PDA

View Full Version : problem with cmdservice



Meteora
2006-07-10, 15:06
hi, my spybot s&d finds 3 cmdservices running, but I can't remove them
I read another thread here on the same topic, but I can't find the same files with hijackthis, this is my log

Logfile of HijackThis v1.99.1
Scan saved at 14:04:11, on 10/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janpieter\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ir8ol5l31.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE

plz help!!

tashi
2006-07-10, 22:04
Hello Meteora.
I moved your topic from the Spybot-S&D forum as hjt logs are not analysed there. :)

Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
HJT should be in its own folder.

Also in that topic:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

Cheers.

Meteora
2006-07-12, 15:47
Hello Meteora.
I moved your topic from the Spybot-S&D forum as hjt logs are not analysed there. :)

Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
HJT should be in its own folder.

Also in that topic:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

Cheers.

ok thx
can anyone help me?
these pop-ups in firefox are really annoying

LonnyRJones
2006-07-12, 16:54
C:\Documents and Settings\Janpieter\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
Your running Hijackthis from a temp and/Or it still hasnt been unzipped, neither is a good idea.
Create a new folder, for instance C:\AntiSpyware
Download the exe from here to that new folder.
http://www.merijn.org/files/HijackThis.exe
This is necessary to ensure you have backups should anything go wrong
Make and post a new log

Meteora
2006-07-12, 20:15
ok here is new log:

Logfile of HijackThis v1.99.1
Scan saved at 19:14:55, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\AntiSpyWare\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\j00s0ad7ed0.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE

LonnyRJones
2006-07-12, 21:56
Thanks

What do you use Serv-U for ?

Why dont i see an antivirus program in your logs

Please download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.
Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.

Meteora
2006-07-13, 00:03
this is look2me sestoryer log


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 12/07/2006 22:59:06

Infected! C:\WINDOWS\system32\lvno0953e.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll
Infected! C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll
Infected! C:\WINDOWS\system32\e4jm0e11eh.dll
Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\WINDOWS\system32\k4pm0e71eh.dll
Infected! C:\WINDOWS\system32\l0l60a3sed.dll
Infected! C:\WINDOWS\system32\lvno0953e.dll
Infected! C:\WINDOWS\system32\mhcms.dll
Infected! C:\WINDOWS\system32\sjlwapi.dll
Infected! C:\WINDOWS\system32\wdpshell.dll
Infected! C:\WINDOWS\system32\wispdmod.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\lvno0953e.dll
C:\WINDOWS\system32\lvno0953e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010597.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010619.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010624.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010634.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP31\A0010638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010748.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010754.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010777.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010782.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010807.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010811.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010877.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0010882.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011031.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0011035.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012033.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012040.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012044.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012052.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP32\A0012056.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012113.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012135.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012205.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012212.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012216.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012306.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012310.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012318.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012322.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012330.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012335.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012353.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012357.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012440.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012479.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012484.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll
C:\System Volume Information\_restore{C93D47C6-05DB-4D56-8444-5F8461A59BEE}\RP33\A0012493.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e4jm0e11eh.dll
C:\WINDOWS\system32\e4jm0e11eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k4pm0e71eh.dll
C:\WINDOWS\system32\k4pm0e71eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l0l60a3sed.dll
C:\WINDOWS\system32\l0l60a3sed.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvno0953e.dll
C:\WINDOWS\system32\lvno0953e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mhcms.dll
C:\WINDOWS\system32\mhcms.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sjlwapi.dll
C:\WINDOWS\system32\sjlwapi.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wdpshell.dll
C:\WINDOWS\system32\wdpshell.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wispdmod.dll
C:\WINDOWS\system32\wispdmod.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7C278533-9940-4580-9B74-8B516EA7F1FB}"
HKCR\Clsid\{7C278533-9940-4580-9B74-8B516EA7F1FB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9324E49C-B91D-427D-AC4A-ACC55790EB96}"
HKCR\Clsid\{9324E49C-B91D-427D-AC4A-ACC55790EB96}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A9B679E3-3975-4DC1-8ADD-88FE4DD9C312}"
HKCR\Clsid\{A9B679E3-3975-4DC1-8ADD-88FE4DD9C312}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{22C5BEE1-7199-4C94-A9BB-5292ACF6D3D6}"
HKCR\Clsid\{22C5BEE1-7199-4C94-A9BB-5292ACF6D3D6}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36E5DD7F-1C0A-4E8F-96DF-8D08485A1549}"
HKCR\Clsid\{36E5DD7F-1C0A-4E8F-96DF-8D08485A1549}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{77B820C9-8F5E-4CF3-A741-DF8BBF227127}"
HKCR\Clsid\{77B820C9-8F5E-4CF3-A741-DF8BBF227127}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9BAB7D24-E603-4276-87CF-73E4AF853B92}"
HKCR\Clsid\{9BAB7D24-E603-4276-87CF-73E4AF853B92}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{233873D1-B392-4128-8236-5AF1E17986E0}"
HKCR\Clsid\{233873D1-B392-4128-8236-5AF1E17986E0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A7C5B6A0-AD24-4FA7-8F1D-56685B9E7249}"
HKCR\Clsid\{A7C5B6A0-AD24-4FA7-8F1D-56685B9E7249}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{169083BD-0897-4991-A2D7-C8BBF578EA8C}"
HKCR\Clsid\{169083BD-0897-4991-A2D7-C8BBF578EA8C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6970F4B8-4E5E-4EF9-85E7-BCC637F7DCBC}"
HKCR\Clsid\{6970F4B8-4E5E-4EF9-85E7-BCC637F7DCBC}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Meteora
2006-07-13, 00:04
this is hijackthis log

Meteora
2006-07-13, 00:04
sry wrong button

Logfile of HijackThis v1.99.1
Scan saved at 23:04:05, on 12/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\AntiSpyWare\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [newname] C:\\nwnme_5.exe
O4 - HKLM\..\Run: [defender] C:\\dfndre_5.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrde_5.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\regsvr32.dll,C:\WINDOWS\System32\wmfhotfix.dll C:\WINDOWS\System32\mshta.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Installer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: Telephony - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE

LonnyRJones
2006-07-13, 06:49
In addremove programs uninstall
Network Monitor

Answer these questions please.
What do you use Serv-U for ?

Why dont i see an antivirus program in your logs

Why havent you ever updated windows ?

Meteora
2006-07-13, 15:28
In addremove programs uninstall
Network Monitor

Answer these questions please.
What do you use Serv-U for ?

Why dont i see an antivirus program in your logs

Why havent you ever updated windows ?

I use it at lanparty's to host an ftp server

I don't have an antivirus

Cuz I updated windows once and it resulted in me having to format

LonnyRJones
2006-07-13, 15:49
Well frankly theres no sence in cleaning a pc that isnt up to date and doesnt have an av program, it will definatly end up having to be formated.

Install, update and run an av program, if it has problems run it while in safe mode, there are several mentioned here
http://forums.spybot.info/showthread.php?t=279

Once thats accomplished post another hijackthis log

If your willing to update windows ? , hold on untill the cleaning process is complete

tashi
2006-07-19, 01:49
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.