BACKDOOR.BOT

View previous topic View next topic Go down

BACKDOOR.BOT

Post by karenor on Tue Sep 22, 2009 1:27 pm

Hello: I got this Backdoor.bot two days ago. I am running Windows XP with everything up to date. I have AVG, Spy Bot, Windows Defender, Super Antispyware, Spy Blaster, Malwarebytes and Advanced System Care. I repeatedly run scans and it says the items have been deleted, but the Backdoor.bot keeps coming back. I am posting the scans as you requested.

Thank you in advance for your assistance, Karen
-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:37 AM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKUS\S-1-5-21-776561741-448539723-725345543-1019\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JEFF')
O4 - HKUS\S-1-5-21-776561741-448539723-725345543-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-776561741-448539723-725345543-1019 Startup: desktop(2).ini (User 'JEFF')
O4 - S-1-5-21-776561741-448539723-725345543-1019 User Startup: desktop(2).ini (User 'JEFF')
O4 - S-1-5-18 Startup: desktop(2).ini (User 'SYSTEM')
O4 - .DEFAULT Startup: desktop(2).ini (User 'Default user')
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: kri746.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6613 bytes

-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:41 AM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\chkdsk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKUS\S-1-5-21-776561741-448539723-725345543-1019\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JEFF')
O4 - HKUS\S-1-5-21-776561741-448539723-725345543-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-776561741-448539723-725345543-1019 Startup: desktop(2).ini (User 'JEFF')
O4 - S-1-5-21-776561741-448539723-725345543-1019 User Startup: desktop(2).ini (User 'JEFF')
O4 - S-1-5-18 Startup: desktop(2).ini (User 'SYSTEM')
O4 - .DEFAULT Startup: desktop(2).ini (User 'Default user')
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: kri746.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6702 bytes

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28652
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Belahzur on Tue Sep 22, 2009 3:24 pm

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - S-1-5-18 Startup: desktop(2).ini (User 'SYSTEM')
    O4 - .DEFAULT Startup: desktop(2).ini (User 'Default user')
    O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
    O20 - AppInit_DLLs: kri746.dat


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Tue Sep 22, 2009 5:27 pm

Thank you for responding. Here are the results from the Malwarebytes scan.

Karen
------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2844
Windows 5.1.2600 Service Pack 3

9/22/2009 2:25:43 PM
mbam-log-2009-09-22 (14-25-43).txt

Scan type: Quick Scan
Objects scanned: 108502
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28652
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Belahzur on Tue Sep 22, 2009 5:30 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Sep 23, 2009 1:24 am

Greetings and thank you Belahzur. Here are the postings you requested.

Karen

------------------------------------------------------------------------------------------------
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 22:17:37.28 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1160 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page =
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
mCustomizeSearch = [You must be registered and logged in to see this link.]
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\verizon online\verizon online control pad\VerizonControlPad.Exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - [You must be registered and logged in to see this link.]
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - [You must be registered and logged in to see this link.]
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E}
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - [You must be registered and logged in to see this link.]
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-9 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-9 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 297752]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-19 38224]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-6-3 228344]

=============== Created Last 30 ================

2009-09-20 12:39 --d----- c:\program files\SUPERAntiSpyware
2009-09-20 12:38 --d----- c:\program files\common files\Wise Installation Wizard
2009-09-20 12:38 7,174,176 a------- c:\program files\SUPERAntiSpyware.exe
2009-09-20 12:20 --d----- c:\program files\Enigma Software Group
2009-09-20 12:17 502,168 a------- c:\program files\SpyHunter-Installer.exe
2009-09-19 00:37 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-19 00:37 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-09-19 00:00 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-19 00:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 00:00 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-19 00:00 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 00:00 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-18 23:56 4,045,528 a------- c:\program files\mbam-setup.exe
2009-09-11 22:31 9,008,576 a------- c:\program files\windows-kb890830-v2.14.exe
2009-09-09 07:16 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-04 13:34 --d----- c:\program files\Coupons
2009-09-04 13:32 1,277,680 a------- c:\program files\CouponPrinter.exe
2009-08-29 18:26 3,293,088 a------- c:\program files\ccsetup223.exe

==================== Find3M ====================

2009-09-18 22:46 16,409,960 a------- c:\program files\spybotsd162.exe
2009-09-18 22:27 5,154,304 ac------ c:\program files\WindowsDefender.msi
2009-08-18 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-18 09:47 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 13:08 8,798,656 a------- c:\program files\windows-kb890830-v2.13.exe
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-30 16:54 3,278,552 a------- c:\program files\ccsetup222.exe
2009-07-25 11:24 2,052,104 a------- c:\program files\advisor belarc.exe
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 16:37 466,944 a------- c:\windows\system32\BSTIEPrintCtl1.dll
2009-07-15 00:12 498,544 a------- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-14 22:58 1,044,856 a------- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-14 22:55 569,208 a------- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-07-14 22:53 1,017,280 a------- c:\program files\windows-kb890830-v2.12-delta_9f511a3dc68bb5afdd38d500fce489be4c2ecf28.exe
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 22:07 3,252,640 a------- c:\program files\ccsetup221.exe
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-02 11:28 7,885,928 a------- c:\program files\asc-setup.exe
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-10 14:30 3,247,736 ac------ c:\program files\ccsetup220.exe
2009-06-04 21:01 9,234,289 a------- c:\program files\7100.exe
2009-06-04 14:16 14,243,328 ac------ c:\program files\DM510.32.4071221.EN.msi
2009-05-18 22:53 3,227,248 a------- c:\program files\ccsetup219.exe
2009-05-15 06:56 1,079,272 a------- c:\program files\revosetup.exe
2009-05-04 13:08 1,146,368 ac------ c:\program files\advanced_disk_cleaner.msi
2009-04-28 14:56 16,883,056 a------- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-10 10:44 3,012,768 ac------ c:\program files\spywareblastersetup42.exe
2009-04-06 11:13 10,246,088 a------- c:\program files\windows-kb890830-v2.8.exe
2009-03-31 20:21 5,046 ac------ c:\program files\ReadMe.txt
2009-03-31 20:21 33,792 a------- c:\program files\regini.exe
2009-03-31 20:21 224 ac------ c:\program files\fix.bat
2009-03-31 20:21 2,289 ac------ c:\program files\Damage Fix Tool disclaimer.txt
2009-03-28 21:26 3,190,688 a------- c:\program files\ccsetup218.exe
2009-03-14 20:35 3,184,816 a------- c:\program files\ccsetup217.exe
2009-03-11 12:39 1,466,768 a------- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 12:35 569,712 a------- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-03-11 12:32 10,246,088 a------- c:\program files\windows-kb890830-v2.8_92b3edda5109d46a5976767e6d6d27ff92f2af2a.exe
2009-03-01 14:50 9,448,904 a------- c:\program files\windows-kb890830-v2.7.exe
2009-02-10 16:38 9,450,440 a------- c:\program files\windows-kb890830-v2.7_0bb2e9cf3b593bb676838baea7b6a26261214c20.exe
2009-02-10 16:33 498,032 a------- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 16:19 9,006,448 a------- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-28 17:06 242,743,296 a------- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-14 22:49 9,237,440 a------- c:\program files\windows-kb890830-v2.6.exe
2009-01-14 22:31 658,288 a------- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-04 00:38 8,155,851 a------- c:\program files\Photoshop_albumSE_en_us_320.zip
2009-01-02 15:57 1,945,096 ac------ c:\program files\BELARC advisor.exe
2009-01-01 13:54 7,771,584 a------- c:\program files\windows-kb890830-v2.5.exe
2008-12-30 14:08 3,165,824 a------- c:\program files\ccsetup215.exe
2008-12-17 15:04 2,552,176 ac------ c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 15:01 1,861,488 ac------ c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 15:50 9,005,936 a------- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 15:42 639,856 a------- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 15:40 6,483,344 a------- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 15:35 606,064 a------- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 15:29 523,120 a------- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-11 21:03 725,360 a------- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-11 20:58 1,248,808 a------- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-11 20:54 952,840 a------- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-11 20:42 5,687,304 a------- c:\program files\msxml4-KB954430-enu.exe
2008-11-11 20:31 926,760 a------- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-11-11 20:16 7,645,120 a------- c:\program files\windows-kb890830-v2.4_b86ded5d8c14a2fd381f2193dcd5954de8a0748e.exe
2008-10-19 23:21 7,478,208 a------- c:\program files\windows-kb890830-v2.3.exe
2008-10-17 10:04 2,934,168 a------- c:\program files\ccsetup212.exe
2008-10-14 10:48 19,153,264 a------- c:\program files\aaw2008.exe
2008-10-04 12:17 7,281,784 a------- c:\program files\windows-kb890830-v2.2.exe
2008-09-18 23:15 1,014,272 a------- c:\program files\wlsetup-web.exe
2008-09-02 14:07 7,182,968 a------- c:\program files\windows-kb890830-v2.1.exe
2008-06-30 11:11 1,579,008 ac------ c:\program files\MBSASetup-x86-EN.msi
2008-06-23 10:11 2,400,784 a------- c:\program files\WLinstaller.exe
2008-06-18 12:22 2,869,536 a------- c:\program files\spywareblastersetup41.exe
2008-06-09 20:48 47,787,248 a------- c:\program files\avg_free_stf_en_8_100a1295.exe
2008-05-19 14:26 5,154,304 ac------ c:\program files\WindowsDefender may 19 2008.msi
2008-05-19 14:20 8,502,904 a------- c:\program files\Windows-KB890830-V1.41.exe
2008-05-15 13:20 8,502,904 a------- c:\program files\windows-kb890830-v1.41_9602589c6ae9e584f496000ad818c3932589866e.exe
2008-05-07 22:54 331,805,736 a------- c:\program files\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
2008-05-02 11:26 21,031,280 a------- c:\program files\aaw2007 new version 050208.exe
2008-04-25 01:11 1,667 ac------ c:\program files\ez trust.txt
2008-04-25 01:04 8,155,851 a------- c:\program files\Photoshop_albumSE_en_us_320 april 08.zip
2008-04-23 01:48 60,968 ac------ c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2008-04-14 22:21 2,751,368 a------- c:\program files\CCLEANER 041408.exe
2008-04-05 19:45 19,871,600 a------- c:\program files\aaw2007 update 040508.exe
2008-01-14 13:32 6,957,056 ac------ c:\program files\PhotoLibrary.msp
2008-01-12 02:21 21,216,112 a------- c:\program files\aaw2007.exe
2007-06-30 20:54 1,723,233 ac------ c:\program files\s450Win2kXPv162.EXE
2007-05-30 12:01 20,148 ac------ c:\program files\caisslog.txt
2007-05-07 14:48 658 a------- c:\program files\clean_temp.zip
2007-03-20 10:50 34,045 ac------ c:\program files\caavsetupLog.txt
2006-12-29 16:58 15,505,200 ac------ c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-17 22:44 20,036,629 ac------ c:\program files\eppwin300aus.exe
2006-11-25 18:31 379,823 a------- c:\program files\KeyGenerate.zip
2006-11-14 11:28 685,368 -------- c:\program files\windowsxp-kb920213-x86-enu_02cb394147b09e8926b4f8334feeff4b8fa4b33b.exe
2006-11-06 17:49 64,512 ac------ c:\program files\Compatibility_Check.exe
2006-11-05 22:18 1,723,233 ac------ c:\program files\PRINTER 1006.EXE
2006-11-03 11:28 25,752,376 ac------ c:\program files\Windows Media Player 110306.exe
2006-10-27 21:17:00 AC------ 523,576 c:\program files\WindowsXP-KB920670-x86-ENU.exe
2008-05-08 00:05 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-12-02 13:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 22:18:51.07 ===============
-----------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2004 1:12:34 PM
System Uptime: 9/22/2009 9:03:37 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 17.979 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2147: 8/8/2009 3:23:01 PM - System Checkpoint
RP2148: 8/9/2009 3:50:33 PM - System Checkpoint
RP2149: 8/10/2009 10:03:18 AM - Software Distribution Service 3.0
RP2150: 8/11/2009 10:49:06 AM - System Checkpoint
RP2151: 8/12/2009 11:55:05 AM - System Checkpoint
RP2152: 8/13/2009 12:49:02 PM - System Checkpoint
RP2153: 8/13/2009 9:39:46 PM - Software Distribution Service 3.0
RP2154: 8/14/2009 7:43:32 AM - Software Distribution Service 3.0
RP2155: 8/15/2009 8:23:22 AM - System Checkpoint
RP2156: 8/15/2009 2:09:06 PM - Software Distribution Service 3.0
RP2157: 8/15/2009 2:31:54 PM - Software Distribution Service 3.0
RP2158: 8/16/2009 3:09:19 PM - System Checkpoint
RP2159: 8/17/2009 8:09:05 AM - Software Distribution Service 3.0
RP2160: 8/18/2009 8:51:54 AM - System Checkpoint
RP2161: 8/18/2009 9:38:43 AM - Avg8 Update
RP2162: 8/18/2009 9:49:18 AM - Avg8 Update
RP2163: 8/19/2009 11:01:51 AM - System Checkpoint
RP2164: 8/20/2009 10:06:13 AM - Software Distribution Service 3.0
RP2165: 8/21/2009 2:10:31 PM - System Checkpoint
RP2166: 8/22/2009 6:36:37 PM - System Checkpoint
RP2167: 8/23/2009 6:50:38 PM - System Checkpoint
RP2168: 8/24/2009 8:42:22 AM - Software Distribution Service 3.0
RP2169: 8/25/2009 10:36:01 AM - System Checkpoint
RP2170: 8/25/2009 10:59:49 AM - Software Distribution Service 3.0
RP2171: 8/27/2009 8:24:15 AM - Software Distribution Service 3.0
RP2172: 8/28/2009 8:52:50 AM - Software Distribution Service 3.0
RP2173: 8/29/2009 10:50:49 AM - Software Distribution Service 3.0
RP2174: 8/30/2009 12:00:32 PM - System Checkpoint
RP2175: 8/31/2009 9:19:23 AM - Software Distribution Service 3.0
RP2176: 9/1/2009 4:42:56 PM - System Checkpoint
RP2177: 9/2/2009 5:40:52 PM - System Checkpoint
RP2178: 9/3/2009 10:09:48 AM - Software Distribution Service 3.0
RP2179: 9/3/2009 11:14:29 AM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP2180: 9/4/2009 12:06:06 PM - System Checkpoint
RP2181: 9/5/2009 2:42:19 PM - System Checkpoint
RP2182: 9/6/2009 3:22:05 PM - System Checkpoint
RP2183: 9/7/2009 8:11:50 AM - Software Distribution Service 3.0
RP2184: 9/8/2009 9:22:44 AM - System Checkpoint
RP2185: 9/9/2009 7:56:25 AM - Software Distribution Service 3.0
RP2186: 9/10/2009 7:24:22 AM - Software Distribution Service 3.0
RP2187: 9/11/2009 9:32:28 AM - System Checkpoint
RP2188: 9/12/2009 2:02:17 PM - System Checkpoint
RP2189: 9/13/2009 9:50:26 AM - Revo Uninstaller's restore point - Wanderers MP3 Jukebox
RP2190: 9/14/2009 9:50:38 AM - Software Distribution Service 3.0
RP2191: 9/15/2009 10:58:06 AM - System Checkpoint
RP2192: 9/16/2009 11:10:53 AM - System Checkpoint
RP2193: 9/17/2009 9:19:19 AM - Software Distribution Service 3.0
RP2194: 9/18/2009 6:07:57 PM - System Checkpoint
RP2195: 9/19/2009 7:22:24 PM - System Checkpoint
RP2196: 9/20/2009 12:30:18 PM - Revo Uninstaller's restore point - SpyHunter
RP2197: 9/20/2009 12:39:49 PM - Installed SUPERAntiSpyware Free Edition
RP2198: 9/21/2009 3:14:59 PM - Software Distribution Service 3.0
RP2199: 9/22/2009 9:29:02 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Disk Cleaner
Advanced SystemCare 3
ArcSoft PhotoStudio 5.5
AVG Free 8.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner (remove only)
Choice Guard
Contacts
Coupon Printer for Windows
Dell ResourceCD
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Extreme Graphics Driver
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Portable Media Center
RealPlayer
Revo Uninstaller 1.83
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WD Diagnostics
WebFldrs XP
WildBlue Optimizer Ver 2007-07-01
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Beta (all programs)
Windows Live Mail
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XVID Codec Installation

==== Event Viewer Messages From Past Week ========

9/21/2009 3:47:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'BearShare.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/21/2009 3:07:45 PM, error: Print [6161] - The document C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPWMB1XR\hrd_c[1].pdf owned by Owner failed to print on printer Canon S450. Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 179572. Total number of pages in the document: 8. Number of pages printed: 3. Client machine: \\KURTCOMPUTER. Win32 error code returned by the print processor: 122 (0x7a).
9/21/2009 10:28:22 PM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
9/19/2009 12:31:13 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
9/18/2009 9:50:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG8 E-mail Scanner service to connect.
9/18/2009 9:50:40 PM, error: Service Control Manager [7000] - The AVG8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/18/2009 9:49:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Defender service to connect.
9/18/2009 9:49:59 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/18/2009 9:49:59 PM, error: Service Control Manager [7000] - The TICalc service failed to start due to the following error: The system cannot find the file specified.
9/18/2009 9:49:59 PM, error: Service Control Manager [7000] - The SVKP service failed to start due to the following error: The system cannot find the file specified.
9/18/2009 9:49:59 PM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
9/18/2009 10:01:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wscui.cpl. Reference error message: The operation completed successfully. .
9/18/2009 10:01:18 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\wscui.cpl" on line 0.
9/16/2009 12:43:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
9/16/2009 12:43:10 AM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28652
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Belahzur on Wed Sep 23, 2009 3:17 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\Coupons
    c:\program files\CouponPrinter.exe


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Sep 23, 2009 4:28 pm

Hi:

Pasting items as requested.
========= FILES ==========
c:\program files\Coupons\Uninstall moved successfully.
c:\program files\Coupons moved successfully.
c:\program files\CouponPrinter.exe moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09232009_132554


========== FILES ==========
c:\program files\Coupons\Uninstall moved successfully.
c:\program files\Coupons moved successfully.
c:\program files\CouponPrinter.exe moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09232009_132554

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28652
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Belahzur on Wed Sep 23, 2009 7:18 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Thu Sep 24, 2009 5:58 pm

Hi Belahzur: Well I think we got it. The machine is running smooth as can be. Running scans and they come up clean from AVG, Super Spyware, Spy Bot, Spy Blaster, Advanced System Care and Malwarebytes. All clean with the OTM scan now as well. I can not thank you enough. I am sending an email out to all my email buddies to tell them to keep your website on hand to help solve any computer problems they might encounter.

Again many thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28652
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum