Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

caswnd file [RESOLVED]


  • This topic is locked This topic is locked

#1
trektravel

trektravel

    Member

  • Member
  • PipPip
  • 16 posts
HELP!
I have been fighting a bug in my computer for about a week.
I have AVG virus scanner (can see the problem)
McAfee virus scanner - finds the problem spots, but can't delete, quarantine or clean the problems
spybot doesn't find a problem. I tried CW Shredder only to get an error box about a bad download. Clean up runs fine
ewido says it only work on Win 200 or newer, I have Win ME _ I thought they were the same, guess not.
Anyway, here is a log, please tell me what the next step is to regain controll of my computer!
Can't access my computer or do file searches without getting an error box about a dho.dll file
Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 7:03:17 PM, on 10/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CMSYSTEM\CMSYSTEM.EXE
C:\PROGRAM FILES\FCENGINE\FCENGINE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WSPAN\SWGW\FILTERAGENT.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {71D1708F-973D-4600-AF01-AD86688403AE} - (no file)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\SYSTEM\BHO.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VEAOLZL] C:\WINDOWS\VEAOLZL.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: WORLDSPAN FILTER AGENT.LNK = C:\WSPAN\swgw\FilterAgent.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Juno - {20BB2C4A-D492-4A51-A5FE-4949127328D2} - juno.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go.preview.w...owserConfig.cab
O16 - DPF: {C1EA01C5-9E62-11D2-A1DE-000083609ECD} (WORLDSPAN Print Control) - https://go.preview.w...LLs/WSPRINT.CAB
O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go7f.wspan.c...s/SCMDirCtl.CAB
O16 - DPF: {99277FB1-0165-11D3-8369-000083613743} (SCM Class) - https://go.preview.w.../DLLs/WSSCM.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go2d.wspan.c...Ls/WSFileIO.cab
O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://go.preview.w...DLLs/WSEMUL.CAB
O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go7f.wspan.c.../WSCustInst.CAB
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go2d.wspan.c...Ls/WSPrint3.CAB
O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go2d.wspan.c...LLs/WSEMUL2.CAB
O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go7f.wspan.c...dTranslator.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://usa1chat.tup...t/TLIEFlash.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go11f.wspan....s/WSFileIO2.cab
O16 - DPF: {6FC2871E-004B-4141-B9C0-59708BD96CCE} (WSEmul Control 3) - https://go9f.wspan.c...LLs/WSEMUL3.CAB
O16 - DPF: {6DD584C4-79F4-4F46-8F81-C26AA75D8467} (ComboBox.UserControl1) - https://go9f.wspan.c...LLs/WSCombo.CAB
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {CB6F8DE2-913D-4543-9FBB-C1E1340BFD24} (FTPCtrl Class) - http://gopublic.wspa.../DLLs/wsftp.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://go4f.wspan.c...s/bin/WSCAL.CAB
O16 - DPF: {EFFFC7A6-4D95-4A18-8A14-FEB082D9C67D} (SCM Class1) - https://go7f.wspan.c...DLLs/WSSCM1.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL
  • 0

Advertisements


#2
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel Welcome to Geeks To Go!

Sorry for the delay in our response. I am currently reviewing your log, and as soon as I am cleared, I will post a fix. Thanks for the patience :tazz:




Steamhead
  • 0

#3
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel! I need to ask a question before we get started.

Do you know what the domains worldspan.com and wspan.com are? If so, please tell me what they are.
  • 0

#4
trektravel

trektravel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I work for a travel agency. Worldspan and wspan are pages for the airline computers-- these are not a huge threat to anyone as the programs all still operate in DOS!
Heaven forbid the airlines spend $$ on updating the computers worldwide!
Let me know what else you see that is out of place
Thanks! :tazz:
  • 0

#5
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel, welcome to Geeks to Go! My name is Steamhead and i will be helping you out today! You may want to print this out, or save a copy of it to notepad, so you will have it with you the entire time.

Let's get started!

STEP 1:

Open HijackThis! and scan your computer, place a check next to the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

O2 - BHO: (no name) - {71D1708F-973D-4600-AF01-AD86688403AE} - (no file)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\SYSTEM\BHO.DLL

O4 - HKLM\..\Run: [VEAOLZL] C:\WINDOWS\VEAOLZL.EXE
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"

O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL


Close ALL windows and browsers execpt for HJT. Click on "Fix Checked"

STEP 2:

Great! Now we need to reboot the computer in "Safe Mode". To do this, restart your computer, and while it is starting up tap F8. Select Safe Mode and press enter.

Open Explorer by right clicking on Start then "Explore" . Find and delete the following files in red:

C:\WINDOWS\SYSTEM\BHO.DLL
C:\WINDOWS\VEAOLZL.EXE
C:\Program Files\CMSystem\CMSystem.exe
C:\Program Files\FCEngine\FCEngine.exe

and the following folders in red:

C:\Program Files\CMSystem
C:\Program Files\FCEngine
Now reboot your computer normally.

Awesome!

STEP 3:

Post a fresh HJT log and tell me if things are better!
  • 0

#6
trektravel

trektravel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here's the latest log. I can now get into my computer, can search for files and seem to have recovered use of internet explorer!! :tazz:
Let me know if anything else in this log looks out of place.
The C:\Program Files\CMSystem file was unter my Canon camera stuff, was it a hitch-hiker or part of the Canon program?
Logfile of HijackThis v1.99.1
Scan saved at 9:32:35 PM, on 10/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WSPAN\SWGW\FILTERAGENT.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {71D1708F-973D-4600-AF01-AD86688403AE} - (no file)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\SYSTEM\BHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VEAOLZL] C:\WINDOWS\VEAOLZL.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: WORLDSPAN FILTER AGENT.LNK = C:\WSPAN\swgw\FilterAgent.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Juno - {20BB2C4A-D492-4A51-A5FE-4949127328D2} - juno.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go.preview.w...owserConfig.cab
O16 - DPF: {C1EA01C5-9E62-11D2-A1DE-000083609ECD} (WORLDSPAN Print Control) - https://go.preview.w...LLs/WSPRINT.CAB
O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go7f.wspan.c...s/SCMDirCtl.CAB
O16 - DPF: {99277FB1-0165-11D3-8369-000083613743} (SCM Class) - https://go.preview.w.../DLLs/WSSCM.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go2d.wspan.c...Ls/WSFileIO.cab
O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://go.preview.w...DLLs/WSEMUL.CAB
O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go7f.wspan.c.../WSCustInst.CAB
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go2d.wspan.c...Ls/WSPrint3.CAB
O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go2d.wspan.c...LLs/WSEMUL2.CAB
O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go7f.wspan.c...dTranslator.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://usa1chat.tup...t/TLIEFlash.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go11f.wspan....s/WSFileIO2.cab
O16 - DPF: {6FC2871E-004B-4141-B9C0-59708BD96CCE} (WSEmul Control 3) - https://go9f.wspan.c...LLs/WSEMUL3.CAB
O16 - DPF: {6DD584C4-79F4-4F46-8F81-C26AA75D8467} (ComboBox.UserControl1) - https://go9f.wspan.c...LLs/WSCombo.CAB
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {CB6F8DE2-913D-4543-9FBB-C1E1340BFD24} (FTPCtrl Class) - http://gopublic.wspa.../DLLs/wsftp.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://go4f.wspan.c...s/bin/WSCAL.CAB
O16 - DPF: {EFFFC7A6-4D95-4A18-8A14-FEB082D9C67D} (SCM Class1) - https://go7f.wspan.c...DLLs/WSSCM1.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL
  • 0

#7
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel, welcome back!

I'm glad to hear your problems are fixed, however just to make sure CMSystem is good or bad, i'd like to scan it. Please follow these instructions:

STEP 1:

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Program Files\CMSystem\CMSystem.exe
  • Click on the submit button
  • Please post the results in your next reply.

  • 0

#8
trektravel

trektravel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:tazz: I don't have it anymore! Figured I would recycle it and if I needed it I could always pull it off the disc that came with the camera~ or I hope that I can!
So.... If all else looks right then I will let you go save the day for some other damsel in distress!
Thanks a million~ you are the best!
  • 0

#9
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel! Welcome back!

Glad to hear your problem is fixed!! However, just to make sure your computer is completely clean, I'd like to see a fresh HJT log, if you may. Thanks!
  • 0

#10
trektravel

trektravel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Funny how I can see the CMSystem thingy in the log file, but my system couldn't find it to run it thru the Jotti virus scanner?!
Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 8:32:33 PM, on 10/9/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WSPAN\SWGW\FILTERAGENT.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {71D1708F-973D-4600-AF01-AD86688403AE} - (no file)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\SYSTEM\BHO.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VEAOLZL] C:\WINDOWS\VEAOLZL.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: WORLDSPAN FILTER AGENT.LNK = C:\WSPAN\swgw\FilterAgent.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Juno - {20BB2C4A-D492-4A51-A5FE-4949127328D2} - juno.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go.preview.w...owserConfig.cab
O16 - DPF: {C1EA01C5-9E62-11D2-A1DE-000083609ECD} (WORLDSPAN Print Control) - https://go.preview.w...LLs/WSPRINT.CAB
O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go7f.wspan.c...s/SCMDirCtl.CAB
O16 - DPF: {99277FB1-0165-11D3-8369-000083613743} (SCM Class) - https://go.preview.w.../DLLs/WSSCM.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go2d.wspan.c...Ls/WSFileIO.cab
O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://go.preview.w...DLLs/WSEMUL.CAB
O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go7f.wspan.c.../WSCustInst.CAB
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go2d.wspan.c...Ls/WSPrint3.CAB
O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go2d.wspan.c...LLs/WSEMUL2.CAB
O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go7f.wspan.c...dTranslator.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://usa1chat.tup...t/TLIEFlash.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go11f.wspan....s/WSFileIO2.cab
O16 - DPF: {6FC2871E-004B-4141-B9C0-59708BD96CCE} (WSEmul Control 3) - https://go9f.wspan.c...LLs/WSEMUL3.CAB
O16 - DPF: {6DD584C4-79F4-4F46-8F81-C26AA75D8467} (ComboBox.UserControl1) - https://go9f.wspan.c...LLs/WSCombo.CAB
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {CB6F8DE2-913D-4543-9FBB-C1E1340BFD24} (FTPCtrl Class) - http://gopublic.wspa.../DLLs/wsftp.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://go4f.wspan.c...s/bin/WSCAL.CAB
O16 - DPF: {EFFFC7A6-4D95-4A18-8A14-FEB082D9C67D} (SCM Class1) - https://go7f.wspan.c...DLLs/WSSCM1.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL
  • 0

#11
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel, welcome back!
Yes, CMSystem along with some other stuff we tries to remove earlier is still present in your log. Let's try a different approach this time, shall we?
You may want to print this out, or save it to notepad, so you will have it with you the entire time.

STEP 1:

Open HijackThis! And scan your computer. Place a check next to the following entries.

O2 - BHO: (no name) - {71D1708F-973D-4600-AF01-AD86688403AE} - (no file)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\SYSTEM\BHO.DLL (file missing)
O4 - HKLM\..\Run: [VEAOLZL] C:\WINDOWS\VEAOLZL.EXE
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL

Close ALL windows and browsers, execpt HijackThis!, and click on "Fix Checked"

STEP 2:

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\PROGRAM FILES\FCENGINE\PLUGIN.DLL
C:\WINDOWS\SYSTEM\BHO.DLL
C:\WINDOWS\VEAOLZL.EXE
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\CMSystem\CMSystem.exe


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

STEP 3:

Open Explorer (via right clicking on Start then "explore")
Delete the following folders in red:

C:\Program Files\CMSystem
C:\Program Files\FCEngine

STEP 4:

Reboot your PC normally!

Post a fresh HJT log for me to look at!

Steamhead.

  • 0

#12
trektravel

trektravel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
How does this one look?
Logfile of HijackThis v1.99.1
Scan saved at 9:42:39 PM, on 10/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WSPAN\SWGW\FILTERAGENT.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Juno
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\PROGRAM FILES\ADWAREALERT\ADWAREALERT.Exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: WORLDSPAN FILTER AGENT.LNK = C:\WSPAN\swgw\FilterAgent.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Juno - {20BB2C4A-D492-4A51-A5FE-4949127328D2} - juno.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go.preview.w...owserConfig.cab
O16 - DPF: {C1EA01C5-9E62-11D2-A1DE-000083609ECD} (WORLDSPAN Print Control) - https://go.preview.w...LLs/WSPRINT.CAB
O16 - DPF: {52454909-B15F-11D3-83A3-000083613743} (SCMDir Class) - https://go7f.wspan.c...s/SCMDirCtl.CAB
O16 - DPF: {99277FB1-0165-11D3-8369-000083613743} (SCM Class) - https://go.preview.w.../DLLs/WSSCM.CAB
O16 - DPF: {E99BF99C-5D95-11D4-A0EC-00500489A32D} (WSFileIO Class) - https://go2d.wspan.c...Ls/WSFileIO.cab
O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://go.preview.w...DLLs/WSEMUL.CAB
O16 - DPF: {A4D41E3A-613D-11D3-85B2-400011500081} (WSCustInst Class) - https://go7f.wspan.c.../WSCustInst.CAB
O16 - DPF: {7DB7E238-1425-4434-8B05-6453AD6A49C6} (WSPrint3 Control) - https://go2d.wspan.c...Ls/WSPrint3.CAB
O16 - DPF: {E367B390-9331-4003-B884-7D1EF8C9EEF7} (WSEmul Control 2) - https://go2d.wspan.c...LLs/WSEMUL2.CAB
O16 - DPF: {85788258-6ACF-4FC1-A2CD-3BD248065AB9} (WSKeyboardMap Class) - https://go7f.wspan.c...dTranslator.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://usa1chat.tup...t/TLIEFlash.CAB
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan....s/WSFileIO3.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go11f.wspan....s/WSFileIO2.cab
O16 - DPF: {6FC2871E-004B-4141-B9C0-59708BD96CCE} (WSEmul Control 3) - https://go9f.wspan.c...LLs/WSEMUL3.CAB
O16 - DPF: {6DD584C4-79F4-4F46-8F81-C26AA75D8467} (ComboBox.UserControl1) - https://go9f.wspan.c...LLs/WSCombo.CAB
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wsp...Information.cab
O16 - DPF: {CB6F8DE2-913D-4543-9FBB-C1E1340BFD24} (FTPCtrl Class) - http://gopublic.wspa.../DLLs/wsftp.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://go4f.wspan.c...s/bin/WSCAL.CAB
O16 - DPF: {EFFFC7A6-4D95-4A18-8A14-FEB082D9C67D} (SCM Class1) - https://go7f.wspan.c...DLLs/WSSCM1.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
  • 0

#13
Steamhead

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello trektravel!

Good news! The files are gone, and your log is clean. IF you happen to experience any more problems, be sure to tell me, otherwise, I'd advise reading this prevention speech.


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.

  • 0

#14
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP