Sign In »
Register Now!
Help
This topic is locked
Ok, I ran the program. It did some restart boot-scan type deal, and found an infected file. I think it auto-deleted it or something. I hope whatever it did shows in this log. It also didn't ask me to install the recovery console, so i'm assuming i already have it.
By the way, i'm using a program called "oceanis change background w7" to change my background on windows 7 starter. Would that be another reason why i'm getting problems?
LOG HERE
|
V
ComboFix 10-09-19.01 - Gerell 09/19/2010 22:49:58.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.2039.1330 [GMT -4:00]
Running from: c:\users\Gerell\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\service
c:\windows\system32\service\31122009_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
c:\windows\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.
2010-09-20 03:08 . 2010-09-20 03:10 -------- d-----w- c:\users\Gerell\AppData\Local\temp
2010-09-20 03:08 . 2010-09-20 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-17 13:55 . 2010-09-17 13:55 -------- d-----w- C:\_OTL
2010-09-17 13:48 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 23:15 . 2010-09-15 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-15 00:12 . 2010-09-19 15:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 00:12 . 2010-09-15 00:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-14 02:37 . 2010-09-20 02:42 63488 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-14 02:37 . 2010-09-14 02:37 52224 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 02:37 . 2010-09-20 02:42 117760 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-13 21:58 . 2010-09-13 21:58 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-09-09 14:37 . 2010-09-09 14:37 -------- d-----w- c:\windows\Sun
2010-08-30 01:11 . 2010-08-30 01:11 -------- d-----w- C:\QuickTime Files
2010-08-30 01:10 . 2010-08-30 01:10 -------- d-----w- c:\program files\QuickTime Converter
2010-08-26 03:06 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-22 21:27 . 2009-11-08 06:41 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-08-22 21:27 . 2010-08-16 18:52 13184 ----a-w- c:\windows\system32\drivers\pneteth.sys
2010-08-22 21:27 . 2010-08-22 21:27 -------- d-----w- c:\program files\PdaNet for Android
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 02:38 . 2010-02-09 04:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-20 02:27 . 2009-08-19 05:06 -------- d-----w- c:\programdata\Microsoft Help
2010-09-17 17:51 . 2010-04-27 12:00 1 ----a-w- c:\users\Gerell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-16 20:36 . 2009-07-13 23:53 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2010-09-10 00:07 . 2009-12-31 21:29 -------- d-----w- c:\users\Gerell\AppData\Roaming\Skype
2010-09-09 23:30 . 2010-01-15 03:14 -------- d-----w- c:\users\Gerell\AppData\Roaming\skypePM
2010-09-07 15:12 . 2010-07-01 13:00 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-04 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-04 04:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-04 04:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-04 04:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-04 04:01 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-04 04:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-24 23:52 . 2009-12-31 22:18 -------- d-----w- c:\users\Gerell\AppData\Roaming\FileZilla
2010-08-24 23:51 . 2009-12-31 22:18 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-22 21:31 . 2010-08-22 21:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
2010-08-21 14:27 . 2010-02-19 16:50 -------- d-----w- c:\program files\Recuva
2010-08-19 02:04 . 2010-01-01 09:58 86520 ----a-w- c:\users\Gerell\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 22:48 . 2010-04-26 22:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-18 12:44 . 2010-08-18 12:44 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 12:43 . 2010-04-18 13:17 -------- d-----w- c:\program files\Java
2010-08-16 19:01 . 2010-08-09 14:21 -------- d-----w- c:\users\Gerell\AppData\Roaming\uTorrent
2010-08-15 16:00 . 2010-08-15 15:59 -------- d-----w- c:\users\Gerell\AppData\Roaming\Notepad++
2010-08-15 15:59 . 2010-08-15 15:59 -------- d-----w- c:\program files\Notepad++
2010-08-14 01:33 . 2010-08-14 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-13 11:52 . 2009-08-19 05:08 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 22:31 . 2010-08-11 22:31 -------- d-----w- c:\users\Gerell\AppData\Roaming\Thunderbird
2010-08-09 14:22 . 2010-08-09 14:22 -------- d-----w- c:\program files\uTorrent
2010-08-09 14:20 . 2010-06-03 19:39 -------- d-----w- c:\program files\LimeWire
2010-08-03 23:41 . 2010-08-03 22:06 -------- d-----w- c:\program files\Paint.NET
2010-07-29 06:30 . 2010-08-11 21:52 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 21:52 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-24 20:02 . 2010-07-24 20:02 -------- d-----w- c:\program files\Oceanis
2010-07-22 17:24 . 2010-07-22 17:24 -------- d-----w- c:\program files\TechSmith
2010-07-22 05:28 . 2010-01-11 05:08 -------- d-----w- c:\programdata\GoBoingo
2010-07-22 05:27 . 2010-06-29 04:02 -------- d-----w- c:\program files\Eufloria
2010-07-22 05:26 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-07-22 05:26 . 2010-06-28 02:25 -------- d-----w- c:\program files\Kana Reminder
2010-07-22 05:24 . 2010-07-21 19:24 -------- d-----w- c:\program files\Keyone Productions
2010-07-21 20:38 . 2010-07-21 20:38 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 19:53 . 2010-01-15 04:20 252 ----a-w- c:\users\Gerell\AppData\Roaming\wklnhst.dat
2010-07-17 09:00 . 2010-04-18 13:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 21:52 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\Asus\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Google Update"="c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-11 135664]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-19 2937528]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
HotKeyMon.lnk - c:\program files\EeePC\HotkeyService\HotKeyMon.exe [2009-9-12 100328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNK.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeStorageBackup]
2009-07-31 08:08 947472 ----a-w- c:\program files\ASUS\Asus WebStorage\BackupService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-09 14:22 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-08-16 13184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000Core.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000UA.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Gerell\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
AddRemove-Defraggler - e:\defraggler\uninst.exe
AddRemove-Speccy - e:\speccy\uninst.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5732)
c:\program files\ASUS\Asus WebStorage\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-09-19 23:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 03:17
Pre-Run: 52,873,793,536 bytes free
Post-Run: 52,783,964,160 bytes free
- - End Of File - - DD1749B30C20F5B8725ABDE8CDF81349
Recommended Software
Wierd Virus trying to redirect my google searches..[RESOLVED]
Need help removing it
Back to top
MultiQuote
#17
Rorschach112 
- HJT Team
-
- Group: Managers
- Posts: 425
- Joined: 18-February 08
Posted 20 September 2010 - 07:07 AM
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
File::
Folder::
Restore::
c:\windows\system32\userinit.exe
c:\windows\system32\spoolsv.exe
TDL::
c:\windows\system32\drivers\wfplwf.sys
Registry::
Driver::
Folder::
Restore::
c:\windows\system32\userinit.exe
c:\windows\system32\spoolsv.exe
TDL::
c:\windows\system32\drivers\wfplwf.sys
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#18
Wolfturn
- Member
-
- Group: Members
- Posts: 15
- Joined: 13-September 10
- Location:Orlando, FL
- Operating System:Windows 7 Starter on Netbook
Posted 20 September 2010 - 08:18 AM
Here you are kind sir, thanks again for helping me out with this problem btw.
ComboFix 10-09-19.01 - Gerell 09/20/2010 8:32.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.2039.1058 [GMT -4:00]
Running from: c:\users\Gerell\Desktop\ComboFix.exe
Command switches used :: c:\users\Gerell\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\spoolsv.exe
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.
2010-09-20 12:49 . 2010-09-20 12:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-20 12:49 . 2010-09-20 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 12:29 . 2010-09-20 12:29 -------- d-----w- C:\32788R22FWJFW
2010-09-20 03:08 . 2010-09-20 13:10 -------- d-----w- c:\users\Gerell\AppData\Local\temp
2010-09-17 13:55 . 2010-09-17 13:55 -------- d-----w- C:\_OTL
2010-09-17 13:48 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 23:15 . 2010-09-15 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-15 00:12 . 2010-09-19 15:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 00:12 . 2010-09-15 00:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-14 02:37 . 2010-09-20 02:42 63488 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-14 02:37 . 2010-09-14 02:37 52224 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 02:37 . 2010-09-20 02:42 117760 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-13 21:58 . 2010-09-13 21:58 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-09-09 14:37 . 2010-09-09 14:37 -------- d-----w- c:\windows\Sun
2010-08-30 01:11 . 2010-08-30 01:11 -------- d-----w- C:\QuickTime Files
2010-08-30 01:10 . 2010-08-30 01:10 -------- d-----w- c:\program files\QuickTime Converter
2010-08-26 03:06 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-22 21:27 . 2009-11-08 06:41 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-08-22 21:27 . 2010-08-16 18:52 13184 ----a-w- c:\windows\system32\drivers\pneteth.sys
2010-08-22 21:27 . 2010-08-22 21:27 -------- d-----w- c:\program files\PdaNet for Android
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 02:38 . 2010-02-09 04:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-20 02:27 . 2009-08-19 05:06 -------- d-----w- c:\programdata\Microsoft Help
2010-09-17 17:51 . 2010-04-27 12:00 1 ----a-w- c:\users\Gerell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-16 20:36 . 2009-07-13 23:53 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2010-09-10 00:07 . 2009-12-31 21:29 -------- d-----w- c:\users\Gerell\AppData\Roaming\Skype
2010-09-09 23:30 . 2010-01-15 03:14 -------- d-----w- c:\users\Gerell\AppData\Roaming\skypePM
2010-09-07 15:12 . 2010-07-01 13:00 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-04 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-04 04:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-04 04:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-04 04:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-04 04:01 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-04 04:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-24 23:52 . 2009-12-31 22:18 -------- d-----w- c:\users\Gerell\AppData\Roaming\FileZilla
2010-08-24 23:51 . 2009-12-31 22:18 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-22 21:31 . 2010-08-22 21:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
2010-08-21 14:27 . 2010-02-19 16:50 -------- d-----w- c:\program files\Recuva
2010-08-19 02:04 . 2010-01-01 09:58 86520 ----a-w- c:\users\Gerell\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 22:48 . 2010-04-26 22:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-18 12:44 . 2010-08-18 12:44 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 12:43 . 2010-04-18 13:17 -------- d-----w- c:\program files\Java
2010-08-16 19:01 . 2010-08-09 14:21 -------- d-----w- c:\users\Gerell\AppData\Roaming\uTorrent
2010-08-15 16:00 . 2010-08-15 15:59 -------- d-----w- c:\users\Gerell\AppData\Roaming\Notepad++
2010-08-15 15:59 . 2010-08-15 15:59 -------- d-----w- c:\program files\Notepad++
2010-08-14 01:33 . 2010-08-14 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-13 11:52 . 2009-08-19 05:08 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 22:31 . 2010-08-11 22:31 -------- d-----w- c:\users\Gerell\AppData\Roaming\Thunderbird
2010-08-09 14:22 . 2010-08-09 14:22 -------- d-----w- c:\program files\uTorrent
2010-08-09 14:20 . 2010-06-03 19:39 -------- d-----w- c:\program files\LimeWire
2010-08-03 23:41 . 2010-08-03 22:06 -------- d-----w- c:\program files\Paint.NET
2010-07-29 06:30 . 2010-08-11 21:52 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 21:52 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-24 20:02 . 2010-07-24 20:02 -------- d-----w- c:\program files\Oceanis
2010-07-22 17:24 . 2010-07-22 17:24 -------- d-----w- c:\program files\TechSmith
2010-07-21 20:38 . 2010-07-21 20:38 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 19:53 . 2010-01-15 04:20 252 ----a-w- c:\users\Gerell\AppData\Roaming\wklnhst.dat
2010-07-17 09:00 . 2010-04-18 13:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 21:52 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\Asus\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Google Update"="c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-11 135664]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-19 2937528]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
HotKeyMon.lnk - c:\program files\EeePC\HotkeyService\HotKeyMon.exe [2009-9-12 100328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNK.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeStorageBackup]
2009-07-31 08:08 947472 ----a-w- c:\program files\ASUS\Asus WebStorage\BackupService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-09 14:22 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-08-16 13184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000Core.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000UA.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3420)
c:\program files\ASUS\Asus WebStorage\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-20 09:17:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 13:17
ComboFix2.txt 2010-09-20 03:18
Pre-Run: 52,448,903,168 bytes free
Post-Run: 52,434,477,056 bytes free
- - End Of File - - 0C35C5C6F365AA0D29A985EB6BC5C0F6
ComboFix 10-09-19.01 - Gerell 09/20/2010 8:32.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.2039.1058 [GMT -4:00]
Running from: c:\users\Gerell\Desktop\ComboFix.exe
Command switches used :: c:\users\Gerell\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\spoolsv.exe
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.
2010-09-20 12:49 . 2010-09-20 12:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-20 12:49 . 2010-09-20 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 12:29 . 2010-09-20 12:29 -------- d-----w- C:\32788R22FWJFW
2010-09-20 03:08 . 2010-09-20 13:10 -------- d-----w- c:\users\Gerell\AppData\Local\temp
2010-09-17 13:55 . 2010-09-17 13:55 -------- d-----w- C:\_OTL
2010-09-17 13:48 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 23:15 . 2010-09-15 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-15 00:12 . 2010-09-19 15:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 00:12 . 2010-09-15 00:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-14 02:37 . 2010-09-20 02:42 63488 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-14 02:37 . 2010-09-14 02:37 52224 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 02:37 . 2010-09-20 02:42 117760 ----a-w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\users\Gerell\AppData\Roaming\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-14 02:37 . 2010-09-14 02:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-13 21:58 . 2010-09-13 21:58 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-09-09 14:37 . 2010-09-09 14:37 -------- d-----w- c:\windows\Sun
2010-08-30 01:11 . 2010-08-30 01:11 -------- d-----w- C:\QuickTime Files
2010-08-30 01:10 . 2010-08-30 01:10 -------- d-----w- c:\program files\QuickTime Converter
2010-08-26 03:06 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-22 21:27 . 2009-11-08 06:41 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-08-22 21:27 . 2010-08-16 18:52 13184 ----a-w- c:\windows\system32\drivers\pneteth.sys
2010-08-22 21:27 . 2010-08-22 21:27 -------- d-----w- c:\program files\PdaNet for Android
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 02:38 . 2010-02-09 04:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-20 02:27 . 2009-08-19 05:06 -------- d-----w- c:\programdata\Microsoft Help
2010-09-17 17:51 . 2010-04-27 12:00 1 ----a-w- c:\users\Gerell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-16 20:36 . 2009-07-13 23:53 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2010-09-10 00:07 . 2009-12-31 21:29 -------- d-----w- c:\users\Gerell\AppData\Roaming\Skype
2010-09-09 23:30 . 2010-01-15 03:14 -------- d-----w- c:\users\Gerell\AppData\Roaming\skypePM
2010-09-07 15:12 . 2010-07-01 13:00 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-04 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-04 04:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-04 04:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-04 04:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-04 04:01 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-04 04:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-24 23:52 . 2009-12-31 22:18 -------- d-----w- c:\users\Gerell\AppData\Roaming\FileZilla
2010-08-24 23:51 . 2009-12-31 22:18 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-22 21:31 . 2010-08-22 21:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
2010-08-21 14:27 . 2010-02-19 16:50 -------- d-----w- c:\program files\Recuva
2010-08-19 02:04 . 2010-01-01 09:58 86520 ----a-w- c:\users\Gerell\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 22:48 . 2010-04-26 22:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-18 12:44 . 2010-08-18 12:44 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 12:43 . 2010-04-18 13:17 -------- d-----w- c:\program files\Java
2010-08-16 19:01 . 2010-08-09 14:21 -------- d-----w- c:\users\Gerell\AppData\Roaming\uTorrent
2010-08-15 16:00 . 2010-08-15 15:59 -------- d-----w- c:\users\Gerell\AppData\Roaming\Notepad++
2010-08-15 15:59 . 2010-08-15 15:59 -------- d-----w- c:\program files\Notepad++
2010-08-14 01:33 . 2010-08-14 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-13 11:52 . 2009-08-19 05:08 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 22:31 . 2010-08-11 22:31 -------- d-----w- c:\users\Gerell\AppData\Roaming\Thunderbird
2010-08-09 14:22 . 2010-08-09 14:22 -------- d-----w- c:\program files\uTorrent
2010-08-09 14:20 . 2010-06-03 19:39 -------- d-----w- c:\program files\LimeWire
2010-08-03 23:41 . 2010-08-03 22:06 -------- d-----w- c:\program files\Paint.NET
2010-07-29 06:30 . 2010-08-11 21:52 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 21:52 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-24 20:02 . 2010-07-24 20:02 -------- d-----w- c:\program files\Oceanis
2010-07-22 17:24 . 2010-07-22 17:24 -------- d-----w- c:\program files\TechSmith
2010-07-21 20:38 . 2010-07-21 20:38 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-19 19:53 . 2010-01-15 04:20 252 ----a-w- c:\users\Gerell\AppData\Roaming\wklnhst.dat
2010-07-17 09:00 . 2010-04-18 13:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 21:52 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\Asus\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Google Update"="c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-11 135664]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-19 2937528]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
HotKeyMon.lnk - c:\program files\EeePC\HotkeyService\HotKeyMon.exe [2009-9-12 100328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gerell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\users\Gerell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNK.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeStorageBackup]
2009-07-31 08:08 947472 ----a-w- c:\program files\ASUS\Asus WebStorage\BackupService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-09 14:22 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-08-16 13184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000Core.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995515071-2710243507-2771157394-1000UA.job
- c:\users\Gerell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\Gerell\AppData\Roaming\Mozilla\Firefox\Profiles\eqwewz8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3420)
c:\program files\ASUS\Asus WebStorage\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-20 09:17:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 13:17
ComboFix2.txt 2010-09-20 03:18
Pre-Run: 52,448,903,168 bytes free
Post-Run: 52,434,477,056 bytes free
- - End Of File - - 0C35C5C6F365AA0D29A985EB6BC5C0F6
#19
Rorschach112
- HJT Team
-
- Group: Managers
- Posts: 425
- Joined: 18-February 08
Posted 20 September 2010 - 12:30 PM
open OTL click the none button paste this in the custom scan box
c:\windows\system32\spoolsv.exe /md5
c:\windows\system32\userinit.exe /md5
c:\windows\system32\Drivers\atapi.sys /md5
click run scan post that log
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
c:\windows\system32\spoolsv.exe /md5
c:\windows\system32\userinit.exe /md5
c:\windows\system32\Drivers\atapi.sys /md5
click run scan post that log
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
#20
Wolfturn
- Member
-
- Group: Members
- Posts: 15
- Joined: 13-September 10
- Location:Orlando, FL
- Operating System:Windows 7 Starter on Netbook
Posted 20 September 2010 - 03:59 PM
The kaspersky scanner didin't work, i didin't have the system requierments to run the program. And i downloaded safari just for that!
Heres what it looked like when i ran it (www.wolfturn.nrgs.org/Pictures/2010-09-20_1658.png)
OTL logfile created on: 9/20/2010 4:24:37 PM - Run 5
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Gerell\Desktop\Virus Stuff
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 48.80 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.55 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.43 Gb Free Space | 99.68% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GERELL-PC
Current User Name: Gerell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Custom Scans ==========
< c:\windows\system32\spoolsv.exe /md5 >
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
< c:\windows\system32\userinit.exe /md5 >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
< c:\windows\system32\Drivers\atapi.sys /md5 >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
< End of report >
-----------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4658
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/20/2010 4:37:43 PM
mbam-log-2010-09-20 (16-37-43).txt
Scan type: Quick scan
Objects scanned: 137733
Time elapsed: 11 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Heres what it looked like when i ran it (www.wolfturn.nrgs.org/Pictures/2010-09-20_1658.png)
OTL logfile created on: 9/20/2010 4:24:37 PM - Run 5
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Gerell\Desktop\Virus Stuff
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 48.80 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.55 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.43 Gb Free Space | 99.68% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GERELL-PC
Current User Name: Gerell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Custom Scans ==========
< c:\windows\system32\spoolsv.exe /md5 >
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
< c:\windows\system32\userinit.exe /md5 >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
< c:\windows\system32\Drivers\atapi.sys /md5 >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
< End of report >
-----------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4658
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/20/2010 4:37:43 PM
mbam-log-2010-09-20 (16-37-43).txt
Scan type: Quick scan
Objects scanned: 137733
Time elapsed: 11 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#21
Rorschach112
- HJT Team
-
- Group: Managers
- Posts: 425
- Joined: 18-February 08
Posted 20 September 2010 - 05:55 PM
open OTL click the none button paste this in the custom scan box
/md5start
spoolsv.*
/md5stop
click run scan post that log
* Go here to run an online scannner from ESET.
/md5start
spoolsv.*
/md5stop
click run scan post that log
* Go here to run an online scannner from ESET.
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Check next options: Remove found threats and Scan unwanted applications.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
- Copy and paste that log as a reply to this topic
#22
Wolfturn
- Member
-
- Group: Members
- Posts: 15
- Joined: 13-September 10
- Location:Orlando, FL
- Operating System:Windows 7 Starter on Netbook
Posted 20 September 2010 - 11:33 PM
OTL logfile created on: 9/21/2010 12:26:05 AM - Run 6
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Gerell\Desktop\Virus Stuff
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 48.13 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.55 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GERELL-PC
Current User Name: Gerell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Custom Scans ==========
< MD5 for: SPOOLSV.EXE >
[2010/08/20 00:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/13 21:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
< MD5 for: SPOOLSV.EXE.MUI >
[2009/07/13 22:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\System32\en-US\spoolsv.exe.mui
[2009/07/13 22:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\winsxs\x86_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27adb62962c94d96\spoolsv.exe.mui
< MD5 for: SPOOLSV.EXE.VIR >
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Qoobox\Quarantine\C\Windows\System32\spoolsv.exe.vir
< End of report >
The ESET scan didint quite finish, because an error showed up, i think it was my fault though. Heres the log. but i'll redo it when i get home.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Gerell\Desktop\Virus Stuff
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 48.13 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 122.55 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GERELL-PC
Current User Name: Gerell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Custom Scans ==========
< MD5 for: SPOOLSV.EXE >
[2010/08/20 00:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/13 21:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
< MD5 for: SPOOLSV.EXE.MUI >
[2009/07/13 22:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\System32\en-US\spoolsv.exe.mui
[2009/07/13 22:08:54 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=67D261B613E2EF4B1FB0DC665D502B09 -- C:\Windows\winsxs\x86_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27adb62962c94d96\spoolsv.exe.mui
< MD5 for: SPOOLSV.EXE.VIR >
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Qoobox\Quarantine\C\Windows\System32\spoolsv.exe.vir
< End of report >
The ESET scan didint quite finish, because an error showed up, i think it was my fault though. Heres the log. but i'll redo it when i get home.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
This post has been edited by Wolfturn: 21 September 2010 - 07:21 AM
#23
Rorschach112
- HJT Team
-
- Group: Managers
- Posts: 425
- Joined: 18-February 08
Posted 21 September 2010 - 08:54 AM
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Uninstall ComboFix
Remove Combofix now that we're done with it.
Thank you for your patience, and performing all of the procedures requested.
Follow these steps to uninstall Combofix and tools used in the removal of malware
Uninstall ComboFix
Remove Combofix now that we're done with it.
- Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
- Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
- Please follow the prompts to uninstall Combofix.
- You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
- Open OTL
- Under the Custom Scans/Fixes box at the bottom, paste the following:
:Commands [clearallrestorepoints]
- Click the Run Fix button at the top
- It might ask you to reboot, if so click YES
- Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
- Click on the CleanUp button.
- Click Yes to begin the cleanup process and remove tools, including this application
- You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes
- Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
#25
Rorschach112
- HJT Team
-
- Group: Managers
- Posts: 425
- Joined: 18-February 08
Posted 22 September 2010 - 06:03 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.