My Log File!!

[neal]

Hi, here is my log file, don't know what i'm really looking at, as this is all new to me! From my understanding my system looks clean with a couple of exceptions. What action if any should i take??

Any help & advise would be geatefully recieved....thanx

Here's my log file:-

[Y] Logfile of Trend Micro HijackThis v2.0.0 (BETA) - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] Boot mode: Normal - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our visitors as good.
[Y] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - Part of Hewlett-Packard
[Y] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - Java Runtime
[Y] C:\Program Files\TopDesk\topdesk.exe - TopDesk is a quick and easy way to switch between applications.
[Y] C:\Program Files\DAEMON Tools\daemon.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Video\CyberLink\PowerDVD\PDVDServ.exe - Cyber Link PowerDVD
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our visitors as good.
[AVSCAN] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - This entry was classified from our visitors as good.
[FIREWALL] C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe - Ashampoo FireWall
[?] C:\WINDOWS\system32\HPAware.exe - This is a unknown process.
[Y] C:\Program Files\Net\NoAds\NoAds.exe - Possibly nasty! According to our database this process runs normally in c:\programme\noads\! Check if you know this process and arrange a viruscheck where required.
[Y] C:\Program Files\Disk&File\FreeRAM XP Pro\FreeRAM XP Pro.exe - Possibly nasty! According to our database this process runs normally in c:\programme\yourware solutions\freeram xp pro\! Check if you know this process and arrange a viruscheck where required. Ram Optimizer FreeRam
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - HP Digital Imaging
[Y] C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe - Part of Lavasoft Ad-Aware Pro 2007
[AVSCAN] C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - This entry was classified from our visitors as good.
[AVSCAN] C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - This entry was classified from our visitors as good.
[AVSCAN] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\nvsvc32.exe - Not dangerous, but unnecessary. This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\HPZipm12.exe - HP Taskbar Utility
[Y] C:\Program Files\Mozilla Thunderbird\thunderbird.exe - Mozilla Thunderbird Mail
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Net\uTorrent\uTorrent.exe - Torrent Application
[Y] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE - This entry was classified from our visitors as good.
[Y] C:\Documents and Settings\Admin\Desktop\HijackThis\HiJackThis_v2.exe - Trendmicro HijackThis Version 2
[Y] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 - This page has been identified as safe.
[Y] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 - This page has been identified as safe.
[Y] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = -
[Y] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157 - This page has been identified as safe.
[Y] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = -
[Y] R3 - Default URLSearchHook is missing -
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
[Y] O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - SUN Java
[Y] O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - Not dangerous, but unnecessary. HP software updates. If a shortcut doesn't exist
[Y] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" - Java von Sun
[Y] O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe - TopDesk; puts an icon in your system tray that when clicked upon, opens a pop-up menu that gives instant access to all of your desktop programs without having to minimize, resize, move or close other programs or files.
[Y] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup - Unknown application. This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 - Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
[Y] O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Video\CyberLink\PowerDVD\PDVDServ.exe" - Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but unnecessary. This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY - Ashampoo FireWall
[?] O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe - Unknown application.
[Y] O4 - HKCU\..\Run: [NoAds] "C:\Program Files\Net\NoAds\NoAds.exe" - Blocks advertisement banners in Internet Explorer
[Y] O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Disk&File\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win - Unknown application.
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - Office related
[Y] O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Net\Free Download Manager\fdm.exe -autorun - "Free Download Manager" See here
[Y] O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') - Desktop Sidebar
[Y] O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') - Part of AVG Anti-Virus 7.0
[Y] O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOCAL SERVICE') - Related to a Soundblaster Audigy soundcards. What does it do and is it required?
[Y] O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE') - Desktop Sidebar
[Y] O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE') - Related to a Soundblaster Audigy soundcards. What does it do and is it required?
[Y] O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') - Desktop Sidebar
[Y] O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') - Related to a Soundblaster Audigy soundcards. What does it do and is it required?
[Y] O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') - Desktop Sidebar
[Y] O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') - Related to a Soundblaster Audigy soundcards. What does it do and is it required?
[Y] O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera
[Y] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - The entry has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - The entry Sun Java Console has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
[Y] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab - This entry has been identified as safe.
[Y] O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC2A8D5-92C1-4450-BE68-C8D40DAF1A8F}: NameServer = 194.168.4.100,194.168.8.100 - The entered IP or Domain '194.168.4.100,194.168.8.100' has been identified as safe.
[Y] O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll - This entry was classified from our visitors as good.
[Y] O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll - This entry was classified from our visitors as good.
[Y] O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe - This service (aawservice.exe) was identified as a good one.
[AVSCAN] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
[AVSCAN] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - This service (avgupsvc.exe) was identified as a good one.
[AVSCAN] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - This service (avgemc.exe) was identified as a good one.
[Y] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe - This service (nvsvc32.exe) was identified as a good one. This entry was classified from our visitors as good.
[Y] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe - This service (HPZipm12.exe) was identified as a good one. This entry was classified from our visitors as good.

[Tammy]

Hi and welcome to the forum, neal.

Please create a new hjt-log and post it as you got it in your notepad-window.
Don`t post the analysis!

Also please:
Make sure you set windows to see the hidden files and folders.

1. Please load down the filelist.zip
   (FAQ) to your desktop.
2. Unzip this file to your desktop (free Zip-Tools)
   
3. Restart your system
4. Doubleclick onto the filelist.bat to run it
5. Your editor program will open
6. Highlight the content, chose copy & paste it to your following posting
7. Please note: we only need the last 30 days of every directory of this file

• Many Thanks to our Moderator Karl83 for creating this new tool.

• Directory of %systemdrive%:\
• Directory of %systemdrive%:\%WinDir%\%system%
• Directory of %systemdrive%:\%WinDir%
• Directory of %systemdrive%:\WINDOWS\Prefetch (Windows XP)
• Directory of %systemdrive%:\%WinDir%\tasks
• Directory of %systemdrive%:\%WinDir%\Temp
• Directory of %systemdrive%:\DOCUME~1\Name\LOCALS~1\Temp

Note:
%systemdrive%: , %WinDir% , %system%
are variables (?). By default it's C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Note:
Please post all requested logfiles in "code-tags".
How to post in "Code-Tags".

Thx and regards,
Tammy

[neal]

Code:

----- Root ----------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\

25/03/2007  12:08     3,221,225,472 pagefile.sys
21/03/2007  10:30               268 sqmdata13.sqm
21/03/2007  10:30               244 sqmnoopt13.sqm
21/03/2007  10:04               268 sqmdata12.sqm
21/03/2007  10:04               244 sqmnoopt12.sqm
21/03/2007  09:52               268 sqmdata11.sqm
21/03/2007  09:52               244 sqmnoopt11.sqm
21/03/2007  09:39               268 sqmdata10.sqm
21/03/2007  09:39               244 sqmnoopt10.sqm
21/03/2007  09:28               268 sqmdata09.sqm
21/03/2007  09:28               244 sqmnoopt09.sqm
20/03/2007  17:38               268 sqmdata08.sqm
20/03/2007  17:38               244 sqmnoopt08.sqm
20/03/2007  17:25               268 sqmdata07.sqm
20/03/2007  17:25               244 sqmnoopt07.sqm
22/02/2007  12:10               232 sqmdata06.sqm
22/02/2007  12:10               244 sqmnoopt06.sqm
21/02/2007  01:10               232 sqmdata05.sqm
21/02/2007  01:10               244 sqmnoopt05.sqm

I hope this is correct!!

cheers

[neal]

Code:

 ----- Root ----------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\

25/03/2007  12:08     3,221,225,472 pagefile.sys
21/03/2007  10:30               268 sqmdata13.sqm
21/03/2007  10:30               244 sqmnoopt13.sqm
21/03/2007  10:04               268 sqmdata12.sqm
21/03/2007  10:04               244 sqmnoopt12.sqm
21/03/2007  09:52               268 sqmdata11.sqm
21/03/2007  09:52               244 sqmnoopt11.sqm
21/03/2007  09:39               268 sqmdata10.sqm
21/03/2007  09:39               244 sqmnoopt10.sqm
21/03/2007  09:28               268 sqmdata09.sqm
21/03/2007  09:28               244 sqmnoopt09.sqm
20/03/2007  17:38               268 sqmdata08.sqm
20/03/2007  17:38               244 sqmnoopt08.sqm
20/03/2007  17:25               268 sqmdata07.sqm
20/03/2007  17:25               244 sqmnoopt07.sqm
22/02/2007  12:10               232 sqmdata06.sqm
22/02/2007  12:10               244 sqmnoopt06.sqm
21/02/2007  01:10               232 sqmdata05.sqm
21/02/2007  01:10               244 sqmnoopt05.sqm

Is this what u need???

Logfile of HijackThis v1.99.1
Scan saved at 12:14:11, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb arNotifier.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Metacafe\Metacafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Neal\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb arNotifier.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: AnyDVD.lnk = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

I hope this is correct!?!....a little confused i'm afraid

[Tammy]

Hi neal,

hijackthis-log is posted well, but from filelist.bat i need to see the contents of:

* Directory of %systemdrive%:\
* Directory of %systemdrive%:\%WinDir%\%system%
* Directory of %systemdrive%:\%WinDir%
* Directory of %systemdrive%:\WINDOWS\Prefetch (Windows XP)
* Directory of %systemdrive%:\%WinDir%\tasks
* Directory of %systemdrive%:\%WinDir%\Temp
* Directory of %systemdrive%:\DOCUME~1\Name\LOCALS~1\Temp

You`ve only posted the content of:
* Directory of %systemdrive%:\ (=C:\).
(...but this one twice )

You find the lists of the other directorys in the same window of notepad as you found C:\.
Please make us see them too.
Only the past 30 days of each of them and reply please in the same way you did it before with the content of the C:\-directory.

Cheers,
Tam

[Tammy]

neal,

please run filelist.bat.
A notepad-window will open with a very very long list of lines.

By scrolling down you will find this headlines:
Directory of C:\ <->only this one you`ve posted
Directory of C:\WINDOWS\system
Directory of C:\WINDOWS\system32
Directory of C:\WINDOWS
Directory of C:\WINDOWS\Prefetch
Directory of C:\WINDOWS\tasks
Directory of C:\WINDOWS\Temp
Directory of C:\DOCUME~1\Name\LOCALS~1\Temp

But i need to see the rest too.

Tam

[neal]

Got u now!! !!

Sorry for my inexperience Tam

Code:

 ----- System32 ------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\WINDOWS\system32

25/03/2007  12:12            65,652 perfc009.dat
25/03/2007  12:12           449,404 perfh009.dat
25/03/2007  12:12           522,018 PerfStringBackup.INI
25/03/2007  12:08            88,566 nvapps.xml
25/03/2007  12:08             2,228 wpa.dbl
25/03/2007  12:07               534 ikhcore.log
25/03/2007  11:02           364,544 IOLODB.FDB
25/03/2007  11:02             2,010 smcommunication.xml
21/03/2007  21:17               117 temp0001.aok
21/03/2007  21:17               118 test.aok
21/03/2007  17:24               523 restore.bat
21/03/2007  15:38                61 desktop.ini
12/03/2007  14:40           148,400 FNTCACHE.DAT
11/03/2007  14:51             5,120 Thumbs.db
07/03/2007  21:36        12,619,736 MRT.exe
25/02/2007  01:40            16,832 amcompat.tlb
25/02/2007  01:40            23,392 nscompat.tlb

Code:

 ----- Prefetch ------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\WINDOWS\Prefetch

26/03/2007  14:13            13,430 FIND.EXE-0EC32F1E.pf
26/03/2007  14:13            16,890 CMD.EXE-087B4001.pf
26/03/2007  14:05            15,806 NOTEPAD.EXE-336351A9.pf
26/03/2007  14:00            13,568 REALPLAY.EXE-22E2F6CF.pf
26/03/2007  13:36            16,894 VERCLSID.EXE-3667BD89.pf
26/03/2007  13:27            94,372 WINRAR.EXE-39C6DAD9.pf
26/03/2007  13:18            21,380 HIJACKTHIS.EXE-1A7C2EC3.pf
26/03/2007  13:16            25,148 POWERISO.EXE-102804E6.pf
26/03/2007  13:15            27,828 POWERISO.EXE-051276F4.pf
26/03/2007  13:15            22,458 REGSVR32.EXE-25EEFE2F.pf
26/03/2007  13:10            11,270 SSSTARS.SCR-2D6FC20D.pf
26/03/2007  13:10            18,224 AVASTSS.SCR-26125057.pf
26/03/2007  13:08            18,512 RUNDLL32.EXE-13EBAB53.pf
26/03/2007  13:07            17,708 RUNDLL32.EXE-470F11BD.pf
26/03/2007  12:35            43,198 WMIPRVSE.EXE-28F301A9.pf
26/03/2007  12:35            40,470 RUNDLL32.EXE-44A0B4BC.pf
26/03/2007  12:35            13,858 RUNDLL32.EXE-2B626000.pf
26/03/2007  12:34            78,736 HELPSVC.EXE-2878DDA2.pf
26/03/2007  12:34            57,026 HELPCTR.EXE-3862B6F5.pf
26/03/2007  12:34            17,640 RUNDLL32.EXE-464BF094.pf
26/03/2007  12:30            53,832 RSTRUI.EXE-03C49A96.pf
26/03/2007  12:17            25,988 RUNDLL32.EXE-2C7B5C4A.pf
26/03/2007  12:11            20,402 SETUP.OVR-154CE291.pf
26/03/2007  12:11            80,228 AVAST.SETUP-032170A8.pf
26/03/2007  12:09            76,500 WUAUCLT.EXE-399A8E72.pf
26/03/2007  12:08            23,316 REALSCHED.EXE-3282FD31.pf
26/03/2007  12:08            81,270 IEXPLORE.EXE-27122324.pf
26/03/2007  12:08            76,946 METACAFE.EXE-20F75B87.pf
26/03/2007  11:40            52,958 WMPLAYER.EXE-18DDEFA2.pf
26/03/2007  11:40           117,688 IMAPI.EXE-0BF740A4.pf
26/03/2007  11:40            27,764 RUNDLL32.EXE-451FC2C0.pf
26/03/2007  10:07            18,892 RUNDLL32.EXE-2A94BB85.pf
26/03/2007  10:07            19,446 RUNDLL32.EXE-2E5AF1D7.pf
26/03/2007  09:47            42,240 MATRIX~1.SCR-39952C6A.pf
26/03/2007  09:42           571,662 Layout.ini
26/03/2007  09:22           127,954 WMPLAYER.EXE-18DDEFA4.pf
26/03/2007  08:55            59,572 POWERPNT.EXE-0CAC7674.pf
26/03/2007  08:52           179,984 ASHQUICK.EXE-13F2975D.pf
26/03/2007  02:03            67,420 DFRGNTFS.EXE-269967DF.pf
26/03/2007  02:03            18,152 DEFRAG.EXE-273F131E.pf
26/03/2007  01:25            18,352 SETUP.EXE-058705B4.pf
26/03/2007  01:22            21,726 UTORRENT.EXE-3888D1B0.pf
25/03/2007  20:12            19,552 FONTVIEW.EXE-08548073.pf
25/03/2007  19:50            99,712 MSIEXEC.EXE-2F8A8CAE.pf
25/03/2007  19:50            96,356 WINWORD.EXE-29F5CB89.pf
25/03/2007  19:45            49,474 RUNDLL32.EXE-2576181F.pf
25/03/2007  19:33            70,574 PHOTOSHOP.EXE-0FCBABE3.pf
25/03/2007  19:33            17,870 RUNDLL32.EXE-4B89C956.pf
25/03/2007  19:29            28,774 METACAFEAGENT.EXE-14D5B28C.pf
25/03/2007  19:04            33,298 IMGBURN.EXE-2090E64F.pf
25/03/2007  13:10            50,970 COOLPRO2.EXE-311600DB.pf
25/03/2007  12:47            65,054 MSIMN.EXE-38BA891D.pf
25/03/2007  12:47            23,518 AGENTSVR.EXE-002E45AB.pf
25/03/2007  12:46            25,530 MSMSGS.EXE-2B6052DE.pf
25/03/2007  12:45            65,264 OUTLOOK.EXE-1E64345B.pf
25/03/2007  12:12            22,820 WMIADAP.EXE-2DF425B2.pf
25/03/2007  12:09            30,458 USNSVC.EXE-373E4DBC.pf
25/03/2007  12:09            39,582 EPMWORKER.EXE-1631B541.pf
25/03/2007  12:09            68,348 GENERIC.EXE-30B42295.pf
25/03/2007  12:09            33,186 CONNECTIONWIZARD.EXE-1515CA6B.pf
25/03/2007  12:09         1,447,308 NTOSBOOT-B00DFAAD.pf
25/03/2007  12:07            28,142 CURRENTLOGON.EXE-1686CEBA.pf
25/03/2007  12:06            55,596 SWDOCTOR.EXE-3205F7BD.pf
25/03/2007  12:06            21,018 TASKMGR.EXE-20256C55.pf
25/03/2007  12:05            18,340 _IU14D2N.TMP-03E0BFA3.pf
25/03/2007  12:05            23,008 UNINS000.EXE-32AB790B.pf
25/03/2007  12:05            17,582 SDHELP.EXE-2D05B340.pf
25/03/2007  12:05            16,988 NET1.EXE-029B9DB4.pf
25/03/2007  12:05            14,990 NET.EXE-01A53C2F.pf
25/03/2007  12:05            50,914 RUNDLL32.EXE-2CD85FD3.pf
25/03/2007  11:59            44,474 HH.EXE-2D1A70B3.pf
25/03/2007  11:58            24,980 RUNDLL32.EXE-17D51176.pf
25/03/2007  11:58            46,586 MSHTA.EXE-331DF029.pf
25/03/2007  11:58            22,266 RUNDLL32.EXE-13CC3015.pf
25/03/2007  11:45            19,998 UPDATE.EXE-1A7E7F45.pf
25/03/2007  11:44            17,420 _REGDLL.TMP-2875D973.pf
25/03/2007  11:44            28,718 IS-S3GC4.TMP-0D35982D.pf
25/03/2007  11:44            15,856 SDSETUP-NTB[1].EXE-1DA00AA4.pf
25/03/2007  11:02            63,466 SYSMECH6.EXE-0FEC41BC.pf
25/03/2007  11:02            40,636 REGMECH.EXE-107A4EF7.pf
25/03/2007  10:58            17,072 REALONEMESSAGECENTER.EXE-0F115151.pf
25/03/2007  10:58            21,830 RPHELPERAPP.EXE-1ED171F0.pf
24/03/2007  19:52            26,816 ACRORD32INFO.EXE-013EA364.pf
24/03/2007  19:43            17,490 EXPLORER.EXE-082F38A9.pf
24/03/2007  18:09            91,428 SHOWTIME.EXE-190C48EC.pf
24/03/2007  17:44            12,292 QTTASK.EXE-342507FB.pf
24/03/2007  16:41            15,968 SNDVOL32.EXE-383480B7.pf
24/03/2007  16:41            19,260 RUNDLL32.EXE-24DBE541.pf
23/03/2007  23:15            68,430 POWERDVD.EXE-13FC7432.pf
23/03/2007  23:10            14,764 ATTRIB.EXE-39EAFB02.pf
23/03/2007  19:41            13,552 CSRSS.EXE-12B63473.pf
23/03/2007  19:41            15,554 WINLOGON.EXE-32C57D49.pf
23/03/2007  17:17            31,206 RUNDLL32.EXE-29B49BAE.pf
23/03/2007  17:13            32,974 RUNDLL32.EXE-162D4106.pf
22/03/2007  23:37            53,696 ACRORD32.EXE-13285B88.pf
22/03/2007  23:37            35,948 RUNDLL32.EXE-4A82AC65.pf
22/03/2007  20:23            42,544 DWWIN.EXE-30875ADC.pf
22/03/2007  20:23            44,558 DUMPREP.EXE-1B46F901.pf
22/03/2007  20:23            17,976 DRWTSN32.EXE-2B4B52AC.pf
22/03/2007  18:57            21,124 RUNDLL32.EXE-293CB78B.pf
22/03/2007  18:31            21,914 CONTROL.EXE-013DBFB5.pf
22/03/2007  18:31            77,390 RUNDLL32.EXE-4991DDE7.pf
22/03/2007  18:30            77,090 EXPORTCONTROLLER.EXE-0303443A.pf
22/03/2007  18:30            94,238 QUICKTIMEPLAYER.EXE-280B4828.pf
22/03/2007  17:00            62,926 SL5D9.TMP-23A9335A.pf
22/03/2007  17:00            58,178 NDP1.1SP1-KB886903-X86.EXE-2514EFA0.pf
22/03/2007  15:49            31,504 RUNDLL32.EXE-276C7849.pf
22/03/2007  15:46            30,864 RUNDLL32.EXE-17FA6FB3.pf
22/03/2007  15:43            63,902 WMPLAYER.EXE-18DDEF9C.pf
21/03/2007  21:57            24,870 ALLOK VIDEO TO 3GP CONVERTER.-22F73741.pf
21/03/2007  21:38            84,628 COMPONENTLAUNCHER.EXE-142DFC99.pf
21/03/2007  21:38            22,748 NOTIFIER.EXE-00B6CD86.pf
21/03/2007  21:17            69,526 AVE.EXE-1FC190B5.pf
19/03/2007  16:16            81,712 SYSMECH6.EXE-39684016.pf
             114 File(s)      6,641,306 bytes
               0 Dir(s)  33,968,971,776 bytes free

Code:

 ----- Windows -------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\WINDOWS

26/03/2007  09:26               116 NeroDigital.ini
26/03/2007  01:25               478 setuplog.txt
25/03/2007  19:33               254 wiadebug.log
25/03/2007  12:08                 0 0.log
25/03/2007  12:08         2,085,279 WindowsUpdate.log
25/03/2007  12:08                50 wiaservc.log
25/03/2007  12:08             2,048 bootstat.dat
25/03/2007  12:07            32,624 SchedLgU.Txt
24/03/2007  13:53               697 win.ini
24/03/2007  13:53               274 system.ini
23/03/2007  15:57            54,156 QTFont.qfn
21/03/2007  21:38         1,117,723 setupapi.log
21/03/2007  17:39             1,443 SysMech6.INI
21/03/2007  16:57            76,909 wmsetup.log
21/03/2007  15:38                61 desktop.ini
21/03/2007  15:00            12,407 cdplayer.ini
21/03/2007  14:47             1,448 COM+.log
21/03/2007  14:40             1,409 QTFont.for
21/03/2007  12:21               529 nsw.log
21/03/2007  10:29             2,064 vminst.log
21/03/2007  09:26                 0 BJCFDins.log
20/03/2007  18:48           175,170 ntbtlog.txt
20/03/2007  18:45           134,548 ntdtcsetup.log
20/03/2007  18:45           729,380 iis6.log
20/03/2007  18:45           292,149 tsoc.log
20/03/2007  18:45            34,786 ocmsn.log
20/03/2007  18:45            30,295 tabletoc.log
20/03/2007  18:45             1,917 imsins.log
20/03/2007  18:45            31,531 msgsocm.log
20/03/2007  18:45           309,684 ocgen.log
20/03/2007  18:45           105,868 netfxocm.log
20/03/2007  18:45            42,727 medctroc.Log
20/03/2007  18:45           615,193 FaxSetup.log
20/03/2007  18:45           200,842 msmqinst.log
20/03/2007  17:22           871,568 DPINST.LOG
20/03/2007  16:59               376 ODBC.INI
20/03/2007  16:31             1,514 OEWABLog.txt
14/03/2007  15:55             5,600 KB929399.log
14/03/2007  15:54            12,928 KB929338.log
11/03/2007  21:06           170,072 setupact.log
11/03/2007  15:22           335,527 heroesdesktop.jpg
11/03/2007  14:51           202,240 Thumbs.db
09/03/2007  16:32               198 DXError.log
02/03/2007  09:08           127,352 spupdsvc.log
25/02/2007  13:48             4,965 wmsetup10.log
25/02/2007  01:40            13,819 KB926239.log
25/02/2007  01:40            34,197 updspapi.log
25/02/2007  01:40            10,912 MSCompPackV1.log
25/02/2007  01:40            30,893 wmp11.log
25/02/2007  01:39            47,872 WMFDist11.log
25/02/2007  01:38            10,838 Wudf01000Inst.log
25/02/2007  01:29           316,640 WMSysPr9.prx
25/02/2007  01:27            11,381 WMFDist11Uninst.log
25/02/2007  01:23             9,427 wmp11Uninst.log

Code:

 ----- Tasks ---------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\WINDOWS\tasks

25/03/2007  12:08                 6 SA.DAT
23/08/2001  13:00                65 desktop.ini
               2 File(s)             71 bytes
               0 Dir(s)  33,968,963,584 bytes free

Code:

 ----- Wintemp -------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\WINDOWS\temp

25/03/2007  12:08            16,384 Perflib_Perfdata_7c0.dat
22/03/2007  18:55            16,384 Perflib_Perfdata_7d4.dat
               2 File(s)         32,768 bytes
               0 Dir(s)  33,968,963,584 bytes free

Code:

 ----- Temp ----------------------------- 
 Volume in drive C has no label.
 Volume Serial Number is 68C2-F20A

 Directory of C:\DOCUME~1\Neal\LOCALS~1\Temp

26/03/2007  14:13           128,189 filelist.txt
26/03/2007  13:05             1,506 wmplog00.sqm
26/03/2007  12:13            16,384 ~DF9C1F.tmp
25/03/2007  20:03            32,768 ~DF8521.tmp
25/03/2007  20:03               512 ~DF852D.tmp
25/03/2007  19:50           235,820 MSI70578.LOG
25/03/2007  19:33               695 TWAIN.LOG
25/03/2007  19:33                 3 Twain001.Mtx
25/03/2007  19:33               156 Twunk001.MTX
25/03/2007  19:30            16,384 Perflib_Perfdata_b0c.dat
22/03/2007  23:37                 0 _mc19.tmp
22/03/2007  20:23             1,656 51e2_appcompat.txt
22/03/2007  18:33             3,371 qtplugin.log
22/03/2007  17:01            10,976 netfxsl.log
22/03/2007  17:01               346 MSIfe673.LOG
21/03/2007  20:10                 0 Twunk002.MTX
18/03/2007  21:26               121 DFC5A2B2.TMP
20/09/2004  01:59           339,565 IEC204.tmp
              18 File(s)        788,452 bytes
               0 Dir(s)  33,968,963,584 bytes free

Think i've done it correct

Cheers.

[Tammy]

Yeah! -> you got me!
That`s what i wanted to see!

Are you (sometimes) using this toolbar?:
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
If not we should delete it, 'cause many toolbars are close to Spyware in its behavior.
Please tell me if you want (need) keep it.

Now do the following please:
first empty the quarantine folder of your AVAST.

Next load down the
Atf Cleaner WinXP
(for Windows -
Firefox - and
Opera)
Follow the instructions of
Atribune to clean up your system and your browsers.
Put a check next to >>Select all<<, than >>Empty selected<<.
(Note: next 2 or 3 times your PC will boot slower than usual, thats normaly)


Afterwards execute please the following instructions:
Download AVG Anti-Spyware here.
Close ALL open WindowsPrograms and -Folders. Then start AVG Anti-Spyware and run a full scan in safe mode.
IMPORTANT: Please do not open any other windows or
programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

• Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab
  then click on "Complete System Scan".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• select the "Reports" icon at the top.
• now select the "Save report as" button
  and save it as a text file on your Desktop .

Close now AVG Anti-Spyware, reboot in Normal Mode and make us see the report. Also please a fresh hjt-logfile.

Notice:
Please poste all requested logfiles in "code-tags".
See here how to do this.

Cheers,
Tam

Sorry for my bad English!

[neal]

Hi Tam, Yeah i would like to deleat the sweetIM toolbar coz i never really use it!! Should i just uninstall it the conventional way by going to control pannel>add or remove progs etc??

Neal

[Tammy]

Yes, neal, of course.
.. if you find it under the add/remove-feature!

Normaly they don`t appeare there.
Let me know if you`ve found it.

Cheers
Tam