need help with possible virus?! [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

need help with possible virus?! [Solved] maybe dr. watson?

#1 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 13 January 2010 - 11:57 AM

Can't load active x conrols or make games work correctly, very frustrating.
I keep getting a dr. warson pop up.
Please help?!

Thank you,
Myriam


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 9:54:30 AM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\davis family\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.50/ttinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9557 bytes

#2 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 06:07 AM

Posted Image

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleanerŧ
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Posted Image
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

#3 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 17 January 2010 - 04:10 PM

Did everything i was instructed to and here is the new log.

:)

Scan saved at 2:07:50 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\davis family\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...8.50/ttinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: RelevantKnowledge - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9213 bytes

#4 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 04:18 PM

I need to see the MBAM scan results.

Also tell me how it's running now.

#5 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 17 January 2010 - 05:47 PM

here is the MB report after I ran the quick scan.
The computer seems to be running as well as usual, but if I try to DL off the internet I get the Dr. Watson Debugger message again.

Database version: 3544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 3:45:53 PM
mbam-log-2010-01-17 (15-45-53).txt

Scan type: Quick Scan
Objects scanned: 110903
Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 05:52 PM

I don't know what's causing that error but we'll try to find out.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs


  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

#7 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

  Posted 17 January 2010 - 06:56 PM

well...I tried to run Combofix and at about section 40 got a blue screen and had to shut the comp down.

#8 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 17 January 2010 - 06:57 PM

sorry...other than that it is still a litle slow and I still can't really download from the
internet.
oh, and I did do the microsoft dl of the recovery stuff. sorry..going a little batty over here!

#9 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 07:05 PM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...r...d&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80228
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80228
O2 - BHO: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: BakuganBay Toolbar - {0bb39a79-cb69-4721-8c1f-81e25aabb621} - C:\Program Files\BakuganBay\tbBak1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O20 - Winlogon Notify: RelevantKnowledge - Invalid registry found

Close ALL windows and browsers except HijackThis and click "Fix checked"

Make sure you disable Avast4

Now try Combofix again.


Combofix will restart the computer when it's finished and show the scan results in notepad.
Please post those results.

#10 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 17 January 2010 - 07:38 PM

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -8:00]
Running from: c:\documents and settings\davis family\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\davis family\Application Data\.#
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\Application Data\alot

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-17 21:50 . 2010-01-17 21:50 388096 ----a-r- c:\documents and settings\davis family\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-16 00:37 . 2010-01-16 01:52 -------- d-----w- c:\program files\Electronic Arts
2010-01-13 21:02 . 2010-01-13 21:02 -------- d-----w- c:\program files\JavaFX
2010-01-13 21:01 . 2010-01-13 21:01 -------- d-----w- c:\program files\Sun
2010-01-13 20:44 . 2010-01-14 16:08 -------- d-----w- c:\program files\Reimage
2010-01-13 20:20 . 2010-01-13 20:20 -------- d-----w- c:\program files\HoverIP
2010-01-13 17:54 . 2010-01-13 17:54 -------- d-----w- c:\program files\Trend Micro
2010-01-13 17:43 . 2010-01-13 17:43 -------- d-----w- c:\program files\TrendMicro
2010-01-13 02:56 . 2010-01-13 02:56 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-13 02:56 . 2010-01-13 02:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-01-13 02:56 . 2010-01-13 02:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BakuganBay
2010-01-13 01:52 . 2010-01-13 01:52 -------- d-----w- c:\documents and settings\davis family\Local Settings\Application Data\Threat Expert
2010-01-12 23:50 . 2010-01-12 23:50 -------- d-----w- c:\program files\CleanUp!
2010-01-12 00:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 00:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 00:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 00:54 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 00:54 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 00:54 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-12 00:54 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-12 00:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-12 00:54 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-12 00:54 . 2010-01-12 00:54 -------- d-----w- c:\program files\Alwil Software
2010-01-12 00:17 . 2010-01-12 00:18 -------- d-----w- c:\program files\ERUNT
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-09 17:45 . 2010-01-12 23:51 -------- d-----w- C:\found.001
2010-01-05 23:58 . 2010-01-05 23:58 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-04 23:13 . 2010-01-04 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-04 20:26 . 2010-01-04 20:26 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2010-01-03 20:44 . 2010-01-03 20:46 -------- d-----w- c:\documents and settings\davis family\Application Data\Virtual City
2010-01-03 20:36 . 2010-01-03 20:36 -------- d-----w- c:\documents and settings\davis family\Application Data\MysteryStudio
2010-01-03 05:13 . 2010-01-03 05:14 -------- d-----w- c:\program files\Virtual City
2010-01-03 05:06 . 2010-01-03 05:06 -------- d-----w- c:\program files\Fashion Assistant
2010-01-03 05:04 . 2010-01-03 05:05 -------- d-----w- c:\program files\Gotcha - Celebrity Secrets
2010-01-02 20:41 . 2010-01-02 20:41 -------- d-----w- c:\documents and settings\davis family\Application Data\Home Sweet Home
2010-01-01 21:41 . 2010-01-01 21:41 -------- d-----w- c:\program files\The Mirror Mysteries
2010-01-01 21:36 . 2010-01-01 21:36 1604302 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F5300T1L1\setup_gF5300T1L1_d740504578_l1_s1.exe
2009-12-26 23:46 . 2009-12-26 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2009-12-26 23:26 . 2009-12-26 23:26 -------- d-----w- c:\documents and settings\davis family\Saved Games
2009-12-26 22:50 . 2009-12-22 00:14 73728 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\zlib1.dll
2009-12-26 22:50 . 2009-12-22 00:14 32768 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\vorbisfile.dll
2009-12-26 22:50 . 2009-12-22 00:14 24576 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\ogg.dll
2009-12-26 22:50 . 2009-12-22 00:14 196608 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\smpeg.dll
2009-12-26 22:50 . 2009-12-22 00:14 1101824 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\vorbis.dll
2009-12-26 22:50 . 2009-12-22 00:14 169443 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\jpeg.dll
2009-12-26 22:50 . 2009-12-22 00:14 114688 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\libpng13.dll
2009-12-26 22:49 . 2009-12-22 00:30 3182592 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\Jojos3.exe
2009-12-26 22:49 . 2009-12-22 00:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\iWinFlash.dll
2009-12-26 22:49 . 2009-12-22 00:14 8421376 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\icudt38.dll
2009-12-26 22:49 . 2009-12-22 00:14 397312 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\FlashPlayerControl.dll
2009-12-26 22:48 . 2009-12-22 00:13 8667136 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\Awesomium.dll
2009-12-26 22:48 . 2009-12-22 00:13 581632 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\game\audiere.dll
2009-12-26 22:48 . 2009-06-12 23:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\pfinstall.dll
2009-12-26 22:48 . 2009-12-22 00:30 1732608 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\Jojos3.exe
2009-12-26 22:48 . 2007-11-21 11:38 161344 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\jojos-fashion-show-3\UNWISE.EXE
2009-12-26 17:08 . 2009-12-26 17:08 47344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 17:59 . 2009-05-18 22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-25 17:59 . 2008-04-17 21:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-25 17:58 . 2009-12-25 17:58 -------- d-----w- c:\program files\iPod
2009-12-25 17:57 . 2009-12-25 17:59 -------- d-----w- c:\program files\iTunes
2009-12-25 17:57 . 2009-12-25 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 17:56 . 2009-12-25 17:56 -------- d-----w- c:\program files\Bonjour
2009-12-25 17:53 . 2009-12-25 17:53 -------- d-----w- c:\documents and settings\davis family\Local Settings\Application Data\Apple
2009-12-25 17:53 . 2009-12-25 17:53 -------- d-----w- c:\program files\Apple Software Update
2009-12-25 17:53 . 2009-08-29 03:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-25 17:53 . 2009-08-29 03:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-25 17:52 . 2009-12-25 17:58 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 17:52 . 2009-12-25 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-22 16:57 . 2009-12-22 16:59 24438056 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-12-21 19:36 . 2009-12-21 19:36 92192 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\IMVUupdater.exe
2009-12-21 19:36 . 2009-12-21 19:36 52992 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\IMVUClient.exe
2009-12-21 19:36 . 2009-12-21 19:36 21760 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\IMVUQualityAgent.exe
2009-12-21 19:33 . 2009-12-21 19:33 121856 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\WriteMiniDump.exe
2009-12-21 19:31 . 2009-12-21 19:31 1222144 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\SceneWindow.dll
2009-12-21 19:31 . 2009-12-21 19:31 45568 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\npvivoxproxy.dll
2009-12-21 19:31 . 2009-12-21 19:31 54784 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2009-12-21 19:31 . 2009-12-21 19:31 16896 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\MemoryHook.dll
2009-12-21 19:30 . 2009-12-21 19:30 320000 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\cal3d.dll
2009-12-21 19:29 . 2009-12-21 19:29 198656 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\boost_python.dll
2009-12-21 19:29 . 2009-12-21 19:29 29184 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\CallStack.dll
2009-12-21 19:29 . 2009-12-21 19:29 260096 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\audiere.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 01:23 . 2009-10-04 14:07 -------- d-----w- c:\program files\BakuganBay
2010-01-18 01:23 . 2009-07-06 23:31 -------- d-----w- c:\program files\DAP
2010-01-18 00:52 . 2009-07-06 23:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-17 01:54 . 2009-07-10 18:44 10718 ----a-w- c:\documents and settings\davis family\Application Data\wklnhst.dat
2010-01-16 01:53 . 2009-07-06 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-16 00:37 . 2009-07-06 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 16:10 . 2009-07-06 18:35 63104 ----a-w- c:\documents and settings\davis family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 20:55 . 2009-07-07 21:33 -------- d-----w- c:\program files\Java
2010-01-12 00:19 . 2009-07-06 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 18:04 . 2009-08-05 22:49 -------- d-----w- c:\documents and settings\davis family\Application Data\LimeWire
2010-01-08 00:07 . 2009-07-06 21:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-07-06 21:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 16:40 . 2009-12-18 17:16 -------- d-----w- c:\documents and settings\davis family\Application Data\IMVU
2010-01-01 23:58 . 2009-12-15 02:30 -------- d-----w- c:\program files\InterActual
2010-01-01 23:56 . 2009-07-06 18:44 -------- d-----w- c:\program files\Google
2010-01-01 22:43 . 2009-07-19 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-01-01 22:42 . 2009-07-17 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-12-27 03:11 . 2009-07-19 04:27 -------- d-----w- c:\documents and settings\davis family\Application Data\PlayFirst
2009-12-27 03:11 . 2009-07-19 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-12-25 18:14 . 2009-10-11 16:30 -------- d-----w- c:\documents and settings\davis family\Application Data\Apple Computer
2009-12-25 17:57 . 2009-10-08 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-25 17:55 . 2009-10-08 20:13 -------- d-----w- c:\program files\QuickTime
2009-12-22 16:59 . 2009-12-18 17:16 76774 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\Uninstall.exe
2009-12-22 16:59 . 2009-12-18 17:16 -------- d-----w- c:\documents and settings\davis family\Application Data\IMVUClient
2009-12-17 18:05 . 2009-12-17 18:05 7491728 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\1VivoxVoice.exe
2009-12-17 18:05 . 2009-12-17 18:05 4924048 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\vivoxsdk.dll
2009-12-17 18:05 . 2009-12-17 18:05 353424 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\npvivoxvoiceplugin.dll
2009-12-17 18:05 . 2009-12-17 18:05 330896 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\libsndfile-1.dll
2009-12-17 18:05 . 2009-12-17 18:05 275088 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\vivoxoal.dll
2009-12-17 18:05 . 2009-12-17 18:05 246416 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ortp.dll
2009-12-17 18:05 . 2009-12-17 18:05 1034896 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\dbghelp.dll
2009-12-15 14:39 . 2009-09-06 16:55 -------- d-----w- c:\program files\Blockland
2009-12-14 17:51 . 2009-12-06 19:56 -------- d-----w- c:\program files\SBC Yahoo!
2009-12-14 17:49 . 2009-10-08 20:10 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-14 17:49 . 2009-10-08 20:10 -------- d-----w- c:\program files\ArcSoft
2009-12-14 17:48 . 2009-10-08 20:11 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-12-14 16:23 . 2009-07-06 23:33 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-12-11 02:19 . 2009-09-14 22:32 1 ----a-w- c:\documents and settings\davis family\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-10 17:37 . 2009-07-07 00:58 -------- d-----w- c:\program files\Mad Scientist Productions
2009-12-07 16:44 . 2009-07-06 17:12 -------- d-----w- c:\program files\RGB
2009-12-04 19:52 . 2009-12-04 19:52 -------- d-----w- c:\documents and settings\davis family\Application Data\Namco
2009-12-04 19:52 . 2009-12-04 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Namco
2009-12-03 17:17 . 2009-12-03 17:17 4096 ----a-w- c:\windows\d3dx.dat
2009-12-03 16:49 . 2009-12-03 16:47 -------- d-----w- c:\documents and settings\davis family\Application Data\Playfirst JanesZOO
2009-12-01 23:58 . 2009-12-01 23:58 7490192 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
2009-12-01 23:58 . 2009-12-01 23:58 5005968 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\vivoxsdk.dll
2009-12-01 23:58 . 2009-12-01 23:58 345744 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\npvivoxvoiceplugin.dll
2009-12-01 23:58 . 2009-12-01 23:58 329872 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\libsndfile-1.dll
2009-12-01 23:58 . 2009-12-01 23:58 283280 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\vivoxoal.dll
2009-12-01 23:58 . 2009-12-01 23:58 246416 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\ortp.dll
2009-12-01 23:58 . 2009-12-01 23:58 184832 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\ssleay32.dll
2009-12-01 23:58 . 2009-12-01 23:58 1034896 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\DbgHelp.dll
2009-12-01 23:58 . 2009-12-01 23:58 1006080 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 1006080 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 184832 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ssleay32.dll
2009-11-28 04:08 . 2009-11-28 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Wrinkle-free Games
2009-11-28 03:04 . 2009-11-28 03:03 -------- d-----w- c:\program files\Paradise Beach
2009-11-28 02:56 . 2009-11-28 02:56 -------- d-----w- c:\program files\Hotel Dash - Suite Success
2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 23:27 . 2009-11-12 23:27 3771296 ----a-w- c:\documents and settings\davis family\Application Data\IMVUClient\ui\plugins\NPSWF32.dll
2009-11-08 15:49 . 2009-10-01 02:24 573440 -c--a-w- c:\documents and settings\All Users\Application Data\Nanovor\Utils\ConsoleDeviceInterface.exe
2009-11-08 15:49 . 2009-08-20 20:43 11497040 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.exe
2009-11-08 15:49 . 2009-08-14 19:48 108 -c--a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.bat
2009-11-08 15:45 . 2009-09-17 23:12 5940864 -c--a-w- c:\documents and settings\All Users\Application Data\Nanovor\evolver.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 22:25 . 2009-10-25 22:25 9158 -c--a-r- c:\documents and settings\davis family\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-10-21 05:38 . 2004-08-10 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^davis family^Start Menu^Programs^Startup^IMVU.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^davis family^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 19:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 21:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 16:12 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-11-03 16:11 2803200 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4800 Series]
2005-02-02 03:00 98304 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-27 21:19 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-02-19 22:23 202064 ----a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-07 21:33 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-06 18:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\bfgclient\\bfggameservices.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/11/2010 4:54 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/11/2010 4:54 PM 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/14/2009 6:30 PM 133104]
S3 cpuz128;cpuz128;\??\c:\docume~1\DAVISF~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\DAVISF~1\LOCALS~1\Temp\cpuz_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 02:30]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 02:30]

2010-01-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-04 16:22]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{D3F37C4D-777B-454D-BE68-24D0A7B22B94}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\davis family\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{0BB39A79-CB69-4721-8C1F-81E25AABB621} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ReimageFTP - c:\program files\Reimage\Reimage Repair\ReiFTPWatchDog.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 17:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,ac,aa,3c,de,fc,9b,4f,a8,61,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,ac,aa,3c,de,fc,9b,4f,a8,61,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-17 17:37:13
ComboFix-quarantined-files.txt 2010-01-18 01:36

Pre-Run: 114,085,036,032 bytes free
Post-Run: 114,095,726,592 bytes free

- - End Of File - - 250B5D3A8433650F5DEBD33C986C4C4D

#11 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 08:02 PM

Click Start > Run and Copy/Paste these commands hitting enter after each one:

sc stop cpuz128 Hit enter.

sc delete cpuz128 Hit enter.


After the above:


Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image



    To be on the safe side, I would also change all my passwords.


    Here's my usual all clean post

    Log looks good :)


    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.

      • Change the Download signed ActiveX controls to Prompt

      • Change the Download unsigned ActiveX controls to Disable

      • Change the Initialize and script ActiveX controls not marked as safe to Disable

      • Change the Installation of desktop items to Prompt

      • Change the Launching programs and files in an IFRAME to Prompt

      • Change the Navigate sub-frames across different domains to Prompt

      • When all these settings have been made, click on the OK button.

      • If it prompts you as to whether or not you want to save the settings, press the Yes button.

    • Next press the Apply button and then the OK to exit the Internet Properties page.


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.


  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.


Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:

#12 natnomom

  • Group: Member
  • Posts: 10
  • Joined: 13-January 10

Posted 17 January 2010 - 08:29 PM

Thank you so much for help with my computer! you guys who do this for everyone ROCK!!!!
:)

#13 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 08:34 PM

You're more then welcome.
Glad we were able to help

Peace be with you

#14 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 17 January 2010 - 08:34 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1