Spyware Problems

Unknown
edited February 2006 in Spyware & Virus Removal
I am having trouble with spyware. I am getting frequent pop-up ads and have tried deleting spyware with Ad-Aware and Spybot, but they keep coming back. Here is my HJT log, please help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 1:09:33 AM, on 2/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\windows\winsysban8.exe
C:\WINDOWS\system32\wgse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hpsw.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 14 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yiqoyy.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    Hi. You are currently running Hijack This from here:


    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 14 for hijackthis_199.zip\HijackThis.exe

    Please make a folder here:

    C:\HJT

    Copy hijackthis.exe into that folder and make a desktop shortcut or just drag the program to the desktop. We need to get it out of the temp folder. Please post another log once you have done this.
  • sla187
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 9:04:44 PM, on 2/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\windows\winsysban8.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wgse.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\WINDOWS\system32\hpsw.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yiqoyy.exe reg_run
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK. First thing to do is download the trial version of Ewido Anti-Malware from my signature below. Intall the program and update it but don't run it yet. Next run a Panda Active Scan from my signature below. Allow the scan to delete whatever it finds. Save the log file from the scan.

    Next restart your PC in safe mode, explained here.

    Run a full scan with Ewido. In all cases let it delete anything it finds. After the scan it will give you the option to save a log. Please save the log.

    Post back with the Panda log, the Ewido log, and another Hijack This log.
  • sla187
    edited February 2006
    Incident Status Location

    Adware:Adware/ClkOptimizer Not disinfected C:\WINDOWS\SYSTEM32\YIQOYY.EXE
    Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\WINSYSBAN8.EXE
    Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\WINSYSUPD8.EXE
    Adware:Adware/SearchResults Not disinfected C:\PROGRA~1\Jalmp\jalmp.dll
    Adware:Adware/DollarRevenue Not disinfected C:\windows\winsysban8.exe
    Adware:Adware/ClkOptimizer Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\phwq.exe
    Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\azebar.xml
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
    Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
    Adware:adware/commad Not disinfected Windows Registry
    Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.hbmediapro[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-eu.falkag[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[2].txt
    Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ask[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[3].txt
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c.goclick[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c5.zedo[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdfreaks[2].txt
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@club.cdfreaks[2].txt
    Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@errorguard[2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt
    Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ilead.itrack[2].txt
    Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mmm.media-motor[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rn11[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sel.as-eu.falkag[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webpower[2].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
    Adware:Adware/ClkOptimizer Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\__delete_on_reboot__phwq.exe
    Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.hbmediapro[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-eu.falkag[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[2].txt
    Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ask[1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[3].txt
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c.goclick[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c5.zedo[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdfreaks[2].txt
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@club.cdfreaks[2].txt
    Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@errorguard[2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt
    Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ilead.itrack[2].txt
    Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mmm.media-motor[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rn11[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sel.as-eu.falkag[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webpower[2].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
    Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\A8B7980.tmp[titno.exe]
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\i7985.tmp
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\iC.tmp
    Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\is-CTR43.tmp\180sa_full.exe
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\Ssk.exe
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\SskBho.dll
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\SskCore.dll
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\Ssk.exe
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\SskBho.dll
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\SskCore.dll
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Uninstall.EXE
    Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2HVCDK7E\stub_113_4_0_4_0[1].exe
    Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2HVCDK7E\winsysupd8[1].exe
    Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AT6CO14O\MTE3NDI6ODoxNg[1].exe
    Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AVAZI1Q3\installer[1].exe
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AVOZBKD4\Installer[1].exe
    Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SZZFYW1P\winsysban8[1].exe
    Adware:Adware/DollarRevenue Not disinfected C:\drsmartload1.exe
    Adware:Adware/SearchResults Not disinfected C:\HJT\backups\backup-20060216-210602-667.dll
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Spyware:Spyware/New.net Not disinfected C:\NNSCAA638.EXE
    Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\SS1001.exe
    Adware:Adware/SearchResults Not disinfected C:\Program Files\Jalmp\jalmp.dll
    Adware:Adware/SearchResults Not disinfected C:\Program Files\Jalmp\uninstall.exe
    Adware:Adware/CommAd Not disinfected C:\WINDOWS\IA\asappsrv.dll
    Adware:Adware/CommAd Not disinfected C:\WINDOWS\IA\command.exe
    Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
    Virus:Trj/Downloader.HQM Not disinfected C:\WINDOWS\system32\AdService.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\flsui.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\ir24l5fq1.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\mv0ml9d11.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\q0680ajuedo80.dll
    Adware:Adware/ClkOptimizer Not disinfected C:\WINDOWS\system32\qagyq.dat
    Virus:Trj/Downloader.HQM Not disinfected C:\WINDOWS\system32\winytp32.dll
    Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysban8.exe
    Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysupd8.exe
  • sla187
    edited February 2006
    ewido anti-malware - Scan report

    + Created on: 3:18:32 PM, 2/17/2006
    + Report-Checksum: BF404F9E

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-4037083257-3905519812-4044386355-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-4037083257-3905519812-4044386355-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105} -> Adware.180Solutions : Cleaned with backup
    HKU\S-1-5-21-4037083257-3905519812-4044386355-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
    HKU\S-1-5-21-4037083257-3905519812-4044386355-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
    HKU\S-1-5-21-4037083257-3905519812-4044386355-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned with backup
    C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfmieodjsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfmikhajkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkycodzokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlykpajeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\A8B7980.tmp/titno.exe -> Adware.MDH : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\i7985.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\iC.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\is-CTR43.tmp\180sa_full.exe -> Adware.WinAD : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\Ssk.exe -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\SskBho.dll -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frCA72\SskCore.dll -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\Ssk.exe -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\SskBho.dll -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\temp.frE654\SskCore.dll -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2HVCDK7E\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2HVCDK7E\winsysupd8[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AT6CO14O\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AVAZI1Q3\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AVOZBKD4\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IXJSTCRQ\install[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SZZFYW1P\winsysban8[1].exe -> Hijacker.VB.lg : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UR7VC9ZO\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
    C:\drsmartload1.exe -> Downloader.VB.wj : Cleaned with backup
    C:\HJT\backups\backup-20060216-210602-667.dll -> Adware.Suggestor : Cleaned with backup
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
    C:\Program Files\Jalmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup
    C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
    C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
    C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Cleaned with backup
    C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\IA\command.exe -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\AdService.dll -> Downloader.Agent.aej : Cleaned with backup
    C:\WINDOWS\system32\flsui.dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\geqkg.dll -> Downloader.Small : Cleaned with backup
    C:\WINDOWS\system32\ir24l5fq1.dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\ksvbkkd.exe -> Trojan.Pakes : Cleaned with backup
    C:\WINDOWS\system32\mv0ml9d11.dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\q0680ajuedo80.dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\qagyq.dat -> Downloader.Qoologic.at : Cleaned with backup
    C:\WINDOWS\system32\qosuqqn.dll -> Downloader.Qoologic.az : Cleaned with backup
    C:\WINDOWS\system32\wgse.exe -> Trojan.Runner.h : Cleaned with backup
    C:\WINDOWS\system32\winytp32.dll -> Downloader.Agent.aej : Cleaned with backup
    C:\WINDOWS\system32\yiqoyy.exe -> Downloader.Qoologic.at : Cleaned with backup


    ::Report End

    Logfile of HijackThis v1.99.1
    Scan saved at 3:22:34 PM, on 2/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    C:\HP\KBD\KBD.EXE
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK. Open Hijack This and do a scan. Place a check (tick) next to the following entries:

    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe

    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll

    Close all other browsers/windows and click Fixed Checked.

    Follow the below instructions:

    Make sure that you can see hidden files and folders:
    • Click "Start".
    • Click "My Computer".
    • Select the "Tools" menu and click "Folder Options".
    • Select the "View" tab.
    • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
    • Uncheck the "Hide protected operating system files (recommended)" option.
    • Click "Yes" to confirm.
    • Uncheck the "Hide file extensions for known file types".
    • Click "OK".

    Using Windows Explorer please navigate to the following folder:

    C:\Program Files

    Delete the following folder if present:

    Jalmp

    Using the Search feature for Windows do a search for this file:

    gimmygames.exe

    If you find it please delete every instance of it.

    Post back another Hijack This log when finished.
  • sla187
    edited February 2006
    I found and deleted jalmp and gimmygames in HJT and their files in My Computer.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:04:04 PM, on 2/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK. Open Hijack This again and have the program fix these two entries:



    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

    Then open Windows Explorer and navigate to the following folder:

    C:\program files\common files\

    And delete the following folder:

    VCClient

    Then post one more log.
  • sla187
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 11:39:20 PM, on 2/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK. Log looks good. Just to make sure though you should reboot and post another log. Then we can declare you CLEAN!
    :)
  • sla187
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 2:10:41 AM, on 2/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{127C1413-AF10-47F0-9A12-7900B36A0879}: NameServer = 128.118.25.3,130.203.1.4
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK log looks good. Are you having any other problems?
  • sla187
    edited February 2006
    I am still getting a few pop-ups, and spybot detects two registry keys that are a threat, but they can't be deleted, even after i restart and run spybot. These keys are in the folder HKEY_LOCAL_MACHINE\SYSTEM. I don't know if they're a problem or not.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    What does Spybot say these are? Does it give a name? The keys likely can't be deleted because at the time the files associated with them are memory resident. If we can find out the names that Spybot returns we can look in the registry then find and delete the values in safe mode or as full rights as an administrator.
  • sla187
    edited February 2006
    Spybot lists the keys under the group "Command Service." The first one is called "System Service," and is located at HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService. The second one is "Settings," at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    OK. We will delete the keys manually. You must follow these instructions very carefully. Make sure that no other programs are open. Start the PC in safe mode. Once in safe mode follow the instructions below.

    Click Start--->Run. In the run box type regedit.

    You will see the registry editor open. Note that it looks and operates much like Windows Explorer. Click file and then click export. A box will open that will allow us to export the registry file. Save the file to your desktop. Name the file with today's date like this: 2-19-2006.reg.

    This will allow us to restore the registry if we make a mistake.

    Now since the editor looks like Windows Explorer please use it to navigate to the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\

    Within that folder will be a subfolder named: c mdService. Right click on this. Click permissions.

    A new window will open. In the top pane of the window make sure that Administrator is highlighted. If it isn't left click on it. In the bottom pane where it says Permissions for administrators make sure that full control and read are checked under the allow column.

    After you've done that click apply. Now right click on the c mdService folder and click delete.

    Now repeat the exact above procedure for the following entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\

    Find and delete the folder named cmdService. Don't forget that you'll have to do the same thing with the permissions on this one as you did the first one.


    When you're finished, close the registry editor and reboot. Try Spybot again and let me know what happens.
  • sla187
    edited February 2006
    I deleted the keys and Spybot found nothing. Everything seems ok now. Thank you very much for all your help.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2006
    Good. I'm glad that worked for you. I will close this thread now. If you need it re-opened just PM me or one of the other moderators and we'll open it.
This discussion has been closed.