I posted this message to the New and Undetected Forum, however, it looks like it is supposed to be posted here. I really appreciate the fact that volunteers are willing to help the victims of cyber-terrorists!

I've been having problems with my computer for a couple of weeks. It started with popups related to the WinAntiVirusPro2006. I did think it was legitimate at first and attempted to install it, until I found out it wasn't free. Since then I continue to get these and other related popups and error messages that require me to reboot my computer. It happens primarily when I'm working with email, but occassionally happens while on various internet sites.

So far I have run AdWare, SBC Yahoo Anti-spy, Spybot Search & Destroy and eTrust AntiVirus Web Scanner.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:21:12 PM, on 12/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eva Booker\Local Settings\Temporary Internet Files\Content.IE5\32MS1R2B\HijackThis[1].exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edge...oadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120421597421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125275465375
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client...nt/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is the result of the eTrust Antivirus Web Scan:

Scan Results: 104525 files scanned. 31 viruses were detected.

File Infection Status Path

arc.zip-26cd2793-2a5d09ca.zip>VerifierBug.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

arc.zip-26cd2793-2a5d09ca.zip>Counter.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

arc.zip-26cd2793-2a5d09ca.zip>Gummy.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

arc.zip-26cd2793-2a5d09ca.zip>Beyond.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

arc.zip-26cd2793-2a5d09ca.zip>Worker.class Java/Shinwow.M
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

classload.jar-11faa9ed-2edc416f.zip>GetAccess.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

classload.jar-11faa9ed-2edc416f.zip>InsecureClassLoader.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

classload.jar-11faa9ed-2edc416f.zip>Dummy.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

classload.jar-11faa9ed-2edc416f.zip>Installer.class Java/Shinwow.Q
cannot cure C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

drsmartload180a.exe Win32/Thoog.ES
cannot cure C:\Documents and Settings\Guest\Local Settings\Temp\

mmxsnet.exe Win32/SillyDl.AUL
cannot cure C:\Documents and Settings\Guest\Local Settings\Temp\

recife.exe Win32/Clspring.FA
cannot cure C:\Documents and Settings\Guest\Local Settings\Temp\

xload.exe Win32/Secdrop.LP
cannot cure C:\Documents and Settings\Guest\Local Settings\Temp\

Anima.class-60f2f7fc-78d1e652.class Java/ByteVerify!exploit
cannot cure C:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\

full[1].anr Win32/MS05-002!exploit
cannot cure C:\Documents and Settings\Jasmine\Local Settings\Temporary Internet Files\Content.IE5\85ENW1IZ\

2PortalMon.exe Win32/Secdrop.MT
cannot cure C:\Program Files\2Wire\Gateway\

CFD.exe Win32/Secdrop.MT
cannot cure C:\Program Files\BroadJump\Client Foundation\

realsched.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Common Files\Real\Update_OB\

sgtray.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Common Files\Sonic\Update Manager\

DSAgnt.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Dell Support\

HPWuSchd2.exe Win32/Secdrop.MT
cannot cure C:\Program Files\HP\HP Software Update\

jusched.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Java\jre1.5.0_06\bin\

McUpdate.exe Win32/Secdrop.MT
cannot cure C:\Program Files\McAfee.com\Agent\

mnyexpr.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Microsoft Money\System\

mm_tray.exe Win32/Secdrop.MT
cannot cure C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

masqform.exe Win32/Secdrop.MT
cannot cure C:\Program Files\PureEdge\Viewer 6.0\

yop.exe Win32/Secdrop.MT
cannot cure C:\Program Files\Yahoo!\YOP\

ctfmon.exe Win32/Secdrop.MT
cannot cure C:\WINDOWS\LastGood\System32\

tfswctrl.exe Win32/Secdrop.MT
cannot cure C:\WINDOWS\SYSTEM32\dla\

hkcmd.exe Win32/Secdrop.MT
cannot cure C:\WINDOWS\SYSTEM32\

igfxtray.exe Win32/Secdrop.MT
cannot cure C:\WINDOWS\SYSTEM32\

HELP!

Eva

Hi evabooker

You have HijackThis on temp folder and it's very bad for backups.

Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.

Use this HijackThis from now on.

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.

Send a fresh HijackThis log along with findawf report, please :)

Shaba,

Thanks for coming to my rescue.

Here is the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:22 PM, on 12/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Eva Booker\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120421597421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125275465375
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T23L/event/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is the awf report:

Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Documents and Settings\Eva Booker\My Documents\Consulting\Financials\Cash Flow 2006.xls"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 07:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

06/24/2005 02:16 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/01/2005 09:40 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/29/2002 05:00 AM 13,312 ctfmon.exe
04/07/2003 12:07 AM 114,688 hkcmd.exe
04/07/2003 12:19 AM 155,648 igfxtray.exe
3 File(s) 283,648 bytes

Directory of C:\PROGRA~1\2WIRE\GATEWAY\BAK

11/14/2002 12:57 AM 446,464 2PortalMon.exe
1 File(s) 446,464 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 09:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/04/2003 06:25 PM 159,744 McUpdate.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK

06/18/2003 12:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

12/03/2003 06:40 AM 118,784 mm_tray.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\PUREEDGE\VIEWER~1.0\BAK

12/03/2003 11:43 AM 1,052,672 masqform.exe
1 File(s) 1,052,672 bytes

Directory of C:\PROGRA~1\YAHOO!\YOP\BAK

04/22/2005 06:49 PM 397,312 yop.exe
1 File(s) 397,312 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/06/2003 01:04 AM 114,741 tfswctrl.exe
1 File(s) 114,741 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/27/2004 09:39 PM 151,597 realsched.exe
1 File(s) 151,597 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/19/2003 12:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

25600 Oct 10 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Jun 24 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 8 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Oct 1 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 29 2002 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
25600 Oct 10 2006 "C:\WINDOWS\LastGood\System32\ctfmon.exe"
13312 Aug 29 2002 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\ctfmon.exe"
114688 Apr 7 2003 "C:\DRIVERS\VIDEO\HKCMD.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
114688 Apr 7 2003 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
155648 Apr 7 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
25600 Oct 10 2006 "C:\Program Files\2Wire\Gateway\2PortalMon.exe"
446464 Nov 14 2002 "C:\Program Files\2Wire\Gateway\bak\2PortalMon.exe"
25600 Oct 10 2006 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
25600 Oct 10 2006 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 10 2006 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
159744 Aug 4 2003 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
25600 Oct 10 2006 "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
25600 Oct 10 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Sep 15 2005 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
118784 Dec 3 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
25600 Oct 10 2006 "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe"
1052672 Dec 3 2003 "C:\Program Files\PureEdge\Viewer 6.0\bak\masqform.exe"
25600 Oct 10 2006 "C:\Program Files\Yahoo!\YOP\yop.exe"
397312 Apr 22 2005 "C:\Program Files\Yahoo!\YOP\bak\yop.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
114741 Aug 6 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 6 2003 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
151597 Jan 27 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
25600 Oct 10 2006 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"


end of report

I hope I did everything correctly!

Eva

Hi

Yes, you did :)

Copy the text below to notepad and save it as all files (*.*) to desktop. Name it remawf.bat.

@ECHO OFF
move /Y "C:\Program Files\Dell Support\bak\DSAgnt.exe" "C:\Program Files\Dell Support"
move /Y "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\iTunes"
move /Y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"
move /Y "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe" "C:\WINDOWS\SYSTEM32"
move /Y "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe" "C:\WINDOWS\SYSTEM32"
move /Y "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe" "C:\WINDOWS\LastGood\System32"
move /Y "C:\Program Files\2Wire\Gateway\bak\2PortalMon.exe" "C:\Program Files\2Wire\Gateway"
move /Y "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe" C:\Program Files\BroadJump\Client Foundation"
move /Y "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" "C:\Program Files\HP\HP Software Update"
move /Y "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe" "C:\Program Files\McAfee.com\Agent"
move /Y "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe" "C:\Program Files\Microsoft Money\System"
move /Y "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe" "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox"
move /Y "C:\Program Files\PureEdge\Viewer 6.0\bak\masqform.exe" "C:\Program Files\PureEdge\Viewer 6.0"
move /Y "C:\Program Files\Yahoo!\YOP\bak\yop.exe" "C:\Program Files\Yahoo!\YOP"
move /Y "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe" "C:\WINDOWS\SYSTEM32\dla"
move /Y "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" "C:\Program Files\Common Files\Real\Update_OB"
move /Y "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe" "C:\Program Files\Common Files\Sonic\Update Manager"
move /Y "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe" "C:\Program Files\Java\jre1.5.0_06\bin"

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"

Close all windows inclucing browser and press fix checked.

Boot in safe mode.

Doubleclick remawf.bat on desktop;black screen will flash, that's normal.

Boot in normal mode

Re-run findawf

Send findawf report along with a fresh HijackThis log, please :)

Shaba,

I followed your directions, with one exception. remawf.bat did not appear on my desktop in safe mode. I couldn't locate it in safe mode, so I only ran it under normal mode.

Here is the new findawf report:

Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Documents and Settings\Eva Booker\My Documents\Consulting\Financials\Cash Flow 2006.xls"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

06/24/2005 02:16 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/01/2005 09:40 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/07/2003 12:19 AM 155,648 igfxtray.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\2WIRE\GATEWAY\BAK

11/14/2002 12:57 AM 446,464 2PortalMon.exe
1 File(s) 446,464 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 09:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/04/2003 06:25 PM 159,744 McUpdate.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK

06/18/2003 12:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

12/03/2003 06:40 AM 118,784 mm_tray.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\PUREEDGE\VIEWER~1.0\BAK

12/03/2003 11:43 AM 1,052,672 masqform.exe
1 File(s) 1,052,672 bytes

Directory of C:\PROGRA~1\YAHOO!\YOP\BAK

04/22/2005 06:49 PM 397,312 yop.exe
1 File(s) 397,312 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/06/2003 01:04 AM 114,741 tfswctrl.exe
1 File(s) 114,741 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/27/2004 09:39 PM 151,597 realsched.exe
1 File(s) 151,597 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/19/2003 12:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Jun 24 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 8 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Oct 1 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
155648 Apr 7 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 7 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
25600 Oct 10 2006 "C:\Program Files\2Wire\Gateway\2PortalMon.exe"
446464 Nov 14 2002 "C:\Program Files\2Wire\Gateway\bak\2PortalMon.exe"
25600 Oct 10 2006 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
25600 Oct 10 2006 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 10 2006 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
159744 Aug 4 2003 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
25600 Oct 10 2006 "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
25600 Oct 10 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Sep 15 2005 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
118784 Dec 3 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
25600 Oct 10 2006 "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe"
1052672 Dec 3 2003 "C:\Program Files\PureEdge\Viewer 6.0\bak\masqform.exe"
25600 Oct 10 2006 "C:\Program Files\Yahoo!\YOP\yop.exe"
397312 Apr 22 2005 "C:\Program Files\Yahoo!\YOP\bak\yop.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
114741 Aug 6 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 6 2003 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
151597 Jan 27 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
25600 Oct 10 2006 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"


end of report

Here's the fresh Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 1:44:13 PM, on 12/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Eva Booker\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120421597421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125275465375
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T23L/event/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks again for your assistance.

Eva

Hi

Well, that batch file must be run in safe mode; it doesn't work otherwise. That's because malware files are in use when in normal mode and batch file can't replaced them then. I guess that resolution in safe mode is your problem; it's so small that you can't see all icons on desktop.

But you could do this:

Move remawf.bat into some location that you can find in safe mode (some directory eg. c:\findawf) and run it in safe mode.

Send a fresh HijackThis log along with a fresh findawf report, please :)

I still can't get findawf to run in safe mode. I saved it to a disc and tried accessing it that way. It did load but says "press any key to continue", but nothing happens. I'm not sure what else to try.

Hi

Then we have to do it manually.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Boot in safe mode

Go to start -> run
Type cmd and press enter

Type these into "black box" one at a time and exactly and press enter (I mean type first move /Y "C:\Program Files\Dell Support\bak\DSAgnt.exe" "C:\Program Files\Dell Support", press enter, then move /Y "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\iTunes", press enter etc.):

move /Y "C:\Program Files\Dell Support\bak\DSAgnt.exe" "C:\Program Files\Dell Support"

move /Y "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\iTunes"

move /Y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"

move /Y "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe" "C:\WINDOWS\SYSTEM32"

move /Y "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe" "C:\WINDOWS\SYSTEM32"

move /Y "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe" "C:\WINDOWS\LastGood\System32"

move /Y "C:\Program Files\2Wire\Gateway\bak\2PortalMon.exe" "C:\Program Files\2Wire\Gateway"

move /Y "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe" C:\Program Files\BroadJump\Client Foundation"

move /Y "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" "C:\Program Files\HP\HP Software Update"

move /Y "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe" "C:\Program Files\McAfee.com\Agent"

move /Y "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe" "C:\Program Files\Microsoft Money\System"

move /Y "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe" "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox"

move /Y "C:\Program Files\PureEdge\Viewer 6.0\bak\masqform.exe" "C:\Program Files\PureEdge\Viewer 6.0"

move /Y "C:\Program Files\Yahoo!\YOP\bak\yop.exe" "C:\Program Files\Yahoo!\YOP"

move /Y "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe" "C:\WINDOWS\SYSTEM32\dla"

move /Y "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" "C:\Program Files\Common Files\Real\Update_OB"

move /Y "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe" "C:\Program Files\Common Files\Sonic\Update Manager"

move /Y "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe" "C:\Program Files\Java\jre1.5.0_06\bin"

Boot in normal mode

Re-run findawf

Send findawf report along with a fresh HijackThis log, please

:scratch:

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.