0125 0512 WSTCODEC - ok
19:36:08.0234 0512 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:36:08.0281 0512 wuauserv - ok
19:36:08.0343 0512 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:08.0343 0512 WudfPf - ok
19:36:08.0437 0512 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:08.0437 0512 WudfRd - ok
19:36:08.0515 0512 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:36:08.0531 0512 WudfSvc - ok
19:36:08.0609 0512 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:36:08.0640 0512 xmlprov - ok
19:36:08.0671 0512 zntport - ok
19:36:08.0765 0512 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:36:08.0875 0512 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:36:08.0968 0512 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:36:09.0093 0512 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:36:09.0109 0512 ================ Scan global ===============================
19:36:09.0187 0512 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:36:09.0281 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0328 0512 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:36:09.0406 0512 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:36:09.0421 0512 [Global] - ok
19:36:09.0437 0512 ================ Scan MBR ==================================
19:36:09.0453 0512 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:36:09.0687 0512 \Device\Harddisk0\DR0 - ok
19:36:09.0703 0512 ================ Scan VBR ==================================
19:36:09.0718 0512 [ D1DAFF5B33FC746EBC58ADAEC37E6BBC ] \Device\Harddisk0\DR0\Partition1
19:36:09.0718 0512 \Device\Harddisk0\DR0\Partition1 - ok
19:36:09.0718 0512 ============================================================
19:36:09.0718 0512 Scan finished
19:36:09.0718 0512 ============================================================
19:36:09.0750 0752 Detected object count: 0
19:36:09.0765 0752 Actual detected object count: 0
19:36:48.0781 2864 ============================================================
19:36:48.0781 2864 Scan started
19:36:48.0781 2864 Mode: Manual;
19:36:48.0781 2864 ============================================================
19:36:49.0015 2864 ================ Scan system memory ========================
19:36:49.0031 2864 System memory - ok
19:36:49.0031 2864 ================ Scan services =============================
19:36:49.0171 2864 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:36:49.0171 2864 !SASCORE - ok
19:36:49.0390 2864 Abiosdsk - ok
19:36:49.0406 2864 abp480n5 - ok
19:36:49.0484 2864 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:49.0484 2864 ACPI - ok
19:36:49.0578 2864 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:49.0578 2864 ACPIEC - ok
19:36:49.0609 2864 adpu160m - ok
19:36:49.0687 2864 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:36:49.0687 2864 aeaudio - ok
19:36:49.0734 2864 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:36:49.0734 2864 aec - ok
19:36:49.0796 2864 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:36:49.0796 2864 Afc - ok
19:36:49.0875 2864 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:36:49.0875 2864 AFD - ok
19:36:49.0906 2864 Aha154x - ok
19:36:49.0921 2864 aic78u2 - ok
19:36:49.0953 2864 aic78xx - ok
19:36:50.0000 2864 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:36:50.0000 2864 Alerter - ok
19:36:50.0078 2864 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:36:50.0078 2864 ALG - ok
19:36:50.0109 2864 AliIde - ok
19:36:50.0125 2864 amsint - ok
19:36:50.0156 2864 AppMgmt - ok
19:36:50.0171 2864 asc - ok
19:36:50.0203 2864 asc3350p - ok
19:36:50.0234 2864 asc3550 - ok
19:36:50.0390 2864 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:50.0390 2864 aspnet_state - ok
19:36:50.0437 2864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:50.0453 2864 AsyncMac - ok
19:36:50.0484 2864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:50.0500 2864 atapi - ok
19:36:50.0515 2864 Atdisk - ok
19:36:50.0578 2864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:50.0578 2864 Atmarpc - ok
19:36:50.0640 2864 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:36:50.0640 2864 AudioSrv - ok
19:36:50.0703 2864 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:50.0703 2864 audstub - ok
19:36:50.0765 2864 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:36:50.0765 2864 BANTExt - ok
19:36:50.0875 2864 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:36:50.0890 2864 bcm4sbxp - ok
19:36:50.0984 2864 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:36:51.0000 2864 BCMModem - ok
19:36:51.0078 2864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:36:51.0078 2864 Beep - ok
19:36:51.0187 2864 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:36:51.0203 2864 BITS - ok
19:36:51.0265 2864 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:36:51.0281 2864 Browser - ok
19:36:51.0359 2864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:51.0375 2864 cbidf2k - ok
19:36:51.0421 2864 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:36:51.0421 2864 CCDECODE - ok
19:36:51.0453 2864 cd20xrnt - ok
19:36:51.0515 2864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:51.0515 2864 Cdaudio - ok
19:36:51.0609 2864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:51.0609 2864 Cdfs - ok
19:36:51.0640 2864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:51.0640 2864 Cdrom - ok
19:36:51.0703 2864 [ 8F9347656BEBDF8225D7B7A948CD043F ] ch7009 C:\WINDOWS\system32\DRIVERS\ch7009.sys
19:36:51.0703 2864 ch7009 - ok
19:36:51.0734 2864 [ 9B17BCD1F4FCD3798F0DAB8CA268EC93 ] ch7017 C:\WINDOWS\system32\DRIVERS\ch7017.sys
19:36:51.0734 2864 ch7017 - ok
19:36:51.0765 2864 Changer - ok
19:36:51.0828 2864 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:36:51.0828 2864 CiSvc - ok
19:36:51.0859 2864 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:36:51.0859 2864 ClipSrv - ok
19:36:51.0906 2864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:51.0921 2864 clr_optimization_v2.0.50727_32 - ok
19:36:52.0140 2864 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:36:52.0171 2864 cmdAgent - ok
19:36:52.0250 2864 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:36:52.0250 2864 cmderd - ok
19:36:52.0375 2864 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:36:52.0390 2864 cmdGuard - ok
19:36:52.0437 2864 [ 3036D1C981573BCA1DE1F9D0AFB7CFD2 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:36:52.0453 2864 cmdHlp - ok
19:36:52.0468 2864 CmdIde - ok
19:36:52.0531 2864 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:36:52.0546 2864 CoachUsb - ok
19:36:52.0578 2864 CoachVc - ok
19:36:52.0593 2864 COMSysApp - ok
19:36:52.0640 2864 Cpqarray - ok
19:36:52.0671 2864 Crypkey License - ok
19:36:52.0718 2864 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:36:52.0718 2864 CryptSvc - ok
19:36:52.0765 2864 [ EEA4EAB0CCB70A625055988976777CEB ] d3dUtil C:\WINDOWS\system32\DRIVERS\d3dutil.sys
19:36:52.0765 2864 d3dUtil - ok
19:36:52.0796 2864 dac2w2k - ok
19:36:52.0828 2864 dac960nt - ok
19:36:52.0921 2864 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:36:52.0937 2864 DcomLaunch - ok
19:36:53.0000 2864 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:36:53.0000 2864 Dhcp - ok
19:36:53.0062 2864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:53.0062 2864 Disk - ok
19:36:53.0093 2864 dmadmin - ok
19:36:53.0187 2864 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:36:53.0203 2864 dmboot - ok
19:36:53.0265 2864 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:36:53.0265 2864 dmio - ok
19:36:53.0312 2864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:36:53.0312 2864 dmload - ok
19:36:53.0375 2864 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:36:53.0375 2864 dmserver - ok
19:36:53.0453 2864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:36:53.0453 2864 DMusic - ok
19:36:53.0531 2864 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:36:53.0531 2864 Dnscache - ok
19:36:53.0609 2864 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:36:53.0609 2864 Dot3svc - ok
19:36:53.0640 2864 dpti2o - ok
19:36:53.0703 2864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:53.0703 2864 drmkaud - ok
19:36:53.0734 2864 DwProt - ok
19:36:53.0781 2864 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:36:53.0781 2864 EapHost - ok
19:36:53.0875 2864 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:36:53.0875 2864 ERSvc - ok
19:36:53.0953 2864 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:36:53.0953 2864 Eventlog - ok
19:36:54.0031 2864 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:36:54.0046 2864 EventSystem - ok
19:36:54.0093 2864 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:54.0093 2864 Fastfat - ok
19:36:54.0187 2864 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:54.0203 2864 FastUserSwitchingCompatibility - ok
19:36:54.0296 2864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:54.0312 2864 Fdc - ok
19:36:54.0359 2864 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:36:54.0359 2864 Fips - ok
19:36:54.0406 2864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:36:54.0406 2864 Flpydisk - ok
19:36:54.0468 2864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:54.0468 2864 FltMgr - ok
19:36:54.0609 2864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:54.0609 2864 FontCache3.0.0.0 - ok
19:36:54.0687 2864 [ 32C98379A90968103D01B256A9BAEA28 ] fs454 C:\WINDOWS\system32\DRIVERS\fs454.sys
19:36:54.0687 2864 fs454 - ok
19:36:54.0750 2864 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:36:54.0750 2864 fssfltr - ok
19:36:54.0921 2864 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:36:54.0937 2864 fsssvc - ok
19:36:55.0000 2864 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:55.0000 2864 Fs_Rec - ok
19:36:55.0078 2864 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:55.0078 2864 Ftdisk - ok
19:36:55.0156 2864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:55.0156 2864 Gpc - ok
19:36:55.0265 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0265 2864 gupdate - ok
19:36:55.0281 2864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:55.0296 2864 gupdatem - ok
19:36:55.0359 2864 helpsvc - ok
19:36:55.0390 2864 HidServ - ok
19:36:55.0468 2864 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:36:55.0484 2864 hkmsvc - ok
19:36:55.0500 2864 hpn - ok
19:36:55.0578 2864 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:55.0578 2864 HTTP - ok
19:36:55.0640 2864 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:36:55.0656 2864 HTTPFilter - ok
19:36:55.0687 2864 i2omgmt - ok
19:36:55.0718 2864 i2omp - ok
19:36:55.0765 2864 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:55.0765 2864 i8042prt - ok
19:36:55.0890 2864 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:36:55.0890 2864 ialm - ok
19:36:56.0046 2864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:56.0062 2864 idsvc - ok
19:36:56.0140 2864 [ 31B9783E002B67A623EB04AE8638AD93 ] igdmini C:\WINDOWS\system32\DRIVERS\igdmini.sys
19:36:56.0140 2864 igdmini - ok
19:36:56.0218 2864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:56.0218 2864 Imapi - ok
19:36:56.0312 2864 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:36:56.0328 2864 ImapiService - ok
19:36:56.0359 2864 ini910u - ok
19:36:56.0453 2864 [ BB916E9A279D1B35D895405DAF162F35 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:36:56.0453 2864 Inspect - ok
19:36:56.0484 2864 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:36:56.0484 2864 IntelIde - ok
19:36:56.0546 2864 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:56.0546 2864 intelppm - ok
19:36:56.0593 2864 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:56.0609 2864 ip6fw - ok
19:36:56.0671 2864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:56.0671 2864 IpFilterDriver - ok
19:36:56.0718 2864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:56.0718 2864 IpInIp - ok
19:36:56.0796 2864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:56.0796 2864 IpNat - ok
19:36:56.0843 2864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:56.0843 2864 IPSec - ok
19:36:56.0890 2864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:56.0906 2864 IRENUM - ok
19:36:56.0953 2864 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:56.0953 2864 isapnp - ok
19:36:56.0968 2864 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:56.0984 2864 Kbdclass - ok
19:36:57.0031 2864 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:36:57.0031 2864 kmixer - ok
19:36:57.0078 2864 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:57.0078 2864 KSecDD - ok
19:36:57.0171 2864 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:36:57.0187 2864 lanmanserver - ok
19:36:57.0296 2864 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:57.0312 2864 lanmanworkstation - ok
19:36:57.0328 2864 lbrtfdc - ok
19:36:57.0421 2864 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:36:57.0421 2864 LmHosts - ok
19:36:57.0468 2864 [ E6BA9E361BD6513EF800DD6E1AA389EF ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
19:36:57.0468 2864 lvds - ok
19:36:57.0703 2864 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:36:57.0703 2864 McciCMService - ok
19:36:57.0750 2864 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:36:57.0765 2864 Messenger - ok
19:36:57.0812 2864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:57.0812 2864 mnmdd - ok
19:36:57.0875 2864 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:36:57.0875 2864 mnmsrvc - ok
19:36:57.0937 2864 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:36:57.0937 2864 Modem - ok
19:36:58.0000 2864 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:36:58.0015 2864 MODEMCSA - ok
19:36:58.0031 2864 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:58.0031 2864 Mouclass - ok
19:36:58.0093 2864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:58.0093 2864 MountMgr - ok
19:36:58.0125 2864 mraid35x - ok
19:36:58.0203 2864 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:36:58.0203 2864 MREMP50 - ok
19:36:58.0265 2864 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:36:58.0265 2864 MREMPR5 - ok
19:36:58.0312 2864 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:36:58.0312 2864 MRENDIS5 - ok
19:36:58.0343 2864 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:36:58.0343 2864 MRESP50 - ok
19:36:58.0390 2864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:58.0390 2864 MRxDAV - ok
19:36:58.0500 2864 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:58.0515 2864 MRxSmb - ok
19:36:58.0578 2864 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:36:58.0578 2864 MSDTC - ok
19:36:58.0640 2864 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:36:58.0640 2864 Msfs - ok
19:36:58.0671 2864 MSIServer - ok
19:36:58.0718 2864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:58.0718 2864 MSKSSRV - ok
19:36:58.0765 2864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:58.0765 2864 MSPCLOCK - ok
19:36:58.0796 2864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:58.0796 2864 MSPQM - ok
19:36:58.0875 2864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:58.0875 2864 mssmbios - ok
19:36:58.0937 2864 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:36:58.0937 2864 MSTEE - ok
19:36:59.0015 2864 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:36:59.0015 2864 Mup - ok
19:36:59.0093 2864 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:36:59.0093 2864 NABTSFEC - ok
19:36:59.0187 2864 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:36:59.0203 2864 napagent - ok
19:36:59.0281 2864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:36:59.0281 2864 NDIS - ok
19:36:59.0375 2864 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:36:59.0375 2864 NdisIP - ok
19:36:59.0437 2864 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:59.0437 2864 NdisTapi - ok
19:36:59.0468 2864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:59.0484 2864 Ndisuio - ok
19:36:59.0687 2864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:59.0703 2864 NdisWan - ok
19:36:59.0875 2864 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:59.0875 2864 NDProxy - ok
19:36:59.0984 2864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:37:00.0000 2864 NetBIOS - ok
19:37:00.0062 2864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:37:00.0078 2864 NetBT - ok
19:37:00.0140 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:37:00.0171 2864 NetDDE - ok
19:37:00.0187 2864 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:37:00.0203 2864 NetDDEdsdm - ok
19:37:00.0281 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:37:00.0281 2864 Netlogon - ok
19:37:00.0328 2864 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:37:00.0328 2864 Netman - ok
19:37:00.0390 2864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:00.0390 2864 NetTcpPortSharing - ok
19:37:00.0453 2864 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
19:37:00.0453 2864 NetworkX - ok
19:37:00.0593 2864 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:37:00.0687 2864 Nla - ok
19:37:01.0000 2864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:37:01.0000 2864 Npfs - ok
19:37:01.0062 2864 [ DC23BF0190ACAA6FE49579B99474C931 ] ns2501 C:\WINDOWS\system32\DRIVERS\ns2501.sys
19:37:01.0062 2864 ns2501 - ok
19:37:01.0093 2864 [ 1D35A6DAD47330B8DA57130F9A924D98 ] ns387 C:\WINDOWS\system32\DRIVERS\ns387.sys
19:37:01.0093 2864 ns387 - ok
19:37:01.0187 2864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:37:01.0187 2864 Ntfs - ok
19:37:01.0250 2864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:37:01.0265 2864 NtLmSsp - ok
19:37:01.0359 2864 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:37:01.0375 2864 NtmsSvc - ok
19:37:01.0421 2864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:37:01.0421 2864 Null - ok
19:37:01.0484 2864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:37:01.0484 2864 NwlnkFlt - ok
19:37:01.0531 2864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:37:01.0531 2864 NwlnkFwd - ok
19:37:01.0578 2864 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:37:01.0578 2864 NwlnkIpx - ok
19:37:01.0671 2864 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:37:01.0687 2864 NwlnkNb - ok
19:37:01.0718 2864 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:37:01.0718 2864 NwlnkSpx - ok
19:37:01.0796 2864 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
19:37:01.0812 2864 NwSapAgent - ok
19:37:01.0843 2864 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 7th November 2012, 8:08 pm

What did the GMER Rootkit scanner find?

Re: BACK DOOR BOT OR TROJAN 7th November 2012, 8:38 pm

Hi Dave:

It took all night to do the scan. Here are the results.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-07 12:03:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-75CPF0 rev.06.04G06
Running: izp4gifk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxdyypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB173D7E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB173CD90]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB173D44A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB173E040]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB173FC20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB173FF9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB173C77C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB173D9D0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB173DBE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB173C582]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB173E82A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB173EA80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB173F652]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB173D058]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB173D626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB173E030]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB173C1B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB173D2F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB173C3B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB173EC8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB173F0E2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB173EEA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB173E5B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB173DE54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB173F93E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB173E30A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB173CFC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB173D1DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB173CB92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB173C980]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\temp\aulauncher.exe 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data 3355933 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\19AFEFF1-1141-4C9E-95DA-857FD675F4F7.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1D2A5CCB-361A-41AC-AC2A-1D827D1C811C.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2D73C69D-6F90-4D4D-9E56-0D40DB872FB5.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data 1294 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\431CFA03-8191-419B-80DB-B6614769FA3E.data.info 276 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data 624784 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A883479-C55C-41EE-8D02-EE9CDEC9BD49.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data 1584640 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\76EA4343-6C05-4DAA-B14B-356CDADBE4BF.data.info 280 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\83F64329-2EAA-4F17-8EE5-35060D81B672.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 7th November 2012, 11:26 pm

I don't know what's happening with Comodo. Those HKEY codes that Comodo is coming up with are for your monitor. Is everything ok there?

Re: BACK DOOR BOT OR TROJAN 8th November 2012, 2:39 am

Hi Super Dave:

Computer seems afaster since we did the restore set point. Just worried about Comodo. Are those false positives? I am now using Comodo for my firewall and my antivirus as you suggesetd. AVG is totally gone now. Just wonder about Comodo if I do a scan and get a garbage/false positive result. As Comodo indicated in the last two scans there were four things that Comodo considered to be threats. Then Comodo says not all of the threats were removed. Should I plan on using GMER now and then to check for root kits? I just don't know what to think.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 8th November 2012, 7:56 pm

Please clear your quarantine folder in Comodo and then run another scan and see what pops up.

Re: BACK DOOR BOT OR TROJAN 9th November 2012, 4:49 am

Hi Super DAve:

I ran the Comodo Scan again as you suggested. I have two reports. The first report is before I attempted to clean everything up. The second report is what was left after I cleaned. It seems like the same four things are left after cleaning just like before. There is a place to mark these four items to be ignored in the future. Will that be OK for these four items? Might we assume that the four items are showing up because I am new to Comodo and once we place the four items in the ignore area Comodo will be OK for me to use in the future? Or will I get stuff like these four items from time to time and think that I am infected?

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540998.data

Malware@#14w915lim8fze C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541000.data

Suspicious@#36bgpdtcj4ifg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540997.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0540999.data

Suspicious@#2auv3lb2ibtyx C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541003.data

Suspicious@#8uzof4osf8tg C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3307\A0541001.data

------
Not cleaned:

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------
Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 9th November 2012, 8:14 pm

I'm going to check with my colleagues about this one. I have no idea why Comodo is showing those items while all the other scans are coming up clean.

Re: BACK DOOR BOT OR TROJAN 9th November 2012, 8:31 pm

Hi Super Dave:

I did another scan with Comodo. Just those four items came up again. I will post for you to show to your colleagues. Is Comodo trying to sell me something? When the four items are found a screen shows up that says:

Warning: Four infections found. We recommend you work with a Geek Buddy Certified Microsoft Expert to make sure your computer is completely cleaned and optimized. Let a Geek Buddy assist you now.

------

I am then given two options: Yes, I want an expert to clean it. No, I will clean it myself.

------

Today instead of checking the "No, I will clean it myself" option I clicked on the "yes, I want an expert to clean it."

Guess what Dave? I have to give money to have the items cleaned! Do you know what these four items are? Are they legitmate threats? There is an option to place these items into the IGNORE for future scans area. I am tempted to do that. What do you think?

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 9th November 2012, 8:35 pm

Hi Super Dave:

I am sorry I forgot to post the results of the four items that can not be quarantened or cleaned by me alone and need Comodo Geek Buddy assistance. These appear to be the same four items that we have seen in the last few Comodo scans.

------

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\MODES\1600,1200\

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

-------

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 9th November 2012, 11:19 pm

I am glad you are checking with your colleagues. If the Comodo is just trying to scare people such as myself and sell us things that is not right. I have never had a something like this happen before. My opinion would be that if Comodo is creating these results in order to sell something they should not be highly recommended any more.

Hi Karen, as I suspected those are false-positives from Comodo on your display drivers which is crazy. I would suggest that you dump Comodo and put something like ZoneAlarm free AV and Firewall on your computer.

Re: BACK DOOR BOT OR TROJAN 10th November 2012, 5:03 am

Hi Super Dave:

Well I tried five times to download Zone Alarm AV and Firewall. It would start to go through the process of downloading and then I would get a message telling me to try later. The message said the download was corrupted or something. I am discouraged about this. I had removed Comodo prior to trying to download the Zone Alarm. I have no choice right now but to reload the Comodo. I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 10th November 2012, 7:28 pm

I can not be without protection. What do you think about putting those four items into the IGNORE area of Comodo?
For future scans those items would be ignored. You indicate the items are false positives so would that cause me any harm or risk?

You could always use the Windows Firewall of just ignore those four items. The choice is yours.

Re: BACK DOOR BOT OR TROJAN 11th November 2012, 12:43 am

Hi Super Dave:

As stated before I could not load Zone Alarm. I did redo Comodo for the firewall and antivirus. I have run two scans. The first scan picked up two things. The second scan picked up five things. In both cases all items were cleaned/quaranteened (sic). It appears that the four items are not back.

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 11th November 2012, 1:59 am

I am assuming I am clean and clear now. I think if those four items ever pop up again I will ask for the IGNORE in Comodo. What do you think?

I would say that the computer is clean. I've been using Comodo for over two years with no such problems. If it did start acting up, I would dump it in a heartbeat. You could always download ZoneAlarm on another computer and transfer it to your computer.

Re: BACK DOOR BOT OR TROJAN 11th November 2012, 11:03 pm

Hi Super Dave:

OK. Thanks for everything. My husband has an appointment this coming Wednesday for his heart. Once we have that behind us I am going to take some time to go over that final list of things you had regarding suggestions for staying safe and keeping my computer at its best.

I appreciate everything you have done for me.

Take care,
Karen

Re: BACK DOOR BOT OR TROJAN 12th November 2012, 3:07 am

You're welcome. I hope everything turns out ok for your husband.

Re: BACK DOOR BOT OR TROJAN 14th November 2012, 6:51 pm

Hi Super Dave:

I hope you are still there. Yesterday and today I have tried to install new Microsoft updates. The KB2698023 item will not install. I keep getting an error message about it.

Here are some of hte items I am getting:

Failed Updates
For help installing an update successfully, see the solution under each problem description.
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
How to Uninstall
This software update can be removed via Add/Remove Programs in Control Panel.
Get help and support
http://support.microsoft.com
-----------

Did we do something to my computer that prevents me from downloading this update? I have never had this happen before. I tried to repeatedly download the item after rebooting. Are other people complaining about this? Is it a Microsoft problem?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 14th November 2012, 8:16 pm

Did we do something to my computer that prevents me from downloading this update?

That happens sometimes when cleaning a computer. Please try this.

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
BACK DOOR BOT OR TROJAN - Page 1 OK

to continue.

•Press the green double checkmark box (Looks like this:
BACK DOOR BOT OR TROJAN - Page 1 Checkmark

UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

BACK DOOR BOT OR TROJAN - Page 1 Ncheck

•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix

Re: BACK DOOR BOT OR TROJAN 15th November 2012, 7:39 am

Hi Super DAve:

Well I did the Dial A Fix, actually twice. Tried to install the KB2698023 andn had no luck. The Microsoft Update seems to move along nicely and then finishes giving me an error that the install has failed. I ahve tried to use my Baseline Analayzer to give me help. No luck there. BA scans my computer and lets me know that KB2698023 is missing. Trying to download the update from BA does not work either. Is this a Microsoft thing? Are others complaining about this on the internet? I see some postings when I Google that I can not download KB2698023. The postings say things about framework 1.1 or something. The positings have elaborate and complicated work arounds to download this update.

Any ideas?

Thanks,
Karen

Re: BACK DOOR BOT OR TROJAN 15th November 2012, 8:29 pm

Please take a look at some of these sites to see if it will help.

BACK DOOR BOT OR TROJAN

descriptionRe: BACK DOOR BOT OR TROJAN 29th October 2012, 11:42 pm

descriptionRe: BACK DOOR BOT OR TROJAN 29th October 2012, 11:50 pm

descriptionRe: BACK DOOR BOT OR TROJAN 30th October 2012, 5:58 am

descriptionRe: BACK DOOR BOT OR TROJAN 30th October 2012, 8:04 am

descriptionRe: BACK DOOR BOT OR TROJAN 30th October 2012, 8:07 am

descriptionRe: BACK DOOR BOT OR TROJAN 30th October 2012, 6:59 pm

descriptionRe: BACK DOOR BOT OR TROJAN 31st October 2012, 2:48 am

descriptionRe: BACK DOOR BOT OR TROJAN 31st October 2012, 2:50 am

descriptionRe: BACK DOOR BOT OR TROJAN 31st October 2012, 3:09 am

descriptionRe: BACK DOOR BOT OR TROJAN 31st October 2012, 3:14 am

descriptionRe: BACK DOOR BOT OR TROJAN 31st October 2012, 5:38 pm

descriptionRe: BACK DOOR BOT OR TROJAN 1st November 2012, 12:33 am

descriptionRe: BACK DOOR BOT OR TROJAN 1st November 2012, 1:19 am

descriptionRe: BACK DOOR BOT OR TROJAN 2nd November 2012, 6:57 pm

descriptionRe: BACK DOOR BOT OR TROJAN 3rd November 2012, 1:34 am

descriptionRe: BACK DOOR BOT OR TROJAN 3rd November 2012, 4:53 pm

descriptionRe: BACK DOOR BOT OR TROJAN 4th November 2012, 1:07 am

descriptionRe: BACK DOOR BOT OR TROJAN 4th November 2012, 1:50 am

descriptionRe: BACK DOOR BOT OR TROJAN 6th November 2012, 4:40 am

descriptionRe: BACK DOOR BOT OR TROJAN 6th November 2012, 8:40 pm

descriptionRe: BACK DOOR BOT OR TROJAN 7th November 2012, 3:50 am

descriptionRe: BACK DOOR BOT OR TROJAN 7th November 2012, 8:08 pm

descriptionRe: BACK DOOR BOT OR TROJAN 7th November 2012, 8:38 pm

descriptionRe: BACK DOOR BOT OR TROJAN 7th November 2012, 11:26 pm

descriptionRe: BACK DOOR BOT OR TROJAN 8th November 2012, 2:39 am

descriptionRe: BACK DOOR BOT OR TROJAN 8th November 2012, 7:56 pm

descriptionRe: BACK DOOR BOT OR TROJAN 9th November 2012, 4:49 am

descriptionRe: BACK DOOR BOT OR TROJAN 9th November 2012, 8:14 pm

descriptionRe: BACK DOOR BOT OR TROJAN 9th November 2012, 8:31 pm

descriptionRe: BACK DOOR BOT OR TROJAN 9th November 2012, 8:35 pm

descriptionRe: BACK DOOR BOT OR TROJAN 9th November 2012, 11:19 pm

descriptionRe: BACK DOOR BOT OR TROJAN 10th November 2012, 5:03 am

descriptionRe: BACK DOOR BOT OR TROJAN 10th November 2012, 7:28 pm

descriptionRe: BACK DOOR BOT OR TROJAN 11th November 2012, 12:43 am

descriptionRe: BACK DOOR BOT OR TROJAN 11th November 2012, 1:59 am

descriptionRe: BACK DOOR BOT OR TROJAN 11th November 2012, 11:03 pm

descriptionRe: BACK DOOR BOT OR TROJAN 12th November 2012, 3:07 am

descriptionRe: BACK DOOR BOT OR TROJAN 14th November 2012, 6:51 pm

descriptionRe: BACK DOOR BOT OR TROJAN 14th November 2012, 8:16 pm

descriptionRe: BACK DOOR BOT OR TROJAN 15th November 2012, 7:39 am

descriptionRe: BACK DOOR BOT OR TROJAN 15th November 2012, 8:29 pm

descriptionRe: BACK DOOR BOT OR TROJAN