Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the MS antispyware 2009 virus.


  • This topic is locked This topic is locked
9 replies to this topic

#1 mambo621

mambo621

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 12 April 2009 - 07:08 AM

After an attempt to clean it up, pops-ups are still occurring. I scanned the computer with MalwareBytes Anti-Malware and got rid of the initial infection. After I scanned the computer with AVG anti-virus, Spybot S&D, and MalwareBytes Anti-Malware after pop-ups were still occurring yieldeding no results.
Any help is greatly appreciated. Thank you. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:00 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210352709546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210352697577
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7486 bytes

BC AdBot (Login to Remove)

 


#2 mambo621

mambo621
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 22 April 2009 - 05:21 PM

Just making sure this topic was not over looked. I understand you guys are busy. Thanks.

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 26 April 2009 - 10:28 AM

Hello Mambo621,

Making a reply to your own first post would tend to get your post overlooked because helpers are typically looking first for posts without replies !

1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

=

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=
3. Locate using My Computer {Windows Explorer} the MalwareBytes' AntiMalware exe file (mbam.exe) which is typically located here
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
..... right-Click mbam.exe and select Rename and RENAME it to Bravo.exe

Start your Bravo.exe {MBAM}.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.
At this time, the current definitions are # 2043 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.
Do a Quick Scan.

4. Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or
http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
5. Please include the following logs in your next reply, and put them in-line of body of the reply. Do NOT use the attachment option:
the new (latest) MBAM scan log
DDS.txt
Attach.txt

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 mambo621

mambo621
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 26 April 2009 - 02:06 PM

Thank you for the reply. I scanned the computer using Malwarebyte's and one thing, userinit.exe, was shown. I could have sworn though that this is a windows process so I DID NOT remove it. If I should, I'll re-scan the computer and will remove it. Here are the 3 logs.


Malwarebytes' Anti-Malware 1.36
Database version: 2045
Windows 5.1.2600 Service Pack 3

4/26/2009 3:03:17 PM
mbam-log-2009-04-26 (15-02-28).txt

Scan type: Quick Scan
Objects scanned: 70713
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:01:07.66 on Sun 04/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.107 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\Bravo.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210352709546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210352697577
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\iypfzuoq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-11 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-11 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-11 108552]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-10 38496]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 298264]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-04-15 11:37 389,120 a------- c:\windows\system32\CF13772.exe
2009-04-15 11:37 <DIR> --d----- C:\ComboFix
2009-04-15 11:34 73,728 a------- C:\pv.exe
2009-04-14 20:59 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:59 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:59 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:59 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 20:59 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:59 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:59 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:59 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:58 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 20:58 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 20:58 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-12 08:36 389,120 a------- c:\windows\system32\CF17073.exe
2009-04-12 08:35 <DIR> --d----- c:\windows\pss
2009-04-12 08:30 389,120 a------- c:\windows\system32\CF15799.exe
2009-04-12 08:26 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-11 14:43 <DIR> --d----- c:\program files\Trend Micro
2009-04-11 12:38 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-11 10:53 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-11 10:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-11 10:53 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-11 10:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-11 10:53 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-04-11 10:52 <DIR> --d----- c:\program files\AVG
2009-04-11 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-11 10:42 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-11 10:40 14,568 a------- c:\windows\system32\drivers\wg6n.sys
2009-04-11 10:40 14,568 a------- c:\windows\system32\drivers\wg5n.sys
2009-04-11 10:40 14,568 a------- c:\windows\system32\drivers\wg4n.sys
2009-04-11 10:40 14,568 a------- c:\windows\system32\drivers\wg3n.sys
2009-04-11 10:40 60,496 a------- c:\windows\system32\drivers\Teefer.sys
2009-04-11 10:40 21,075 a------- c:\windows\system32\drivers\wpsdrvnt.sys
2009-04-11 10:39 83,096 a------- c:\windows\system32\SSSensor.dll
2009-04-11 10:39 <DIR> --d----- c:\program files\Sygate
2009-04-11 10:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-10 20:59 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-10 20:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-10 20:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 20:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 20:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-04-10 20:21 74,752 a------- c:\windows\system32\userinit.exe
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:17 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-02 19:17 348,160 a------- c:\windows\system32\msvcr71.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 15:02:28.22 ===============

-----------------



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/9/2008 12:03:26 PM
System Uptime: 4/24/2009 10:50:36 AM (53 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel® Pentium® 4 CPU 2.20GHz | Socket 478 | 2192/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 17.144 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FD
Service:

==== System Restore Points ===================

RP290: 2/23/2009 12:05:55 PM - System Checkpoint
RP291: 2/24/2009 1:24:02 PM - System Checkpoint
RP292: 2/25/2009 3:00:20 AM - Software Distribution Service 3.0
RP293: 2/26/2009 3:11:38 AM - System Checkpoint
RP294: 2/27/2009 4:11:33 AM - System Checkpoint
RP295: 2/28/2009 5:11:22 AM - System Checkpoint
RP296: 3/1/2009 6:12:27 AM - System Checkpoint
RP297: 3/2/2009 9:52:16 AM - System Checkpoint
RP298: 3/3/2009 10:16:09 AM - System Checkpoint
RP299: 3/4/2009 11:21:19 AM - System Checkpoint
RP300: 3/5/2009 12:14:05 PM - System Checkpoint
RP301: 3/6/2009 1:11:13 PM - System Checkpoint
RP302: 3/7/2009 1:16:49 PM - System Checkpoint
RP303: 3/8/2009 1:28:16 PM - System Checkpoint
RP304: 3/9/2009 1:30:38 PM - System Checkpoint
RP305: 3/10/2009 1:53:26 PM - System Checkpoint
RP306: 3/11/2009 2:00:26 AM - Software Distribution Service 3.0
RP307: 3/12/2009 2:12:47 AM - System Checkpoint
RP308: 3/13/2009 3:12:39 AM - System Checkpoint
RP309: 3/14/2009 2:00:27 AM - Software Distribution Service 3.0
RP310: 3/15/2009 3:12:33 AM - System Checkpoint
RP311: 3/16/2009 4:12:36 AM - System Checkpoint
RP312: 3/17/2009 5:12:32 AM - System Checkpoint
RP313: 3/18/2009 6:12:36 AM - System Checkpoint
RP314: 3/19/2009 7:12:34 AM - System Checkpoint
RP315: 3/20/2009 8:12:30 AM - System Checkpoint
RP316: 3/21/2009 9:13:33 AM - System Checkpoint
RP317: 3/22/2009 10:26:31 AM - System Checkpoint
RP318: 3/23/2009 11:23:28 AM - System Checkpoint
RP319: 3/24/2009 12:12:30 PM - System Checkpoint
RP320: 3/25/2009 1:12:28 PM - System Checkpoint
RP321: 3/26/2009 2:17:06 PM - System Checkpoint
RP322: 3/27/2009 2:27:49 PM - System Checkpoint
RP323: 3/28/2009 3:14:51 PM - System Checkpoint
RP324: 3/29/2009 4:50:26 PM - System Checkpoint
RP325: 3/30/2009 4:52:02 PM - System Checkpoint
RP326: 3/31/2009 5:04:24 PM - System Checkpoint
RP327: 4/1/2009 5:57:00 PM - System Checkpoint
RP328: 4/2/2009 7:05:16 PM - System Checkpoint
RP329: 4/3/2009 7:38:05 PM - System Checkpoint
RP330: 4/4/2009 8:39:13 PM - System Checkpoint
RP331: 4/5/2009 9:38:05 PM - System Checkpoint
RP332: 4/6/2009 10:38:10 PM - System Checkpoint
RP333: 4/7/2009 11:18:03 PM - System Checkpoint
RP334: 4/8/2009 11:38:00 PM - System Checkpoint
RP335: 4/10/2009 12:37:54 AM - System Checkpoint
RP336: 4/11/2009 7:34:37 AM - System Checkpoint
RP337: 4/11/2009 10:39:42 AM - Installed Sygate Personal Firewall
RP338: 4/11/2009 10:49:37 AM - Removed Norton AntiVirus 2002
RP339: 4/11/2009 10:52:37 AM - Installed AVG Free 8.5
RP340: 4/11/2009 10:57:01 AM - Removed Bonjour
RP341: 4/12/2009 9:44:40 AM - Avg8 Update
RP342: 4/13/2009 9:46:32 AM - System Checkpoint
RP343: 4/14/2009 2:10:29 PM - System Checkpoint
RP344: 4/15/2009 3:00:42 AM - Software Distribution Service 3.0
RP345: 4/15/2009 1:44:53 PM - new
RP346: 4/15/2009 1:48:35 PM - Removed MobileMe Control Panel
RP347: 4/16/2009 2:10:18 PM - System Checkpoint
RP348: 4/17/2009 9:07:18 AM - Configured PC VGA Camer@ Plus
RP349: 4/18/2009 9:56:54 AM - System Checkpoint
RP350: 4/19/2009 9:59:04 AM - System Checkpoint
RP351: 4/20/2009 10:44:17 AM - System Checkpoint
RP352: 4/21/2009 11:14:35 AM - System Checkpoint
RP353: 4/22/2009 11:29:45 AM - System Checkpoint
RP354: 4/23/2009 11:32:18 AM - System Checkpoint
RP355: 4/24/2009 11:57:48 AM - System Checkpoint
RP356: 4/25/2009 1:13:22 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Age of Mythology
AIM 6
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
AVG 8.5
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Compact Wireless-G USB Adapter
Conexant D850 56K V.9x DFVc Modem
Dell ResourceCD
EA Download Manager
GameSpy Arcade
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics Driver
iTunes
Java™ 6 Update 5
Java™ 6 Update 7
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Octoshape add-in for Adobe Flash Player
QuickTime
RealPlayer
Rise of Nations
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Spybot - Search & Destroy
SpywareBlaster 4.2
Sygate Personal Firewall
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/23/2009 10:28:50 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

#5 mambo621

mambo621
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 26 April 2009 - 02:14 PM

I looked into the file that I did not take action on (userinit.exe), and it was modified the same exact time and day as when I started to receive problems on my computer. Fishy?

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 26 April 2009 - 03:51 PM

Do a new run of MBAM and have it quarantine or remove items that it flags. Yes, you should have had MBAM remove item on the last run.

Start your MBAM.
Click the Settings Tab. Make sure all option lines have a checkmark.
Click the Update tab. Press the "Check for Updates" button.
At this time, the current definitions are # 2043 or later.
  • When done, click the Scanner tab.
    Do a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in a new reply as soon as it has finished.
This system has an old version of Java Run-time.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.
If you see any other Java versions there,
such as
J2SE Runtime Environment 5.0
Java SE Runtime Environment
Java 6


uninstall all of them. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp
> In top of the page (first in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 13
> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control
> Accept the license agreement
> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.
  • Tip: Choose Custom install to select only the part(s) you need/want.
Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

To test your Java Run-time, you may go to this page http://www.javatester.org/version.html
When all is well, you should see Java Version: 1.6.0_13 from Sun Microsystems Inc.
=

Using Internet Explorer browser only, go to ESET Online Scanner website:
Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq
  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
=
Reply with copy of the latest MBAM scan log
and the Kaspersky scan report
and tell me, How is your system now ?

Edited by Maurice Naggar, 26 April 2009 - 04:02 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 mambo621

mambo621
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 27 April 2009 - 05:59 PM

Odd. I did the Malware Bytes scan and it deleted userinit.exe. Then I did the ESET scan and it said that it detected(and deleted) userinit.exe. I am going to reboot the computer and let you know if there are still pop-ups.

Malwarebytes' Anti-Malware 1.36
Database version: 2045
Windows 5.1.2600 Service Pack 3

4/26/2009 7:41:54 PM
mbam-log-2009-04-26 (19-41-54).txt

Scan type: Quick Scan
Objects scanned: 70721
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4038 (20090427)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=956ac26b84199e48883c540b61cff8c5
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2009-04-27 10:46:59
# local_time=2009-04-27 06:46:59 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=262548
# found=1
# scan_time=3256
C:\WINDOWS\system32\userinit.exe Win32/TrojanDownloader.Zlob.CZG trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 27 April 2009 - 07:20 PM

Do let me know what you see or find.
Next, I'd like for you to run this tool, and post back the report.

Download RootRepeal:
http://rootrepeal.googlepages.com/RootRepeal.zip
  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 16 May 2009 - 11:23 AM

Please provide an update on the status of this system.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#10 mambo621

mambo621
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 26 June 2009 - 07:30 AM

I'm really sorry about never responding. The computer is working fine now. Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users