Tech Support Forum - View Single Post

alba · 07-13-2005, 02:01 PM

Various Problems; HJT log (Analyzed)

69sexsearch opens on every startup.
540filehost opens most startups.
Just removed 'Critical Warning! Spyware....' message from desktop using Ad-Aware.
Computer just isn't quite right.

Any help much appreciated

================================================== ==================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 18:18:34, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\svchost.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
C:\WINDOWS\NeroCheck.exe
C:\WINDOWS\nrchk.exe
C:\WINDOWS\msexploren.exe
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\fw_304.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Documents and Settings\Peter\Desktop\Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\NeroCheck.exe /i
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1106072202191
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OC...ClientNoMFC.cab
O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing)
O23 - Service: svchost.exe - Unknown - C:\WINDOWS\svchost.exe

End of KRC HijackThis Analyzer Log.
================================================== ==================

Thanks in advance
Matt

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.
Download CleanUp! (Alternate Link if main link don't work – and install it. You will need this later.

Download DelDomains and select Save Link As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears).
Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
C:\WINDOWS\msexploren.exe
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\fw_304.exe
C:\Program Files\Spyware Cleaner

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

BazookaBar
Spyware Cleaner

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll
O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe
O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 - Trusted Zone: http://*.69sexsearch.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\System32\omkc.dll
C:\WINDOWS\system32\ztoolb004.dll
C:\WINDOWS\msexploren.exe /i
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\fw_304.exe /i
C:\Program Files\Spyware Cleaner
C:\WINDOWS\system32\symcsvc.exe
C:\winstall.exe
c:\eied_s7.cab
c:\ex.cab
C:\WINDOWS\System32\vbsys2.dll

Do a search for the following files and delete them.
systemp.dll
vr_sys.dll

Run DelDomains.inf file, right click on it and select Install.
Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot your System in normal mode.

Run an online scan at Trend Micro or RAV Antivirus.
Please select the “autoclean” option when using Trend Micro.

Please post a fresh Hijack This log so that we can check if your system is clean.

07-13-2005, 02:01 PM	#4 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Various Problems; HJT log (Analyzed) 69sexsearch opens on every startup. 540filehost opens most startups. Just removed 'Critical Warning! Spyware....' message from desktop using Ad-Aware. Computer just isn't quite right. Any help much appreciated ================================================== ================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 18:18:34, on 13/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\svchost.exe C:\PROGRA~1\DATACA~1\FLashKsk.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe C:\WINDOWS\NeroCheck.exe C:\WINDOWS\nrchk.exe C:\WINDOWS\msexploren.exe C:\WINDOWS\gaSrve.exe C:\WINDOWS\fw_304.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\Documents and Settings\Peter\Desktop\Stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing) O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\NeroCheck.exe /i O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O15 - Trusted Zone: http://.69sexsearch.com O15 - Trusted Zone: .skoobidoo.com O15 - Trusted Zone: .slotchbar.com O15 - Trusted Zone: .windupdates.com O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O15 - Trusted Zone: .skoobidoo.com (HKLM) O15 - Trusted Zone: .slotchbar.com (HKLM) O15 - Trusted Zone: .windupdates.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: (HKLM) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1106072202191 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OC...ClientNoMFC.cab O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing) O23 - Service: svchost.exe - Unknown - C:\WINDOWS\svchost.exe End of KRC HijackThis Analyzer Log. ================================================== ================== Thanks in advance Matt Hello and welcome to TSF Please print out or copy this page to Notepad* in order to assist you when carrying out the following instructions. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work – and install it. You will need this later. Download DelDomains and select Save Link As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears). Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time). C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe C:\WINDOWS\msexploren.exe C:\WINDOWS\gaSrve.exe C:\WINDOWS\fw_304.exe C:\Program Files\Spyware Cleaner Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: BazookaBar Spyware Cleaner Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: (no name) - {453FDA5C-FE1F-4B6A-B935-1037EF424368} - C:\WINDOWS\System32\omkc.dll (file missing) O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb004.dll O4 - HKLM\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKLM\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\msexploren.exe /i O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [1F220CD6] C:\DOCUME~1\Peter\LOCALS~1\Temp\hibg.exe O4 - HKCU\..\Run: [514088FE] C:\DOCUME~1\Peter\LOCALS~1\Temp\mfhj.exe O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O15 - Trusted Zone: http://.69sexsearch.com O15 - Trusted Zone: .skoobidoo.com O15 - Trusted Zone: .slotchbar.com O15 - Trusted Zone: .windupdates.com O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O15 - Trusted Zone: .skoobidoo.com (HKLM) O15 - Trusted Zone: .slotchbar.com (HKLM) O15 - Trusted Zone: .windupdates.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: (HKLM) O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O21 - SSODL: systemp - {B2FEAA7D-DCD2-4D7A-9092-04EF2105DDD3} - systemp.dll (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O21 - SSODL: System - {89E1BD04-BBBC-4E05-9064-E8537192BD0D} - vr_sys.dll (file missing) Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\System32\omkc.dll C:\WINDOWS\system32\ztoolb004.dll C:\WINDOWS\msexploren.exe /i C:\WINDOWS\gaSrve.exe C:\WINDOWS\fw_304.exe /i C:\Program Files\Spyware Cleaner C:\WINDOWS\system32\symcsvc.exe C:\winstall.exe c:\eied_s7.cab c:\ex.cab C:\WINDOWS\System32\vbsys2.dll Do a search for the following files and delete them. systemp.dll vr_sys.dll Run DelDomains.inf file, right click on it and select Install. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot your System in normal mode. Run an online scan at Trend Micro or RAV Antivirus. Please select the “autoclean” option when using Trend Micro. Please post a fresh Hijack This log so that we can check if your system is clean. __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat Last edited by alba; 07-13-2005 at 02:30 PM.