BACKDOOR.BOT

View previous topic View next topic Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Tue Oct 20, 2009 9:53 pm

That would be it. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Tue Oct 20, 2009 11:23 pm

Hi Dragon Master Jay:

Well I was able to complete the SFC/scannow. No problem doing that. I was not asked for the cd.

I removed the SDFix and downloaded again. Still can not go into safe mode and do anything with it. I get all the way to the "Y" and when I attempt to type in "Y" the machine does nothing anymore. I have to turn the machine off to get the cursor or the mouse to even more again.

I am in the process of doing the "Catch Me" part of the SDFix. That scan is going right now. I can post those results if that would help.

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 12:02 am

Hi Dragon Master Jay:

Well the Catch Me sat there and spun its wheels for over one hour with no report and no results. I went to the SDFix page run by Andy Manchestra located here: [You must be registered and logged in to see this link.]

I tried all of the items he suggested to correct the SDFix. In my case I got readings back that said I was set up correctly to run SDFix.

Sadly, no matter what I do I can not run SDFix in Safe Mode. I have tried so many times. What else can I do? Why can I not run this?

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 12:07 am

Hi:

I forgot to add that I ran a Mbam and Super Anti Spyware. Here is the log from Mbam.

Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 5.1.2600 Service Pack 3

9/19/2009 12:26:39 AM
mbam-log-2009-09-19 (00-26-39).txt

Scan type: Quick Scan
Objects scanned: 107918
Time elapsed: 23 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\hwdgqmcw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\vhlyrkv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kri746.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\kri746.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.


Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Wed Oct 21, 2009 12:07 am

Ok. Here is an alternate that will help:

Please download Trojan Remover from one of the following links:



Save the download to your Desktop. Then double-click on the trjsetup file to install it. When installing, make sure to checkmark the box Create Desktop icon. Then, at the end of the setup, please make sure the following checkboxes have a check in them: Check for Updates? and Run Trojan Remover after setup is completed.

Once in the program, an update prompt will appear. Click the Update button at the bottom, let it finish, then click Close. The next popup that appears will tell you to enter license key. Just click the Continue button.

Now you see the main window. Click the Scan button. If you have an antivirus or other security software running, you may get a prompt.
See here to learn how to disable security software temporarily: [You must be registered and logged in to see this link.]
If yours is not on the list, then continue with the program.

When done disabling protection, click the Yes button.

Once done scanning (usually quick), it will provide the following:
A. If infected, it will give more information.
B. No active malicious files were found and no changes were made.

Please let me know of any results in your next reply. If your computer is found to be clean, then it truly has to be.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 1:17 am

Hi Dragon Master Jay:

Well here is the log. I am assuming this is a clean bill of health for my poor computer. I really appreciate all that you have done for me.

Thanks again,
Karen
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email [You must be registered and logged in to see this link.]
[Unregistered version]
Scan started at: 5:47:41 PM 20 Oct 2009
Using Database v7411
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
5:47:41 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hȋdden Services were detected.

************************************************************
5:47:44 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 7/16/2003 1:28 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 7/16/2003 1:49 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 10/20/2009 5:33 PM
Modified: 10/17/2009 8:35 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
5:47:46 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/24/2009 10:41 PM
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
----------

************************************************************
5:47:46 PM: Scanning -----hȋdden REGISTRY ENTRIES-----
Taskdir check completed
----------
No hȋdden File-loading Registry Entries found
----------

************************************************************
5:47:47 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
5:47:47 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
5:47:47 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 7/16/2003 1:30 PM
Modified: 7/16/2003 1:30 PM
Company: Microsoft Corporation
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 5/28/2004 1:03 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------

************************************************************
5:47:48 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg9emc
ImagePath: "C:\Program Files\AVG\AVG9\avgemc.exe"
C:\Program Files\AVG\AVG9\avgemc.exe
906520 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg9wd
ImagePath: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
C:\Program Files\AVG\AVG9\avgwdsvc.exe
285392 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
360584 bytes
Created: 6/9/2008 9:23 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 1/2/2009 4:01 PM
Modified: 3/6/2008 11:51 AM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CoachUsb
ImagePath: system32\DRIVERS\CoachUsb.sys
C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
46944 bytes
Created: 7/26/2008 2:06 PM
Modified: 1/22/2004 12:41 PM
Company: FotoNation Ltd.
----------
Key: CoachVc
ImagePath: system32\DRIVERS\CoachVc.sys
C:\WINDOWS\system32\DRIVERS\CoachVc.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 7/16/2003 1:30 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: MREMPR5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19345 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 7/16/2003 1:40 PM
Modified: 4/14/2008 12:26 AM
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: SABProcEnum
ImagePath: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys
C:\Program Files\Internet Explorer\SABProcEnum.sys - [file not found to scan]
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 9/15/2009 11:42 AM
Modified: 9/15/2009 11:42 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SVKP
ImagePath: \??\C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\SVKP.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{D755A93D-E25D-4DDE-9969-30EC6DFA8F7A}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 7/16/2003 1:27 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
228344 bytes
Created: 6/3/2004 5:23 PM
Modified: 2/17/2004 4:52 PM
Company: Zone Labs Inc.
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 11/3/2006 7:19 PM
Modified: 11/3/2006 7:19 PM
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
38528 bytes
Created: 8/11/2004 1:45 AM
Modified: 10/18/2006 10:00 PM
Company: Microsoft Corporation
----------
Key: zntport
ImagePath: \??\C:\WINDOWS\system32\zntport.sys
C:\WINDOWS\system32\zntport.sys - [file not found to scan]
----------

************************************************************
5:47:53 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 5/31/2004 6:27 PM
Modified: 2/28/2003 4:54 PM
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
5:47:54 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 5/28/2004 3:18 PM
Modified: 10/19/2005 8:59 AM
Company: Intel Corporation
----------

************************************************************
5:47:54 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG9\avgse.dll
C:\Program Files\AVG\AVG9\avgse.dll
109336 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 2/27/2007 12:39 PM
Modified: 2/27/2007 12:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************************
5:47:55 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
5:47:55 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG9\avgssie.dll
C:\Program Files\AVG\AVG9\avgssie.dll
1471768 bytes
Created: 10/17/2009 8:10 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
5:47:55 PM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
5:47:55 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
5:47:55 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
5:47:55 PM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
5:47:56 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
5:47:56 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
1757 bytes
Created: 12/2/2008 2:33 PM
Modified: 12/2/2008 2:33 PM
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 5:53 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
--------------------
Windows Search.lnk - links to C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
123904 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/26/2008 10:19 PM
Company: Microsoft Corporation
--------------------

************************************************************
5:47:57 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Guest
[C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP]
The Startup Group for Guest attempts to load the following file(s):
C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/6/2004 10:03 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: JEFF
[C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP]
The Startup Group for JEFF attempts to load the following file(s):
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Owner
[C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP]
The Startup Group for Owner attempts to load the following file(s):
C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 1:13 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------

************************************************************
5:47:59 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
5:47:59 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
5:47:59 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.iac2
File: iac25_32.ax
C:\WINDOWS\system32\iac25_32.ax
199680 bytes
Created: 11/14/2002 12:58 PM
Modified: 4/14/2008 5:42 AM
Company: Intel Corporation
----------

************************************************************
5:47:59 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hȋdden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\wallpaper.bmp
C:\WINDOWS\wallpaper.bmp
2359350 bytes
Created: 12/12/2006 7:04 PM
Modified: 10/14/2009 9:38 PM
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
231677766 bytes
Created: 6/23/2009 8:49 AM
Modified: 10/14/2009 9:35 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
5:48:00 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 7/16/2003 1:45 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 7/16/2003 1:51 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 7/16/2003 1:44 PM
Modified: 2/6/2009 4:11 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 7/16/2003 1:47 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgchsvx.exe
1055000 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgrsx.exe
502040 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe
702744 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 7/16/2003 1:46 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgemc.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgnsx.exe
600344 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 5/26/2008 10:18 PM
Modified: 5/26/2008 10:18 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created: 5/28/2004 1:01 PM
Modified: 8/6/2009 7:24 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 7/16/2003 1:24 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 8/4/2004 12:56 AM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\cnr2.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------

************************************************************
5:48:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[You must be registered and logged in to see this link.]
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
[You must be registered and logged in to see this link.]
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
[You must be registered and logged in to see this link.]

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:48:07 PM 20 Oct 2009
Total Scan time: 00:00:25
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email [You must be registered and logged in to see this link.]
[Unregistered version]
Scan started at: 5:35:07 PM 20 Oct 2009
Using Database v7411
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
5:35:07 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hȋdden Services were detected.

************************************************************
5:35:11 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 7/16/2003 1:28 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 7/16/2003 1:49 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 10/20/2009 5:33 PM
Modified: 10/17/2009 8:35 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
5:35:13 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/24/2009 10:41 PM
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
----------

************************************************************
5:35:13 PM: Scanning -----hȋdden REGISTRY ENTRIES-----
Taskdir check completed
----------
No hȋdden File-loading Registry Entries found
----------

************************************************************
5:35:14 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
5:35:14 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
5:35:14 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 7/16/2003 1:30 PM
Modified: 7/16/2003 1:30 PM
Company: Microsoft Corporation
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 5/28/2004 1:03 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------

************************************************************
5:35:17 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg9emc
ImagePath: "C:\Program Files\AVG\AVG9\avgemc.exe"
C:\Program Files\AVG\AVG9\avgemc.exe
906520 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg9wd
ImagePath: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
C:\Program Files\AVG\AVG9\avgwdsvc.exe
285392 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
360584 bytes
Created: 6/9/2008 9:23 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 1/2/2009 4:01 PM
Modified: 3/6/2008 11:51 AM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CoachUsb
ImagePath: system32\DRIVERS\CoachUsb.sys
C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
46944 bytes
Created: 7/26/2008 2:06 PM
Modified: 1/22/2004 12:41 PM
Company: FotoNation Ltd.
----------
Key: CoachVc
ImagePath: system32\DRIVERS\CoachVc.sys
C:\WINDOWS\system32\DRIVERS\CoachVc.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 7/16/2003 1:30 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: MREMPR5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19345 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 7/16/2003 1:40 PM
Modified: 4/14/2008 12:26 AM
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: SABProcEnum
ImagePath: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys
C:\Program Files\Internet Explorer\SABProcEnum.sys - [file not found to scan]
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 9/15/2009 11:42 AM
Modified: 9/15/2009 11:42 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SVKP
ImagePath: \??\C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\SVKP.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{D755A93D-E25D-4DDE-9969-30EC6DFA8F7A}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 7/16/2003 1:27 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
228344 bytes
Created: 6/3/2004 5:23 PM
Modified: 2/17/2004 4:52 PM
Company: Zone Labs Inc.
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 11/3/2006 7:19 PM
Modified: 11/3/2006 7:19 PM
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
38528 bytes
Created: 8/11/2004 1:45 AM
Modified: 10/18/2006 10:00 PM
Company: Microsoft Corporation
----------
Key: zntport
ImagePath: \??\C:\WINDOWS\system32\zntport.sys
C:\WINDOWS\system32\zntport.sys - [file not found to scan]
----------

************************************************************
5:35:22 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 5/31/2004 6:27 PM
Modified: 2/28/2003 4:54 PM
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
5:35:23 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 5/28/2004 3:18 PM
Modified: 10/19/2005 8:59 AM
Company: Intel Corporation
----------

************************************************************
5:35:23 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG9\avgse.dll
C:\Program Files\AVG\AVG9\avgse.dll
109336 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 2/27/2007 12:39 PM
Modified: 2/27/2007 12:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************************
5:35:24 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
5:35:24 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG9\avgssie.dll
C:\Program Files\AVG\AVG9\avgssie.dll
1471768 bytes
Created: 10/17/2009 8:10 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
5:35:24 PM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
5:35:24 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
5:35:24 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
5:35:24 PM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
5:35:25 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
5:35:25 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
1757 bytes
Created: 12/2/2008 2:33 PM
Modified: 12/2/2008 2:33 PM
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 5:53 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
--------------------
Windows Search.lnk - links to C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
123904 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/26/2008 10:19 PM
Company: Microsoft Corporation
--------------------

************************************************************
5:35:26 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Guest
[C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP]
The Startup Group for Guest attempts to load the following file(s):
C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/6/2004 10:03 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: JEFF
[C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP]
The Startup Group for JEFF attempts to load the following file(s):
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Owner
[C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP]
The Startup Group for Owner attempts to load the following file(s):
C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 1:13 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------

************************************************************
5:35:28 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
5:35:28 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
5:35:28 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.iac2
File: iac25_32.ax
C:\WINDOWS\system32\iac25_32.ax
199680 bytes
Created: 11/14/2002 12:58 PM
Modified: 4/14/2008 5:42 AM
Company: Intel Corporation
----------

************************************************************
5:35:29 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hȋdden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures - default policy reset
RunInvalidSignatures - default policy reset
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\wallpaper.bmp
C:\WINDOWS\wallpaper.bmp
2359350 bytes
Created: 12/12/2006 7:04 PM
Modified: 10/14/2009 9:38 PM
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
231677766 bytes
Created: 6/23/2009 8:49 AM
Modified: 10/14/2009 9:35 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
5:37:35 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 7/16/2003 1:45 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 7/16/2003 1:51 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 7/16/2003 1:44 PM
Modified: 2/6/2009 4:11 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 7/16/2003 1:47 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgchsvx.exe
1055000 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgrsx.exe
502040 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe
702744 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 7/16/2003 1:46 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 5/26/2008 10:18 PM
Modified: 5/26/2008 10:18 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\AVG\AVG9\avgemc.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgnsx.exe
600344 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 7/16/2003 1:24 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
638816 bytes
Created: 5/28/2004 1:03 PM
Modified: 3/8/2009 2:09 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 8/4/2004 12:56 AM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE - file already scanned
--------------------
C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\kux80.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------

************************************************************
5:37:41 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[You must be registered and logged in to see this link.]
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[You must be registered and logged in to see this link.]
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
[You must be registered and logged in to see this link.]
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
[You must be registered and logged in to see this link.]

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 5:37:41 PM 20 Oct 2009
Total Scan time: 00:02:34
************************************************************

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Wed Oct 21, 2009 1:39 am

I want to check something else:

Please copy the following in to Notepad:

@echo off
cd C:\windows\system32
del ~.exe >> result.txt
exit


then click File > Save as
For Save as Type: All Files
Filename: killthebeast.bat

Save to the desktop.

Then, double-click on the file to run it. It will produce a very small log on the desktop called result.txt. Please let me know what that says. It may not appear. No big deal.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 3:01 am

Hi Dragon Master Jay:

I did as you said. Twice. Both times the result.txt came up empty. Here is the Mbam results log.

Thanks,
Karen

---------------Malwarebytes' Anti-Malware 1.41
Database version: 3001
Windows 5.1.2600 Service Pack 3

10/20/2009 7:47:51 PM
mbam-log-2009-10-20 (19-47-51).txt

Scan type: Quick Scan
Objects scanned: 116692
Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Wed Oct 21, 2009 7:30 am

Go to the following folder and see if this file is in there: ~.exe

C:\windows\system32


If not, then the backdoor bot must be gone!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 6:52 pm

Hi Dragon Master Jay:

Well I pasted what you asked for in the Run area. A large file came up and I went over it twice. The folder was filled with items. Did I look in the right place? The item was not listed there at all. If I am supposed to look someplace else, please tell me how to get there. I want to be certain I am checking correctly and that this thing is gone.

Thanks,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Wed Oct 21, 2009 9:52 pm

Ok. That was correct. The file was not found.

Would you like to know how to prevent malware in the future?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Wed Oct 21, 2009 11:44 pm

Hi Dragon Master Jay:

You bet I would! This experience was just so horrible. I was so worried. I can not thank you enough for being there to help me. Without you I would be in a horrible mess.

What tips can you share with me and others to prevent this from happening again? I thought I was taking care of things on my computer. I thought I had everything covered with all the crap I am running on here. I am currently running AVG, the Mbam, the Spy Bot, Spy Blaster, CCleaner, Baseline Analyzer, Windows Defender, Advanced Disk Cleaner, Advanced System Care, Super Anti Spyware and Microsoft Malicious Remover. Heck, I spend so much time running these programs I hardly have any time to have fun on the computer!

Please share your thoughts and tips. I am feeling better now and not afraid anymore.

Thanks,
Karen Hooray!

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by Dr Jay on Thu Oct 22, 2009 12:18 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: BACKDOOR.BOT

Post by karenor on Thu Oct 22, 2009 1:30 am

Hi Dragon Master Jay:

Those are all wonderful ideas. I can take some of those ideas and improve my situation for sure.

Thank you so much for your assistance. This was very upsetting to me and I am glad that you were available to help me.

Thanks again and take care,
Karen

karenor
Intermediate
Intermediate

Posts Posts : 185
Joined Joined : 2009-09-19
OS OS : xp
Points Points : 28622
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum