Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Unable to execute Malwarebytes and RootRepeal


  • This topic is locked This topic is locked
14 replies to this topic

#1 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 24 October 2009 - 09:39 PM

Hello, I am encountering problems with trying to execute Malwarebytes - response returned is "Windows is searching for mbam.exe. To locate the file yourself, click browse." I was able to run DDS and received the following log file: DDS (Ver_09-06-26.01) - NTFSx86 Run by Mike at 23:25:53.78 on Sat 10/24/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.479 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mike\My Documents\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {CCF68728-09A1-489D-91D8-50D6641CA80C} - No File TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [gufawayez] Rundll32.exe "c:\windows\system32\lewemuku.dll",a dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [RunNarrator] Narrator.exe IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: ljJBqoOG - ljJBqoOG.dll AppInit_DLLs: ceipzq.dll avgrsstx.dll c:\windows\system32\zehigipu.dll c:\windows\system32\hewurogo.dll wevozahe.dll c:\windows\system32\lewemuku.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: wisefazaj - {801b19e2-fcf9-4bbe-8f0a-66911314da51} - c:\windows\system32\lewemuku.dll STS: gahurihor: {801b19e2-fcf9-4bbe-8f0a-66911314da51} - c:\windows\system32\lewemuku.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\byXNGYRi LSA: Notification Packages = scecli nufezugo.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\b23vpdka.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\b23vpdka.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-2 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-2 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-2 108552] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-23 207656] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-18 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-23 297752] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-11-17 1373480] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-6 24652] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 TivoBeacon2;TiVo Beacon;"c:\program files\common files\tivo shared\beacon\tivobeacon.exe" /service --> c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [?] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-24 38224] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-23 79240] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-23 35240] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-23 34152] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-23 40488] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?] =============== Created Last 30 ================ 2009-10-24 20:39 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 20:39 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-24 20:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TiVo 2009-10-03 08:07 195,440 -------- c:\windows\system32\MpSigStub.exe ==================== Find3M ==================== 2009-09-15 23:02 62,960 a---h--- c:\windows\system32\mlfcache.dat 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:36 832,512 a------- c:\windows\system32\wininet.dll 2009-08-29 03:36 78,336 a------- c:\windows\system32\ieencode.dll 2009-08-29 03:36 17,408 -------- c:\windows\system32\corpol.dll 2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-18 16:33 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2008-04-25 07:06 6,039,048 a------- c:\program files\Firefox Setup 2.0.0.14.exe 2009-07-24 16:58 38,912 a--sh--- c:\windows\system32\bojikubu.dll 2008-12-19 22:59 876,835 a--sh--- c:\windows\system32\iRYGNXyb.ini2 2009-07-24 16:58 90,112 a--sh--- c:\windows\system32\lewemuku.dll 2009-07-24 16:52 51,200 a--sh--- c:\windows\system32\nufezugo.dll 2009-07-24 16:52 51,200 a--sh--- c:\windows\system32\tujoyisa.dll 2009-07-24 16:52 51,200 a--sh--- c:\windows\system32\wevozahe.dll 2009-04-01 07:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat ============= FINISH: 23:28:08.32 =============== Also see attached file requested. I was able to download RootRepeal but the PC is freezing each time I attempt to open the install file. Any help is greatly appreciated. Thank You, Mike

Attached Files


    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 October 2009 - 05:42 AM

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Double click on the ABCD.exe ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 October 2009 - 07:27 AM

ComboFix 09-10-24.01 - Mike 10/25/2009 8:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.646 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ABCD.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sarah\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\kb913800.exe
c:\windows\system32\_000047_.tmp.dll
c:\windows\system32\akuresil.ini
c:\windows\system32\bojikubu.dll
c:\windows\system32\ekuyevuk.ini
c:\windows\system32\erejelus.ini
c:\windows\system32\fwdcbplw.ini
c:\windows\system32\gebojele.dll
c:\windows\system32\ijiveruj.ini
c:\windows\system32\ilayopaw.ini
c:\windows\system32\iravewid.ini
c:\windows\system32\iRYGNXyb.ini
c:\windows\system32\iRYGNXyb.ini2
c:\windows\system32\itizuhar.ini
c:\windows\system32\ivogaluz.ini
c:\windows\system32\ivowesuk.ini
c:\windows\system32\iwsnhggp.ini
c:\windows\system32\izopebit.ini
c:\windows\system32\laraguji.dll
c:\windows\system32\lewemuku.dll
c:\windows\system32\mgihwunc.ini
c:\windows\system32\odotakis.ini
c:\windows\system32\ogirazop.ini
c:\windows\system32\okuyupif.ini
c:\windows\system32\oletedud.ini
c:\windows\system32\oyvmqmjq.ini
c:\windows\system32\pcqypbib.ini
c:\windows\system32\pgqdxuvo.ini
c:\windows\system32\rtluosru.ini
c:\windows\system32\tifakapu.dll
c:\windows\system32\ufufukot.ini
c:\windows\system32\ukigufif.ini
c:\windows\system32\ukihozuy.ini
c:\windows\system32\unajabon.ini
c:\windows\system32\utebasay.ini
c:\windows\system32\uvebobun.ini
c:\windows\system32\uwijuvoz.ini
c:\windows\Tasks\hjeictbi.job
c:\windows\Tasks\ltgexqmc.job
c:\windows\Tasks\mipimdgh.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 01:05 . 2009-10-25 01:05 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:39 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 00:39 . 2009-10-25 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 00:39 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 00:27 . 2009-10-25 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TiVo
2009-10-22 18:37 . 2009-10-22 18:37 -------- d-----w- c:\documents and settings\Amy\Application Data\Malwarebytes
2009-10-15 10:48 . 2009-10-15 10:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-10-06 03:44 . 2009-10-10 02:22 -------- d-----w- c:\documents and settings\Mike\Application Data\Winamp
2009-10-03 12:07 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 01:40 . 2008-11-19 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-10-25 00:34 . 2008-11-18 11:52 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2009-10-25 00:27 . 2008-12-16 03:16 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-10-24 03:02 . 2009-03-08 00:07 -------- d-----w- c:\documents and settings\Amy\Application Data\DNA
2009-10-23 18:53 . 2009-04-01 19:28 -------- d-----w- c:\program files\DNA
2009-10-23 18:52 . 2008-11-18 01:11 -------- d-----w- c:\documents and settings\Amy\Application Data\WTablet
2009-10-21 04:14 . 2008-08-23 20:08 -------- d-----w- c:\program files\Common Files\Real
2009-10-21 04:14 . 2008-08-23 20:07 -------- d-----w- c:\program files\Real
2009-10-21 03:01 . 2009-05-06 01:24 -------- d-----w- c:\documents and settings\Mike\Application Data\mIRC
2009-10-21 02:05 . 2009-05-06 01:24 -------- d-----w- c:\program files\mIRC
2009-10-14 01:06 . 2009-09-03 15:18 -------- d-----w- c:\documents and settings\Amy\Application Data\FrostWire
2009-10-06 03:45 . 2009-09-05 02:59 -------- d-----w- c:\program files\Winamp
2009-10-06 02:43 . 2008-05-16 23:22 -------- d-----w- c:\program files\Yahoo!
2009-10-04 19:53 . 2008-04-26 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-24 20:33 . 2009-09-24 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Winamp
2009-09-23 18:02 . 2009-04-18 12:14 -------- d-----w- c:\program files\iTunes
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- c:\program files\iPod
2009-09-23 18:01 . 2008-04-26 20:20 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 04:13 . 2009-09-22 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 02:55 . 2009-05-01 02:15 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-09-16 03:02 . 2009-09-16 03:02 62960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-14 01:25 . 2009-09-14 01:20 -------- d-----w- c:\documents and settings\Mike\Application Data\Download Manager
2009-09-13 18:01 . 2008-04-29 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Apple Computer
2009-09-12 19:13 . 2009-09-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:09 . 2009-06-04 03:56 -------- d-----w- c:\program files\QuickTime
2009-09-12 15:19 . 2009-09-12 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\eMusic
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:45 . 2008-05-06 10:21 -------- d-----w- c:\program files\AIM6
2009-09-04 00:44 . 2008-11-19 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-09-03 15:18 . 2009-09-03 15:16 -------- d-----w- c:\program files\FrostWire
2009-09-03 15:17 . 2008-04-25 21:15 -------- d-----w- c:\program files\LimeWire
2009-09-03 00:09 . 2008-10-05 23:58 -------- d-----w- c:\documents and settings\Amy\Application Data\LimeWire
2009-09-01 22:46 . 2008-04-25 00:18 86400 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 19:59 . 2009-08-30 19:59 -------- d-----w- c:\program files\Coupons
2009-08-29 07:36 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-04-18 12:10 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-04-26 20:20 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 12:50 . 2008-04-23 19:04 86400 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:33 . 2009-01-02 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 20:33 . 2009-01-02 16:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 20:33 . 2009-01-02 16:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 13:16 . 2009-05-03 20:23 86400 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 04:54 . 2009-08-11 04:54 127 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\fusioncache.dat
2009-08-06 23:24 . 2008-04-23 16:50 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-23 16:50 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-04-23 16:50 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-30 23:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-23 16:50 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-23 16:50 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-26 13:39 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2008-04-26 13:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-23 16:50 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-04-25 11:06 . 2008-04-25 11:06 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2008-12-26 20:36 . 2008-12-26 20:35 1254052 --sh--w- c:\windows\system32\erejelus.tmp
2008-12-27 14:32 . 2008-12-27 14:32 120 --sh--w- c:\windows\system32\iravewid.tmp
2009-07-25 11:29 . 2009-07-25 11:29 51712 --sha-w- c:\windows\system32\pulovuwi.dll
2009-07-25 11:29 . 2009-07-25 11:29 89600 --sha-w- c:\windows\system32\wonupago.dll
2009-07-25 11:29 . 2009-07-25 11:29 51712 --sha-w- c:\windows\system32\yeyozoda.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbb54b73-bca3-4b1c-938a-9a7f62fee27f}]
2009-07-25 11:29 51712 --sha-w- c:\windows\system32\yeyozoda.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"gufawayez"="c:\windows\system32\wonupago.dll" [2009-07-25 89600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{47ccbfb6-df94-4364-aeb9-a18354313698}"= "c:\windows\system32\wonupago.dll" [2009-07-25 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wijufidab"= {47ccbfb6-df94-4364-aeb9-a18354313698} - c:\windows\system32\wonupago.dll [2009-07-25 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 20:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Amy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Amy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\PhotoshopElementsFileAgent.exe"=
"c:\\WINDOWS\\system32\\PSIService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\WTablet\\Pen_TabletUser.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\eMusic Download Manager\\xulrunner\\xulrunner.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 12:37 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 12:37 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/18/2009 4:33 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/23/2009 3:23 PM 297752]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/17/2008 6:34 PM 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/6/2008 6:22 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 TivoBeacon2;TiVo Beacon;"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service --> c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/24/2009 8:39 PM 38224]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{CCF68728-09A1-489D-91D8-50D6641CA80C} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-guyovuhoki - gebojele.dll
SharedTaskScheduler-{2b7630b8-f0ff-4fb7-8268-60e38cb6c4e5} - c:\windows\system32\lewemuku.dll
SSODL-lojarimar-{2b7630b8-f0ff-4fb7-8268-60e38cb6c4e5} - c:\windows\system32\lewemuku.dll
Notify-ljJBqoOG - ljJBqoOG.dll
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 09:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2752)
c:\windows\system32\WININET.dll
c:\windows\system32\wonupago.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\abcd\CF23018.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\abcd\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 9:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 13:09

Pre-Run: 1,341,165,568 bytes free
Post-Run: 6,241,910,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 034D6F4443B0C2796B0A50114F4E6D6E

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 October 2009 - 01:20 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::
c:\windows\system32\erejelus.tmp
c:\windows\system32\iravewid.tmp
c:\windows\system32\yeyozoda.dll
c:\windows\system32\wonupago.dll

Folder::
c:\program files\Viewpoint
c:\program files\Bonjour

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbb54b73-bca3-4b1c-938a-9a7f62fee27f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gufawayez"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{47ccbfb6-df94-4364-aeb9-a18354313698}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wijufidab"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ABCD.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 October 2009 - 02:23 PM

ComboFix 09-10-24.01 - Mike 10/25/2009 15:36.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.529 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ABCD.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\erejelus.tmp"
"c:\windows\system32\iravewid.tmp"
"c:\windows\system32\wonupago.dll"
"c:\windows\system32\yeyozoda.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Bonjour
c:\program files\Bonjour\About Bonjour.rtf
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\system32\erejelus.tmp
c:\windows\system32\iravewid.tmp
c:\windows\system32\wonupago.dll
c:\windows\system32\yeyozoda.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 01:05 . 2009-10-25 01:05 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:39 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 00:39 . 2009-10-25 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 00:39 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 00:27 . 2009-10-25 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TiVo
2009-10-22 18:37 . 2009-10-22 18:37 -------- d-----w- c:\documents and settings\Amy\Application Data\Malwarebytes
2009-10-15 10:48 . 2009-10-15 10:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-10-06 03:44 . 2009-10-10 02:22 -------- d-----w- c:\documents and settings\Mike\Application Data\Winamp
2009-10-03 12:07 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 19:54 . 2008-11-19 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-10-25 18:03 . 2008-11-18 01:11 -------- d-----w- c:\documents and settings\Amy\Application Data\WTablet
2009-10-25 18:02 . 2009-03-08 00:07 -------- d-----w- c:\documents and settings\Amy\Application Data\DNA
2009-10-25 15:37 . 2009-04-01 19:28 -------- d-----w- c:\program files\DNA
2009-10-25 00:34 . 2008-11-18 11:52 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2009-10-25 00:27 . 2008-12-16 03:16 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-10-21 04:14 . 2008-08-23 20:08 -------- d-----w- c:\program files\Common Files\Real
2009-10-21 04:14 . 2008-08-23 20:07 -------- d-----w- c:\program files\Real
2009-10-21 03:01 . 2009-05-06 01:24 -------- d-----w- c:\documents and settings\Mike\Application Data\mIRC
2009-10-21 02:05 . 2009-05-06 01:24 -------- d-----w- c:\program files\mIRC
2009-10-14 01:06 . 2009-09-03 15:18 -------- d-----w- c:\documents and settings\Amy\Application Data\FrostWire
2009-10-06 03:45 . 2009-09-05 02:59 -------- d-----w- c:\program files\Winamp
2009-10-06 02:43 . 2008-05-16 23:22 -------- d-----w- c:\program files\Yahoo!
2009-10-04 19:53 . 2008-04-26 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-24 20:33 . 2009-09-24 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Winamp
2009-09-23 18:02 . 2009-04-18 12:14 -------- d-----w- c:\program files\iTunes
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- c:\program files\iPod
2009-09-23 18:01 . 2008-04-26 20:20 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 04:13 . 2009-09-22 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 02:55 . 2009-05-01 02:15 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-09-16 03:02 . 2009-09-16 03:02 62960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-14 01:25 . 2009-09-14 01:20 -------- d-----w- c:\documents and settings\Mike\Application Data\Download Manager
2009-09-13 18:01 . 2008-04-29 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Apple Computer
2009-09-12 19:13 . 2009-09-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:09 . 2009-06-04 03:56 -------- d-----w- c:\program files\QuickTime
2009-09-12 15:19 . 2009-09-12 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\eMusic
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:45 . 2008-05-06 10:21 -------- d-----w- c:\program files\AIM6
2009-09-04 00:44 . 2008-11-19 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-09-03 15:18 . 2009-09-03 15:16 -------- d-----w- c:\program files\FrostWire
2009-09-03 15:17 . 2008-04-25 21:15 -------- d-----w- c:\program files\LimeWire
2009-09-03 00:09 . 2008-10-05 23:58 -------- d-----w- c:\documents and settings\Amy\Application Data\LimeWire
2009-09-01 22:46 . 2008-04-25 00:18 86400 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 19:59 . 2009-08-30 19:59 -------- d-----w- c:\program files\Coupons
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-04-18 12:10 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-04-26 20:20 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 12:50 . 2008-04-23 19:04 86400 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:33 . 2009-01-02 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 20:33 . 2009-01-02 16:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 20:33 . 2009-01-02 16:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 13:16 . 2009-05-03 20:23 86400 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 04:54 . 2009-08-11 04:54 127 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\fusioncache.dat
2009-08-06 23:24 . 2008-04-23 16:50 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-23 16:50 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-04-23 16:50 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-30 23:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-23 16:50 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-23 16:50 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-26 13:39 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2008-04-26 13:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-23 16:50 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-04-25 11:06 . 2008-04-25 11:06 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2009-07-25 11:29 . 2009-07-25 11:29 51712 --sha-w- c:\windows\system32\pulovuwi.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-25_13.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-23 17:01 . 2009-10-25 13:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-23 17:01 . 2009-10-25 11:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 17:01 . 2009-10-25 13:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-23 17:01 . 2009-10-25 11:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-23 17:01 . 2009-10-25 13:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-23 17:01 . 2009-10-25 11:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 20:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Amy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Amy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\PhotoshopElementsFileAgent.exe"=
"c:\\WINDOWS\\system32\\PSIService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\WTablet\\Pen_TabletUser.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\eMusic Download Manager\\xulrunner\\xulrunner.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 12:37 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 12:37 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/18/2009 4:33 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/23/2009 3:23 PM 297752]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/17/2008 6:34 PM 1373480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 TivoBeacon2;TiVo Beacon;"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service --> c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/24/2009 8:39 PM 38224]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 15:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\abcd\CF23387.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\abcd\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 20:02
ComboFix2.txt 2009-10-25 13:09

Pre-Run: 6,276,538,368 bytes free
Post-Run: 6,264,070,144 bytes free

- - End Of File - - 1EF01A4FE1159C9120CB7AB4FF58F088

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:30 PM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/w...first-run-tlbrf
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 7824 bytes

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 October 2009 - 02:59 PM

Please download ad13's win32ksys to your desktop
  • Double click to run it
  • A black window will appear, let this run
  • On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.


Click Start -> Run.
Type notepad and press Enter.
Copy / paste all the text below into Notepad.

dir C:\WINDOWS\eventlog.dll /a h /s > file.txt


Save this as find_file.bat to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click find_file.bat and wait for the dos window to close and file.txt will appear on the desktop.

Post back with contents of both files (Win32kDiag.txt + file.txt).

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 October 2009 - 03:17 PM

Running from: C:\Documents and Settings\Mike\My Documents\Downloads\Win32kDiag.exe Log file at : C:\Documents and Settings\Mike\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! Volume in drive C is C_Drive Volume Serial Number is 4014-7C6F Directory of C:\WINDOWS\$NtServicePackUninstall$ 08/10/2004 07:00 AM 55,808 eventlog.dll 1 File(s) 55,808 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:11 PM 56,320 eventlog.dll 1 File(s) 56,320 bytes

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 25 October 2009 - 03:21 PM

Click Start -> Run.
Type notepad and press Enter.
Copy / paste all the text below into Notepad.

copy C:\windows\ServicePackFiles\i386\eventlog.dll C:\ /y


Save this as fix.bat to your Desktop. Remember to select Save as file type: All files in Notepad.
Double Click fix.bat. A black window will open and then disappear this is normal.


Next:
Do a new Combofix scan and post the results

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 October 2009 - 08:31 PM

ComboFix 09-10-25.02 - Mike 10/25/2009 22:15.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ABCD.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :P
.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 02:03 . 2009-10-26 02:07 -------- d-----w- C:\ABCD
2009-10-26 02:00 . 2008-04-14 00:11 56320 ----a-w- C:\eventlog.dll
2009-10-25 20:18 . 2009-10-25 20:18 -------- d-----w- c:\program files\Trend Micro
2009-10-25 01:05 . 2009-10-25 01:05 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:39 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 00:39 . 2009-10-25 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 00:39 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 00:27 . 2009-10-25 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TiVo
2009-10-22 18:37 . 2009-10-22 18:37 -------- d-----w- c:\documents and settings\Amy\Application Data\Malwarebytes
2009-10-15 10:48 . 2009-10-15 10:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-10-06 03:44 . 2009-10-10 02:22 -------- d-----w- c:\documents and settings\Mike\Application Data\Winamp
2009-10-03 12:07 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 02:14 . 2008-11-19 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-10-26 01:42 . 2009-03-08 00:07 -------- d-----w- c:\documents and settings\Amy\Application Data\DNA
2009-10-25 23:38 . 2009-04-01 19:28 -------- d-----w- c:\program files\DNA
2009-10-25 23:38 . 2008-11-18 01:11 -------- d-----w- c:\documents and settings\Amy\Application Data\WTablet
2009-10-25 21:08 . 2008-11-18 11:52 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2009-10-25 00:27 . 2008-12-16 03:16 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-10-21 04:14 . 2008-08-23 20:08 -------- d-----w- c:\program files\Common Files\Real
2009-10-21 04:14 . 2008-08-23 20:07 -------- d-----w- c:\program files\Real
2009-10-21 03:01 . 2009-05-06 01:24 -------- d-----w- c:\documents and settings\Mike\Application Data\mIRC
2009-10-21 02:05 . 2009-05-06 01:24 -------- d-----w- c:\program files\mIRC
2009-10-14 01:06 . 2009-09-03 15:18 -------- d-----w- c:\documents and settings\Amy\Application Data\FrostWire
2009-10-06 03:45 . 2009-09-05 02:59 -------- d-----w- c:\program files\Winamp
2009-10-06 02:43 . 2008-05-16 23:22 -------- d-----w- c:\program files\Yahoo!
2009-10-04 19:53 . 2008-04-26 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-24 20:33 . 2009-09-24 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Winamp
2009-09-23 18:02 . 2009-04-18 12:14 -------- d-----w- c:\program files\iTunes
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- c:\program files\iPod
2009-09-23 18:01 . 2008-04-26 20:20 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 04:13 . 2009-09-22 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 02:55 . 2009-05-01 02:15 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-09-16 03:02 . 2009-09-16 03:02 62960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-14 01:25 . 2009-09-14 01:20 -------- d-----w- c:\documents and settings\Mike\Application Data\Download Manager
2009-09-13 18:01 . 2008-04-29 20:32 -------- d-----w- c:\documents and settings\Amy\Application Data\Apple Computer
2009-09-12 19:13 . 2009-09-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 19:09 . 2009-06-04 03:56 -------- d-----w- c:\program files\QuickTime
2009-09-12 15:19 . 2009-09-12 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\eMusic
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 00:45 . 2008-05-06 10:21 -------- d-----w- c:\program files\AIM6
2009-09-04 00:44 . 2008-11-19 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-09-03 15:18 . 2009-09-03 15:16 -------- d-----w- c:\program files\FrostWire
2009-09-03 15:17 . 2008-04-25 21:15 -------- d-----w- c:\program files\LimeWire
2009-09-03 00:09 . 2008-10-05 23:58 -------- d-----w- c:\documents and settings\Amy\Application Data\LimeWire
2009-09-01 22:46 . 2008-04-25 00:18 86400 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 19:59 . 2009-08-30 19:59 -------- d-----w- c:\program files\Coupons
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-04-18 12:10 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-04-26 20:20 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 12:50 . 2008-04-23 19:04 86400 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 20:33 . 2009-01-02 16:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 20:33 . 2009-01-02 16:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 20:33 . 2009-01-02 16:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 13:16 . 2009-05-03 20:23 86400 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 04:54 . 2009-08-11 04:54 127 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\fusioncache.dat
2009-08-06 23:24 . 2008-04-23 16:50 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-23 16:50 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-04-23 16:50 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-30 23:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-23 16:50 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-23 16:50 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-26 13:39 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2008-04-26 13:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-23 16:50 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-04-25 11:06 . 2008-04-25 11:06 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
2009-07-25 11:29 . 2009-07-25 11:29 51712 --sha-w- c:\windows\system32\pulovuwi.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-25_13.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 11:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2008-04-23 17:01 . 2009-10-25 19:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-23 17:01 . 2009-10-25 11:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-23 17:01 . 2009-10-25 19:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-23 17:01 . 2009-10-25 11:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 20:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Amy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Amy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\PhotoshopElementsFileAgent.exe"=
"c:\\WINDOWS\\system32\\PSIService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\WTablet\\Pen_TabletUser.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoNotify.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\eMusic Download Manager\\xulrunner\\xulrunner.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 12:37 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 12:37 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/23/2009 3:23 PM 297752]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/17/2008 6:34 PM 1373480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/18/2009 4:33 PM 908056]
S2 TivoBeacon2;TiVo Beacon;"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service --> c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/24/2009 8:39 PM 38224]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\b23vpdka.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 22:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-26 22:27
ComboFix-quarantined-files.txt 2009-10-26 02:27
ComboFix2.txt 2009-10-25 20:02
ComboFix3.txt 2009-10-25 13:09

Pre-Run: 6,224,171,008 bytes free
Post-Run: 6,279,094,272 bytes free

- - End Of File - - 8C96093351D1FE5687344B88CA9D64F5

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 26 October 2009 - 05:54 AM

How's it running now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#11 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 October 2009 - 07:56 AM

Everything appears to be running fine. Are there any further actions that need to be taken? Thank You, Mike

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 26 October 2009 - 10:03 AM

Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    To be on the safe side, I would also change all my passwords.


    Here's my usual all clean post

    Log looks good :D


    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 mp62

mp62

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 26 October 2009 - 09:33 PM

I've performed all of the steps above and everything seems to be good. Thanks for all of your help. You provide a great service and I appreciate your time. Mike

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 27 October 2009 - 05:41 AM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 27 October 2009 - 05:41 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users