GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

View previous topic View next topic Go down

SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Wed Sep 30, 2009 8:16 pm

Hello Again: I recently was infected by the Backdoor. bot and spent some time with one of your experts getting rid of that problem. It has been about three days since I last had contact with you about the Backdoor. bot. My computer is running very, very slow. I suspect that something is still trying to get control of my computer. My computer frequently freezes up and slows down. I never had this problem prior to the Backdoor. bot situation. I am running Windows XP and everything is up to date with the Service Pack #3. I have AVG, Spy Bot, Advanced Disk Cleaner, CCleaner, Baseline Analyzer, Windows Defender, Windows Malicious Removal, Spy Blaster, System Care, Super Antispyware and Malware Bytes. I frequently defrag and clean my disk.

Thanks,
Karen

-----------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:33 PM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: desktop(2).ini (User 'SYSTEM')
O4 - .DEFAULT Startup: desktop(2).ini (User 'Default user')
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 5628 bytes

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by Belahzur on Wed Sep 30, 2009 10:13 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - S-1-5-18 Startup: desktop(2).ini (User 'SYSTEM')
    O4 - .DEFAULT Startup: desktop(2).ini (User 'Default user')
    O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Thu Oct 01, 2009 3:59 am

Hello Belahzur:

Thanks for coming to my rescue again. Here are the results you requested.

Karen

------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2880
Windows 5.1.2600 Service Pack 3

9/30/2009 8:57:10 PM
mbam-log-2009-09-30 (20-57-10).txt

Scan type: Quick Scan
Objects scanned: 109369
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by Belahzur on Thu Oct 01, 2009 10:16 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Thu Oct 01, 2009 7:39 pm

Hi:

Posting as requested.

Thanks,
Karen

------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2004 1:12:34 PM
System Uptime: 10/1/2009 10:03:38 AM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 37 GiB total, 17.24 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2157: 8/15/2009 2:31:54 PM - Software Distribution Service 3.0
RP2158: 8/16/2009 3:09:19 PM - System Checkpoint
RP2159: 8/17/2009 8:09:05 AM - Software Distribution Service 3.0
RP2160: 8/18/2009 8:51:54 AM - System Checkpoint
RP2161: 8/18/2009 9:38:43 AM - Avg8 Update
RP2162: 8/18/2009 9:49:18 AM - Avg8 Update
RP2163: 8/19/2009 11:01:51 AM - System Checkpoint
RP2164: 8/20/2009 10:06:13 AM - Software Distribution Service 3.0
RP2165: 8/21/2009 2:10:31 PM - System Checkpoint
RP2166: 8/22/2009 6:36:37 PM - System Checkpoint
RP2167: 8/23/2009 6:50:38 PM - System Checkpoint
RP2168: 8/24/2009 8:42:22 AM - Software Distribution Service 3.0
RP2169: 8/25/2009 10:36:01 AM - System Checkpoint
RP2170: 8/25/2009 10:59:49 AM - Software Distribution Service 3.0
RP2171: 8/27/2009 8:24:15 AM - Software Distribution Service 3.0
RP2172: 8/28/2009 8:52:50 AM - Software Distribution Service 3.0
RP2173: 8/29/2009 10:50:49 AM - Software Distribution Service 3.0
RP2174: 8/30/2009 12:00:32 PM - System Checkpoint
RP2175: 8/31/2009 9:19:23 AM - Software Distribution Service 3.0
RP2176: 9/1/2009 4:42:56 PM - System Checkpoint
RP2177: 9/2/2009 5:40:52 PM - System Checkpoint
RP2178: 9/3/2009 10:09:48 AM - Software Distribution Service 3.0
RP2179: 9/3/2009 11:14:29 AM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP2180: 9/4/2009 12:06:06 PM - System Checkpoint
RP2181: 9/5/2009 2:42:19 PM - System Checkpoint
RP2182: 9/6/2009 3:22:05 PM - System Checkpoint
RP2183: 9/7/2009 8:11:50 AM - Software Distribution Service 3.0
RP2184: 9/8/2009 9:22:44 AM - System Checkpoint
RP2185: 9/9/2009 7:56:25 AM - Software Distribution Service 3.0
RP2186: 9/10/2009 7:24:22 AM - Software Distribution Service 3.0
RP2187: 9/11/2009 9:32:28 AM - System Checkpoint
RP2188: 9/12/2009 2:02:17 PM - System Checkpoint
RP2189: 9/13/2009 9:50:26 AM - Revo Uninstaller's restore point - Wanderers MP3 Jukebox
RP2190: 9/14/2009 9:50:38 AM - Software Distribution Service 3.0
RP2191: 9/15/2009 10:58:06 AM - System Checkpoint
RP2192: 9/16/2009 11:10:53 AM - System Checkpoint
RP2193: 9/17/2009 9:19:19 AM - Software Distribution Service 3.0
RP2194: 9/18/2009 6:07:57 PM - System Checkpoint
RP2195: 9/19/2009 7:22:24 PM - System Checkpoint
RP2196: 9/20/2009 12:30:18 PM - Revo Uninstaller's restore point - SpyHunter
RP2197: 9/20/2009 12:39:49 PM - Installed SUPERAntiSpyware Free Edition
RP2198: 9/21/2009 3:14:59 PM - Software Distribution Service 3.0
RP2199: 9/22/2009 9:29:02 PM - System Checkpoint
RP2200: 9/24/2009 12:40:50 AM - System Checkpoint
RP2201: 9/24/2009 7:39:08 AM - Software Distribution Service 3.0
RP2202: 9/25/2009 1:11:50 PM - System Checkpoint
RP2203: 9/26/2009 3:07:05 PM - Restore Operation
RP2204: 9/27/2009 1:46:13 AM - Software Distribution Service 3.0
RP2205: 9/28/2009 10:32:29 AM - Software Distribution Service 3.0
RP2206: 9/28/2009 3:16:09 PM - Revo Uninstaller's restore point - ArcSoft PhotoStudio 5.5
RP2207: 9/28/2009 3:17:10 PM - Removed PhotoStudio
RP2208: 9/30/2009 10:20:57 AM - System Checkpoint
RP2209: 10/1/2009 10:23:49 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Disk Cleaner
Advanced SystemCare 3
AVG Free 8.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner (remove only)
Dell ResourceCD
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Extreme Graphics Driver
Junk Mail filter update
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Portable Media Center
RealPlayer
Revo Uninstaller 1.83
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WD Diagnostics
WebFldrs XP
WildBlue Optimizer Ver 2007-07-01
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XVID Codec Installation

==== Event Viewer Messages From Past Week ========

9/30/2009 12:36:55 PM, error: Print [6161] - The document [You must be registered and logged in to see this link.] owned by Owner failed to print on printer Canon S450. Data type: NT EMF 1.008. Size of the spool file in bytes: 44894364. Number of bytes printed: 1714400. Total number of pages in the document: 74. Number of pages printed: 4. Client machine: \\KURTCOMPUTER. Win32 error code returned by the print processor: 122 (0x7a).
9/29/2009 2:10:52 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wscui.cpl. Reference error message: The operation completed successfully. .
9/29/2009 2:10:52 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\system32\wscui.cpl" on line 0.
9/28/2009 2:51:11 PM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
9/27/2009 12:43:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
9/27/2009 12:43:11 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/27/2009 12:43:11 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/26/2009 3:05:34 PM, error: Service Control Manager [7000] - The TICalc service failed to start due to the following error: The system cannot find the file specified.
9/26/2009 3:05:34 PM, error: Service Control Manager [7000] - The SVKP service failed to start due to the following error: The system cannot find the file specified.
9/26/2009 3:05:34 PM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
9/26/2009 2:21:13 PM, error: Print [6161] - The document Adobe Photoshop Album Starter Edition 3.2 owned by Owner failed to print on printer Canon S450. Data type: NT EMF 1.008. Size of the spool file in bytes: 21692416. Number of bytes printed: 21607876. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\KURTCOMPUTER. Win32 error code returned by the print processor: 122 (0x7a).

==== End Of File ===========================


------------------------------------------------------------------------------------------------
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 12:32:37.56 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1368 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
mCustomizeSearch = [You must be registered and logged in to see this link.]
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\verizon online\verizon online control pad\VerizonControlPad.Exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - [You must be registered and logged in to see this link.]
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E}
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - [You must be registered and logged in to see this link.]
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-9 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-9 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 297752]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-6-3 228344]

=============== Created Last 30 ================

2009-09-30 20:28 --d----- c:\program files\Trend Micro
2009-09-29 20:16 3,309,072 a------- c:\program files\ccsetup224.exe
2009-09-27 00:42 --d----- c:\program files\Microsoft
2009-09-27 00:42 --d----- c:\program files\Windows Live SkyDrive
2009-09-20 12:39 --d----- c:\program files\SUPERAntiSpyware
2009-09-20 12:38 --d----- c:\program files\common files\Wise Installation Wizard
2009-09-20 12:38 7,174,176 a------- c:\program files\SUPERAntiSpyware.exe
2009-09-20 12:20 --d----- c:\program files\Enigma Software Group
2009-09-20 12:17 502,168 a------- c:\program files\SpyHunter-Installer.exe
2009-09-19 00:37 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-19 00:37 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-09-19 00:00 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-19 00:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 00:00 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-19 00:00 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 00:00 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-18 23:56 4,045,528 a------- c:\program files\mbam-setup.exe
2009-09-11 22:31 9,008,576 a------- c:\program files\windows-kb890830-v2.14.exe
2009-09-09 07:16 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-27 00:35 1,146,184 a------- c:\program files\wlsetup-web.exe
2009-09-18 22:46 16,409,960 a------- c:\program files\spybotsd162.exe
2009-09-18 22:27 5,154,304 ac------ c:\program files\WindowsDefender.msi
2009-08-29 18:27 3,293,088 a------- c:\program files\ccsetup223.exe
2009-08-18 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-18 09:47 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 13:08 8,798,656 a------- c:\program files\windows-kb890830-v2.13.exe
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-30 16:54 3,278,552 a------- c:\program files\ccsetup222.exe
2009-07-25 11:24 2,052,104 a------- c:\program files\advisor belarc.exe
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-16 16:37 466,944 a------- c:\windows\system32\BSTIEPrintCtl1.dll
2009-07-15 00:12 498,544 a------- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-14 22:58 1,044,856 a------- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-14 22:55 569,208 a------- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-07-14 22:53 1,017,280 a------- c:\program files\windows-kb890830-v2.12-delta_9f511a3dc68bb5afdd38d500fce489be4c2ecf28.exe
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 22:07 3,252,640 a------- c:\program files\ccsetup221.exe
2009-07-02 11:28 7,885,928 a------- c:\program files\asc-setup.exe
2009-06-10 14:30 3,247,736 ac------ c:\program files\ccsetup220.exe
2009-06-04 21:01 9,234,289 a------- c:\program files\7100.exe
2009-06-04 14:16 14,243,328 ac------ c:\program files\DM510.32.4071221.EN.msi
2009-05-18 22:53 3,227,248 a------- c:\program files\ccsetup219.exe
2009-05-15 06:56 1,079,272 a------- c:\program files\revosetup.exe
2009-05-04 13:08 1,146,368 ac------ c:\program files\advanced_disk_cleaner.msi
2009-04-28 14:56 16,883,056 a------- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-10 10:44 3,012,768 ac------ c:\program files\spywareblastersetup42.exe
2009-04-06 11:13 10,246,088 a------- c:\program files\windows-kb890830-v2.8.exe
2009-03-31 20:21 5,046 ac------ c:\program files\ReadMe.txt
2009-03-31 20:21 33,792 a------- c:\program files\regini.exe
2009-03-31 20:21 224 ac------ c:\program files\fix.bat
2009-03-31 20:21 2,289 ac------ c:\program files\Damage Fix Tool disclaimer.txt
2009-03-28 21:26 3,190,688 a------- c:\program files\ccsetup218.exe
2009-03-14 20:35 3,184,816 a------- c:\program files\ccsetup217.exe
2009-03-11 12:39 1,466,768 a------- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 12:35 569,712 a------- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-03-11 12:32 10,246,088 a------- c:\program files\windows-kb890830-v2.8_92b3edda5109d46a5976767e6d6d27ff92f2af2a.exe
2009-03-01 14:50 9,448,904 a------- c:\program files\windows-kb890830-v2.7.exe
2009-02-10 16:38 9,450,440 a------- c:\program files\windows-kb890830-v2.7_0bb2e9cf3b593bb676838baea7b6a26261214c20.exe
2009-02-10 16:33 498,032 a------- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 16:19 9,006,448 a------- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-28 17:06 242,743,296 a------- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-14 22:49 9,237,440 a------- c:\program files\windows-kb890830-v2.6.exe
2009-01-14 22:31 658,288 a------- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-04 00:38 8,155,851 a------- c:\program files\Photoshop_albumSE_en_us_320.zip
2009-01-02 15:57 1,945,096 ac------ c:\program files\BELARC advisor.exe
2009-01-01 13:54 7,771,584 a------- c:\program files\windows-kb890830-v2.5.exe
2008-12-30 14:08 3,165,824 a------- c:\program files\ccsetup215.exe
2008-12-17 15:04 2,552,176 ac------ c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 15:01 1,861,488 ac------ c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 15:50 9,005,936 a------- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 15:42 639,856 a------- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 15:40 6,483,344 a------- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 15:35 606,064 a------- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 15:29 523,120 a------- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-11 21:03 725,360 a------- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-11 20:58 1,248,808 a------- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-11 20:54 952,840 a------- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-11 20:42 5,687,304 a------- c:\program files\msxml4-KB954430-enu.exe
2008-11-11 20:31 926,760 a------- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-11-11 20:16 7,645,120 a------- c:\program files\windows-kb890830-v2.4_b86ded5d8c14a2fd381f2193dcd5954de8a0748e.exe
2008-10-19 23:21 7,478,208 a------- c:\program files\windows-kb890830-v2.3.exe
2008-10-17 10:04 2,934,168 a------- c:\program files\ccsetup212.exe
2008-10-14 10:48 19,153,264 a------- c:\program files\aaw2008.exe
2008-10-04 12:17 7,281,784 a------- c:\program files\windows-kb890830-v2.2.exe
2008-09-02 14:07 7,182,968 a------- c:\program files\windows-kb890830-v2.1.exe
2008-06-30 11:11 1,579,008 ac------ c:\program files\MBSASetup-x86-EN.msi
2008-06-23 10:11 2,400,784 a------- c:\program files\WLinstaller.exe
2008-06-18 12:22 2,869,536 a------- c:\program files\spywareblastersetup41.exe
2008-06-09 20:48 47,787,248 a------- c:\program files\avg_free_stf_en_8_100a1295.exe
2008-05-19 14:26 5,154,304 ac------ c:\program files\WindowsDefender may 19 2008.msi
2008-05-19 14:20 8,502,904 a------- c:\program files\Windows-KB890830-V1.41.exe
2008-05-15 13:20 8,502,904 a------- c:\program files\windows-kb890830-v1.41_9602589c6ae9e584f496000ad818c3932589866e.exe
2008-05-07 22:54 331,805,736 a------- c:\program files\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
2008-05-02 11:26 21,031,280 a------- c:\program files\aaw2007 new version 050208.exe
2008-04-25 01:11 1,667 ac------ c:\program files\ez trust.txt
2008-04-25 01:04 8,155,851 a------- c:\program files\Photoshop_albumSE_en_us_320 april 08.zip
2008-04-23 01:48 60,968 ac------ c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2008-04-14 22:21 2,751,368 a------- c:\program files\CCLEANER 041408.exe
2008-04-05 19:45 19,871,600 a------- c:\program files\aaw2007 update 040508.exe
2008-01-14 13:32 6,957,056 ac------ c:\program files\PhotoLibrary.msp
2008-01-12 02:21 21,216,112 a------- c:\program files\aaw2007.exe
2007-06-30 20:54 1,723,233 ac------ c:\program files\s450Win2kXPv162.EXE
2007-05-30 12:01 20,148 ac------ c:\program files\caisslog.txt
2007-05-07 14:48 658 a------- c:\program files\clean_temp.zip
2007-03-20 10:50 34,045 ac------ c:\program files\caavsetupLog.txt
2006-12-29 16:58 15,505,200 ac------ c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-17 22:44 20,036,629 ac------ c:\program files\eppwin300aus.exe
2006-11-25 18:31 379,823 a------- c:\program files\KeyGenerate.zip
2006-11-14 11:28 685,368 -------- c:\program files\windowsxp-kb920213-x86-enu_02cb394147b09e8926b4f8334feeff4b8fa4b33b.exe
2006-11-06 17:49 64,512 ac------ c:\program files\Compatibility_Check.exe
2006-11-05 22:18 1,723,233 ac------ c:\program files\PRINTER 1006.EXE
2006-11-03 11:28 25,752,376 ac------ c:\program files\Windows Media Player 110306.exe
2006-10-27 21:17 523,576 ac------ c:\program files\WindowsXP-KB920670-x86-ENU.exe
2006-10-27 21:16 4,479,288 ac------ c:\program files\WindowsXP-KB921398-x86-ENU.exe
2006-10-27 21:14 607,544 ac------ c:\program files\WindowsXP-KB920683-x86-ENU.exe
2006-10-27 21:13 701,752 ac------ c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-10-27 17:46 3,355,933 ac------ c:\program files\PP_SP702.exe
2006-10-27 10:19 681,784 ac------ c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
2006-10-27 09:55:56 AC------ 5,182,976 c:\program files\OCT 06 WindowsDefender.msi
2008-05-08 00:05 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-12-02 13:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 12:34:39.00 ===============

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by Belahzur on Thu Oct 01, 2009 9:59 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 7

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Fri Oct 02, 2009 4:30 am

Hi Belahzur:

I am sorry, but I could not find Java(TM) 6 Update 7. I checked in the Control Panel area. I also have REVO Uninstaller. It was not listed there either. Finally, I did a search for it on the computer and nothing came up? Do you want me to check another area? The computer seems to be running better than before. There is not as much "sticking" or freezing going on at this time. What shall I do about not finding the Java(TM) 6 Update 7?

Thanks,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by Belahzur on Sat Oct 03, 2009 4:56 pm

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Sat Oct 03, 2009 10:44 pm

Hi:

All set. Here is the log file.
------------------------------------------------------------------------------------------------
JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Oct 03 15:42:45 2009

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by Belahzur on Sat Oct 03, 2009 11:43 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: SLOWED BY VIRUS OR MALWARE...BACKDOOR BOT ?

Post by karenor on Sun Oct 04, 2009 10:01 pm

Hello Belahzur:

Thanks for your help. I think the machine is running fine now. I appreciate everything you did for me. I am so glad that you were available to help me with this.

Take care,
Karen

karenor
Intermediate
Intermediate

Status :
Online
Offline

Posts : 185
Joined : 2009-09-19
OS : xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum