Anti-blaxx?

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Anti-blaxx?

Options

Keichin View Member Profile	Nov 12 2006, 09:45 AM Post #1
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	I am experiencing the same problems reported here. I began by running an adaware scan using the latest definitions, and i quarantined the findings. Next, I began following the diagnosis percribed at the aforementioned link. I downloaded AVG Anti-Spyware 7.5 and the entire definitions file. I manually updated the definitions. I wran the scan overnight. Just this morning I set AVG to perform the reccomended action and I clicked clean. It went through about 3 of the 1,300+ entries, before prompting me to move an archive that contained a virus into quarantine, I of course selected yes. And that was it. It froze. I hard rebooted into safe mode and it is crawling. In fact, it boots just past the "You are woorking in safe mode" prompt and stops at a black screen. I'm worried about losing my data. Where do I go from here?

Keichin View Member Profile	Nov 12 2006, 07:32 PM Post #2
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	Rebooted into normal mode. Here's a HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:18:58 AM, on 11/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\lmgrd.exe C:\Program Files\Roxio\GoBack\GBPoll.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\sgiawd.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe C:\WINDOWS\System32\svchost.exe c:\toshiba\ivp\swupdate\swupdtmr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\tppaldr.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Roxio\GoBack\GBTray.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe C:\WINDOWS\system32\TWarnMsg.exe C:\Documents and Settings\Kyle Eichin\Desktop\HijackThis.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ACEE7CED-CC50-EEDC-7C03-C889195E64EE} - C:\WINDOWS\system32\gkmyx.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsot.dll,startup O4 - HKLM\..\Run: [ugugpqj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ugugpqj.dll,wwhrmed O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Osus] "C:\PROGRA~1\SEMBLY~1\msconfig.exe" -vt yazb O4 - HKCU\..\Run: [Abnlfa] C:\Program Files\Common Files\F?nts\n?tepad.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0020.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://gemas.webex.com/client/v_mywebex-t2...bex/ieatgpc.cab O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\lmgrd.exe O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) I have an AVG Anti-Spyware log from this morning. It lists the location of the file and the name of the mailicous software, as well as the action taken, which is ignored.

Buckeye_Sam View Member Profile	Nov 14 2006, 08:58 AM Post #3
Malware Expert Group: HJT Team Posts: 10,301 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

Keichin View Member Profile	Nov 14 2006, 05:45 PM Post #4
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	I just started the scan. The window is open, and Performing a scan of your machine is displayed. The cursor is flashing. Oddly enough, all my desktop icons disappeared as soon as I started the scan. I credit this to the fact that the system is running unimaginably slow. I get back to you with the results as soon as It finishes. Should I expect to be propmted for a location to save the log file? Kind regards, KE

Buckeye_Sam View Member Profile	Nov 14 2006, 07:52 PM Post #5
Malware Expert Group: HJT Team Posts: 10,301 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	The log can be found at C:\Combofix.txt once that scan completes. If it doesn't open up for you, check there for it. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

Keichin View Member Profile	Nov 14 2006, 11:21 PM Post #6
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	Here you go: Kyle Eichin - 06-11-14 17:15:08.29 Service Pack 2 ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Kyle Eichin\My Documents" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\Program Files\Common Files\Yazzle1162OinAdmin.exe C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\WINDOWS\system32\ixt0.dll C:\Program Files\Safety Bar C:\Program Files\winupdates C:\WINDOWS\system32\components C:\Program Files\Common Files\{3CFB2313-0AE9-1033-0126-040218200001} C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Program Files\SEMBLY~1 C:\QooBox\Purity\Program Files\Common Files\FNTS~1 C:\QooBox\Purity\Program Files\Common Files\FNTS~1\n?tepad.exe C:\QooBox\Purity\Program Files\SEMBLY~1\msconfig.exe C:\QooBox\Purity\Program Files\SEMBLY~1\??sembly C:\QooBox\Purity\WINDOWS\CURITY~1 ((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 )))))))))))))))))))))))))))))))))) 2006-11-13 16:08 699,661 ---hs---- C:\WINDOWS\system32\cccdd.ini2 2006-11-11 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-10 00:23 110,612 --a--c--- C:\WINDOWS\system32\ctqwfxhs.exe 2006-11-10 00:22 764,241 ---hs---- C:\WINDOWS\system32\cccdd.bak2 2006-11-05 19:02 110,612 --a------ C:\WINDOWS\system32\ivxiulii.exe 2006-11-05 19:01 752,271 ---hs---- C:\WINDOWS\system32\cccdd.bak1 2006-11-05 18:59 692,276 ---hs---- C:\WINDOWS\system32\ddccc.dll 2006-11-05 18:44 106,496 --a------ C:\WINDOWS\system32\impgsje.dll 2006-11-05 18:40 2 --a------ C:\WINDOWS\system32\wtssvit.exe 2006-11-05 18:38 94,208 --a------ C:\WINDOWS\system32\ugugpqj.dll 2006-11-05 18:38 72,704 --a------ C:\WINDOWS\system32\lexjpbc.dll 2006-11-05 18:37 59,392 --a------ C:\WINDOWS\system32\drvsot.dll 2006-11-05 18:37 40,973 ---hs---- C:\WINDOWS\system32\ddcbyxx.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-14 19:01 -------- d-a------ C:\Program Files\Common Files 2006-11-13 16:06 -------- d-------- C:\Program Files\VSAdd-in 2006-11-11 21:32 -------- d-------- C:\Program Files\VirusBursters 2006-11-11 20:20 -------- d-------- C:\Program Files\Grisoft 2006-11-11 12:03 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-05 19:04 -------- d-------- C:\Documents and Settings\Kyle Eichin\Application Data\SearchToolbarCorp 2006-11-05 18:39 -------- d-------- C:\Documents and Settings\Kyle Eichin\Application Data\Google 2006-10-29 13:26 -------- d-------- C:\Program Files\Google 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-03 22:18 126 --a------ C:\Documents and Settings\Kyle Eichin\Application Data\iScrobbler.ini 2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Osus"="\"C:\\PROGRA~1\\SEMBLY~1\\msconfig.exe\" -vt yazb" "Abnlfa"="C:\\Program Files\\Common Files\\F?nts\\n?tepad.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "TPSMain"="TPSMain.exe" "TPP Auto Loader"="C:\\WINDOWS\\tppaldr.exe" "TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "TFNF5"="TFNF5.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvsot.dll,startup" "ugugpqj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ugugpqj.dll,wwhrmed" "VirusBursters"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{6809e580-a3a7-11d1-9a00-00a0c945b006}"="GoBack Shell Extension" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "issearch.exe"="issearch.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "archenteric"="{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlig32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-11-14 20:13:59.89 C:\ComboFix.txt ... 06-11-14 20:13

Buckeye_Sam View Member Profile	Nov 15 2006, 06:05 PM Post #7
Malware Expert Group: HJT Team Posts: 10,301 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	You've got some troublemakers still showing up in your log. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt even if Vundofix found no infected files. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Also post a new hijackthis log. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

Keichin View Member Profile	Nov 15 2006, 11:30 PM Post #8
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	I ran Spybot early this morning and Found 110 errors. Is it OK to fix? Never mind, I'll just run VundoFix, post the logs, etc. I can always run it again later. I'm interested to know the answer, though.

Buckeye_Sam View Member Profile	Nov 16 2006, 05:18 PM Post #9
Malware Expert Group: HJT Team Posts: 10,301 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	It won't hurt to let Spybot fix whatever it found, but Spybot alone won't be able to clean you up. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

Keichin View Member Profile	Nov 17 2006, 05:40 AM Post #10
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	I'm ecstatic to report that after 29 hours of running VundoFix, Windows felt compelled to restart upon completion of an automatic update. I suppose I'll start over (edit: as soon as it finishes a second round of updates). This post has been edited by Keichin: Nov 17 2006, 06:12 AM

Buckeye_Sam View Member Profile	Nov 17 2006, 09:09 AM Post #11
Malware Expert Group: HJT Team Posts: 10,301 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Oh no. Vundofix shouldn't take any where near that long. Check to see if it created a log here - C:\vundofix.txt If so, post it in your next reply. Also post a new hijackthis log. We'll work around Vundofix if it's not getting it done for us. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

Keichin View Member Profile	Nov 18 2006, 12:10 AM Post #12
Member Group: Members Posts: 46 Joined: 12-November 06 Member No.: 95,168	Not a problem. It seems like cleaning house with spybot freed up some system resources. VundoFix is done.3 VundoFix V6.2.8 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.6 Scan started at 12:00:11 AM 11/16/2006 Listing files found while scanning.... VundoFix V6.2.8 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.6 Scan started at 5:59:14 PM 11/17/2006 Listing files found while scanning.... C:\WINDOWS\system32\lexjpbc.dll C:\WINDOWS\system32\ugugpqj.dll C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak2 C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.tmp Beginning removal... Attempting to delete C:\WINDOWS\system32\lexjpbc.dll C:\WINDOWS\system32\lexjpbc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ugugpqj.dll C:\WINDOWS\system32\ugugpqj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\ddccc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini C:\WINDOWS\system32\cccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.bak1 C:\WINDOWS\system32\cccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.bak2 C:\WINDOWS\system32\cccdd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.ini2 C:\WINDOWS\system32\cccdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cccdd.tmp C:\WINDOWS\system32\cccdd.tmp Has been deleted! Performing Repairs to the registry. Done! And the new HJT log Logfile of HijackThis v1.99.1 Scan saved at 11:42:27 PM, on 11/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\lmgrd.exe C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe C:\Program Files\Roxio\GoBack\GBPoll.exe C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\sgiawd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$SIMPLEREMOTE\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe C:\WINDOWS\System32\svchost.exe c:\toshiba\ivp\swupdate\swupdtmr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\tppaldr.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\VirusBursters\virusbursters.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\KYLEEI~1\APPLIC~1\SCURIT~1\winspool.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Roxio\GoBack\GBTray.exe C:\WINDOWS\system32\TWarnMsg.exe C:\Documents and Settings\Kyle Eichin\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ACEE7CED-CC50-EEDC-7C03-C889195E64EE} - C:\WINDOWS\system32\gkmyx.dll (file missing) R3 - URLSearchHook: (no name) - {ADBE25BE-C97E-908F-7870-C3891028319D} - C:\WINDOWS\system32\bavpq.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {03464E23-3F17-177C-65CB-0B56358620B3} - C:\WINDOWS\system32\lexjpbc.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1808648B-3102-4293-8AD3-06AF71D3321B} - (no file) O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {AA1A3D49-8E8D-822C-DDDA-D928EA0733C8} - C:\WINDOWS\system32\jxcki.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {ACEE7CED-CC50-EEDC-7C03-C889195E64EE} - C:\WINDOWS\system32\gkmyx.dll (file missing) O2 - BHO: (no name) - {ADBE25BE-C97E-908F-7870-C3891028319D} - C:\WINDOWS\system32\bavpq.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {C6B4D2B6-1D76-446A-B99D-D8550C9C419A} - C:\WINDOWS\system32\ddccc.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\kvcixrby.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsot.dll,startup O4 - HKLM\..\Run: [ugugpqj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ugugpqj.dll,wwhrmed O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Osus] "C:\DOCUME~1\KYLEEI~1\APPLIC~1\SCURIT~1\winspool.exe" -vt ndrv O4 - HKCU\..\Run: [Abnlfa] C:\Program Files\Common Files\F?nts\n?tepad.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0020.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://gemas.webex.com/client/v_mywebex-t2...bex/ieatgpc.cab O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winlig32 - winlig32.dll (file missing) O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\AliasWavefront Shared\Licensing\etc\lmgrd.exe O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Thanks for all the help. I'm truly excited we've been able ot come this far!! I'm in the process of starting a Panda ActiveScan. I'll let you know how it goes.

Buckeye_Sam