|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 HJT Logfile - 3/13/05(Click here to view the original thread with full colors/images)Posted by: JJDChE Here is my logfile. Before generating this file I followed the 7 steps posted by rstones12. 1.) DLed and ran CWShredder (no instances found) 2.) Ran Panda Active Scan and TrendMicro HouseCall 3.) Ran AdawareSE and Spybot S&D 4.) Changed hidden file settings 5.) Updated Virus defs 6.) Ran AdawareSE, Spybot S&D and NortonAntivirus in Safe Mode 7.) Deleted Temp files Running through these steps has made the computer infinitely more usable, but is still running quite slow for a relatively lightly used PC with an XP-M 2800+/256MB RAM. Its apparent that there are several processes in the task manager that shouldn't be there. In the process I've also had to install Firefox because IE was attacked by badurl.grandstreetinteractive.com. Any help would be greatly appreciated. -Jason ___________________________________ Logfile of HijackThis v1.99.1 Scan saved at 9:16:03 PM, on 3/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\secure.exe C:\Program Files\n5rlj5n2\n5rlj5n2.exe C:\windows\system32\msnavc32.exe C:\WINDOWS\System32\uico\wedo.exe C:\WINDOWS\SysCheckBop32.exe C:\WINDOWS\System32\cvskfhe\erkvlauv.exe C:\WINDOWS\System32\jftdgc\umlph.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\bvlc\uknueva.exe C:\WINDOWS\system32\gpmkjov\pvwx.exe C:\WINDOWS\system32\jtkwwv\eiuob.exe C:\WINDOWS\system32\wsxsvc\wsxsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\sysmonnt.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop[/url] O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll O2 - BHO: (no name) - {1EB21A75-B088-9E54-913B-DA7830B7CBCD} - C:\WINDOWS\system32\reafkrl.dll O2 - BHO: (no name) - {1F880A7E-68A3-4FA3-88EC-98C9B74FC228} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {224A79B3-BB87-459F-B6E8-327FA90A54E1} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {4EAA7558-21D9-4939-8179-8A598E94A84B} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {9E3A924F-D950-40B6-B268-9E48B592F7DC} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {CA9592F8-4BB7-4118-9876-3CCA8A44441C} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {FAD817E2-CA49-4B79-9475-D11D499D76A8} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [zcbwww] c:\windows\system32\zcbwww.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\covmbt.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe O4 - HKLM\..\Run: [n5rlj5n2] C:\Program Files\n5rlj5n2\n5rlj5n2.exe O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 O4 - HKLM\..\Run: [skcydc] C:\WINDOWS\System32\skcydc.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [wedo] C:\WINDOWS\System32\uico\wedo.exe O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32 O4 - HKLM\..\Run: [erkvlauv] C:\WINDOWS\System32\cvskfhe\erkvlauv.exe O4 - HKLM\..\Run: [umlph] C:\WINDOWS\System32\jftdgc\umlph.exe O4 - HKLM\..\Run: [uknueva] C:\WINDOWS\System32\bvlc\uknueva.exe O4 - HKLM\..\Run: [pvwx] C:\WINDOWS\system32\gpmkjov\pvwx.exe O4 - HKLM\..\Run: [eiuob] C:\WINDOWS\system32\jtkwwv\eiuob.exe O4 - HKLM\..\Run: [BPT] "c:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [xmioy] C:\WINDOWS\system32\iequ\xmioy.exe O4 - HKLM\..\Run: [gnfnrpw] C:\WINDOWS\system32\hwmkfxns\gnfnrpw.exe O4 - HKLM\..\Run: [aetmtc] C:\WINDOWS\system32\kibwojn\aetmtc.exe O4 - HKLM\..\Run: [ekbtba] C:\WINDOWS\system32\kuvush\ekbtba.exe O4 - HKLM\..\Run: [hiti] C:\WINDOWS\system32\vxhbdc\hiti.exe O4 - HKLM\..\Run: [vuyp] C:\WINDOWS\system32\vvefdw\vuyp.exe O4 - HKLM\..\Run: [p76X37Q] paqemote.exe O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt O4 - HKCU\..\Run: [Ywp7RXc4X] ntoa2.exe O4 - HKCU\..\Run: [prutsct] C:\WINDOWS\System32\prutsct.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: rstones12 JJDChE, This will take a bit, but I will be back in a short while with some instructions. Thanks, rstones12 Posted by: JJDChE Thank you... Posted by: rstones12 JJDChE, Please print out these instructions for a reference. Download the trial version of TrojanHunter [url]http://www.trojanhunter.com/trojanhunter/[/url] Update the program, but dont run it yet. Go to your Control Panel then Add-Remove programs and remove the following or any variation if found: [b]VBouncer ViewPoint Manager/Viewer RVP BPT [/b] Scan with HJT and place a checkmark next to the following items, dont fix anything just yet. [b] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?T...ilion&pf=laptop[/url] O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll O2 - BHO: (no name) - {1EB21A75-B088-9E54-913B-DA7830B7CBCD} - C:\WINDOWS\system32\reafkrl.dll O2 - BHO: (no name) - {1F880A7E-68A3-4FA3-88EC-98C9B74FC228} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {224A79B3-BB87-459F-B6E8-327FA90A54E1} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {4EAA7558-21D9-4939-8179-8A598E94A84B} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {9E3A924F-D950-40B6-B268-9E48B592F7DC} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {CA9592F8-4BB7-4118-9876-3CCA8A44441C} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O2 - BHO: (no name) - {FAD817E2-CA49-4B79-9475-D11D499D76A8} - C:\Program Files\n5rlj5n2\n5rlj5n2.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [zcbwww] c:\windows\system32\zcbwww.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\covmbt.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe O4 - HKLM\..\Run: [n5rlj5n2] C:\Program Files\n5rlj5n2\n5rlj5n2.exe O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 O4 - HKLM\..\Run: [skcydc] C:\WINDOWS\System32\skcydc.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [wedo] C:\WINDOWS\System32\uico\wedo.exe O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32 O4 - HKLM\..\Run: [erkvlauv] C:\WINDOWS\System32\cvskfhe\erkvlauv.exe O4 - HKLM\..\Run: [umlph] C:\WINDOWS\System32\jftdgc\umlph.exe O4 - HKLM\..\Run: [uknueva] C:\WINDOWS\System32\bvlc\uknueva.exe O4 - HKLM\..\Run: [pvwx] C:\WINDOWS\system32\gpmkjov\pvwx.exe O4 - HKLM\..\Run: [eiuob] C:\WINDOWS\system32\jtkwwv\eiuob.exe O4 - HKLM\..\Run: [BPT] "c:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [xmioy] C:\WINDOWS\system32\iequ\xmioy.exe O4 - HKLM\..\Run: [gnfnrpw] C:\WINDOWS\system32\hwmkfxns\gnfnrpw.exe O4 - HKLM\..\Run: [aetmtc] C:\WINDOWS\system32\kibwojn\aetmtc.exe O4 - HKLM\..\Run: [ekbtba] C:\WINDOWS\system32\kuvush\ekbtba.exe O4 - HKLM\..\Run: [hiti] C:\WINDOWS\system32\vxhbdc\hiti.exe O4 - HKLM\..\Run: [vuyp] C:\WINDOWS\system32\vvefdw\vuyp.exe O4 - HKLM\..\Run: [p76X37Q] paqemote.exe O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt O4 - HKCU\..\Run: [Ywp7RXc4X] ntoa2.exe O4 - HKCU\..\Run: [prutsct] C:\WINDOWS\System32\prutsct.exe O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) [/b] Close all browsers and open windows and click [b]"Fix Checked[/b] Update your current Virus Scan definition files. Reboot into safe mode. Search your system and remove the following folders/files if found: C:\Program Files\[b]Viewpoint\Viewpoint Manager\ViewMgr.exe[/b] C:\windows\system32\[b]zcbwww.exe[/b] C:\WINDOWS\[b]farmmext.exe[/b] C:\WINDOWS\system32\[b]covmbt.exe[/b] C:\WINDOWS\system32\[b]secure.exe[/b] C:\Program Files\[b]n5rlj5n2\n5rlj5n2.exe[/b] C:\windows\system32\[b]msnavc32.exe[/b] C:\WINDOWS\System32\[b]skcydc.exe[/b] C:\PROGRA~1\[b]VBouncer\VirtualBouncer.exe[/b] C:\WINDOWS\System32\[b]uico\wedo.exe[/b] C:\WINDOWS\[b]SysCheckBop32[/b] C:\WINDOWS\System32\[b]cvskfhe\erkvlauv.exe[/b] C:\WINDOWS\System32\[b]jftdgc\umlph.exe[/b] C:\WINDOWS\System32\[b]bvlc\uknueva.exe[/b] C:\WINDOWS\system32\[b]gpmkjov\pvwx.exe[/b] C:\WINDOWS\system32\[b]jtkwwv\eiuob.exe[/b] C:\Program Files\[b]Bpt\bpt.exe"[/b] C:\WINDOWS\system32\[b]wsxsvc\wsxsvc.exe[/b] C:\WINDOWS\system32\[b]iequ\xmioy.exe[/b] C:\WINDOWS\system32\[b]hwmkfxns\gnfnrpw.exe[/b] C:\WINDOWS\system32\[b]kibwojn\aetmtc.exe[/b] C:\WINDOWS\system32\[b]kuvush\ekbtba.exe[/b] C:\WINDOWS\system32\[b]vxhbdc\hiti.exe[/b] C:\WINDOWS\system32\[b]vvefdw\vuyp.exe[/b] [b]paqemote.exe[/b] C:\WINDOWS\[b]nyei.exe[/b] C:\WINDOWS\System32\[b]sysmonnt[/b] [b]ntoa2.exe[/b] C:\WINDOWS\System32\[b]prutsct.exe[/b] Empty the Recycle bin Run [b]Trojan Hunter Spybot S&D Ad-Aware SE Anti-Virus[/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. Reboot normally and post back a new HJT log by using [b]Post a Reply[/b] Thanks, rstones12 Posted by: JJDChE OK, I'm going throught the process and I'm up to where I have rebooted in safe mode and I am deleting files. As I'm searching for the files you have listed I'm seeing that Windows is finding variations in the "C:\WINDOWS\prefetch" folder. For example when searching for: "zcbwww.exe" it returned [b]C:\WINDOWS\prefetch\zcbwww.exe-OEDB2971.pf[/b] This has occurred during several searches. Should I also remove all of these files? Posted by: rstones12 Yes, that would be ok. Posted by: JJDChE I'm running through Trojan Hunter right now. The only issue I had trying to remove files was that I couldn't delete "C:\WINDOWS\system32\msnavc32.exe". It gave me an "Access Denied" message. I also saw a file named "msnav32.ax" (without the 'c') directly above msnavc32.exe in the system32 folder. I don't know if this is of any relevance. EDIT: I was able to remove msnavc32.exe after restarting in safe mode. Posted by: rstones12 Just remove the items that I highlighted. Are you running Trojan Hunter in Safe Mode??? It's ok if Trojan Hunter can't remove them, when you post your next HJT log we can take a look and see what is going on. rstones12 Posted by: JJDChE Yes, Trojan Hunter is running in Safe Mode. Posted by: JJDChE Logfile of HijackThis v1.99.1 Scan saved at 1:13:32 PM, on 3/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [uknueva] C:\WINDOWS\System32\bvlc\uknueva.exe O4 - HKLM\..\Run: [erkvlauv] C:\WINDOWS\System32\cvskfhe\erkvlauv.exe O4 - HKLM\..\Run: [pvwx] C:\WINDOWS\system32\gpmkjov\pvwx.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: rstones12 JJDChE, That looks much better. However we need to fix a few more items. First Who is your current ISP? Thanks, rstones12 Posted by: JJDChE The ISP is Comcast. Posted by: rstones12 JJDChE, OK Please print out these instructions or save the file with notepad and then put it on your desktop. We will be going into Safe Mode so you wont have access to the Internet. Enable Hidden Folders/Files Windows XP * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Reboot into Safe Mode (without networking) Scan with HJT and place a checkmark next to the following items: [b] O4 - HKLM\..\Run: [uknueva] C:\WINDOWS\System32\bvlc\uknueva.exe O4 - HKLM\..\Run: [erkvlauv] C:\WINDOWS\System32\cvskfhe\erkvlauv.exe O4 - HKLM\..\Run: [pvwx] C:\WINDOWS\system32\gpmkjov\pvwx.exe [/b] With only HJT open click [b]Fix Checked[/b] Do a system search and remove the following folders/files if found: C:\WINDOWS\System32\[b]bvlc\uknueva.exe[/b] <-- This folder C:\WINDOWS\System32\[b]cvskfhe\erkvlauv.exe[/b] <-- This Folder C:\WINDOWS\system32\[b]gpmkjov\pvwx.exe[/b] <-- This Folder Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. Reboot normally and post back a new HJT log by using [b]Post a Reply[/b] Thanks, rstones12 Posted by: JJDChE Logfile of HijackThis v1.99.1 Scan saved at 2:54:58 PM, on 3/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: rstones12 JJDChE, Your log looks good, are you having any issues. Please read the recommended threads on keeping your system secure. [url]http://www.tech-forums.net/showthread.php?s=&threadid=36259[/url] [url]http://www.tech-forums.net/showthread.php?s=&threadid=35181[/url] [url]http://www.tech-forums.net/showthread.php?s=&threadid=35187[/url] Here is a good clean up tool: Download and install CleanUp [url]http://cleanup.stevengould.org/[/url] If you have anymore issues please feel free to post back. Thanks, rstones12 Posted by: southernlady Can I close this one now? Liz Posted by: JJDChE Thank you very much, you've been a big help! -Jason Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |