I posted a topic in the "other computer problems" forums and they suggested that I post a HJT log over here at the same time to discern if I have a malware issue as well. Below is my HJT log and below that I posted the text of my inquiry in the other forum.
The basic problem is that anytime I connect to the web, my laptop freezes and I have to do a hard shut down. When it restarts, I get one of two things; either a message saying a new PCI device was detected or no message and I'm able to connect to the web for a short time until I freeze up.
Thank you so much for looking and any suggestions would be appreciated!
Logfile of HijackThis v1.99.1
Scan saved at 6:10:21 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.co...ls/DigWebX2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Random Freezing, my pc continuously freezes Options Track this topic
I recently (earlier this week) updated my system to Norton 360 as my spyware and old norton subscriptions ran out. Since the update, my computer randomly (and often) freezes up where I can not even move the mouse. The only alternative is to hold the power button in to reboot the system. Just prior to the upgrade to Norton 360, I updated Java. After updating to Norton, I removed the spysweeper software.
The last time I rebooted the system, I got a message saying that a new PCI hardware device was found and an installation wizard came up which I cancelled out of because I have not recently installed any new hardware.
Here is the header of the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:10:48 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Any ideas?
Thanks for looking.
Bob
paws
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Aug 12 2007, 08:40 AM Post #2
Advanced Member
Group: OCP Techs
Posts: 680
Joined: 11-November 04
From: Lat' 51N, Long' not much East or West, (UK)
Member No.: 18,221
Operating System: Win XP (Pro & Home) Win 2000, Linux
Gender:Creature
Hi,
Sorry to hear of the problems with your machine.
If the problems only started, when you updated your computer with Norton, then it would normally be recommended that you uninstall (Make sure your machine is disconnected from the Internet and you have previouslyvisited Symantec's website to download the latest version of their uninstaller, (for Norton 360) do a disc clean up a reboot and a reinstall.
However before you try this have you used the System Restore facility to restore your computer to a time prior to the troubles starting? If not this might be a first move for you to consider.
Regards
paws
--------------------
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.tomcoyote.org/donate.php/
bobncay
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Aug 13 2007, 06:06 PM Post #3
New Member
Group: Authentic Member
Posts: 13
Joined: 1-March 07
From: nisswa, MN
Member No.: 68,323
Operating System: windows xp
Gender:Male
I restored the system to a week ago as you suggested and that didn't solve the problem so I uninstalled and reinstalled the Norton 360. This didn't solve the problem either so I ran another comprehensive system scan through Norton as I did after initial installation. The difference this time is that it detected a virus called "downloader". I'm curious why it didn't pick it up the first time? Since getting rid of that little monster, it seems to be working better. It still freezes occasionally, but comes out of it after a minute or two so I don't have to restart.
Any more ideas?
Thanks again for your suggestions and looking!
bobncay
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Aug 13 2007, 07:59 PM Post #4
New Member
Group: Authentic Member
Posts: 13
Joined: 1-March 07
From: nisswa, MN
Member No.: 68,323
Operating System: windows xp
Gender:Male
My success was short lived! Shortly after my last post, the computer froze and I had to do the hard shut down (holding the power button in). Upon restart, I received a message in DOS form saying there was a "PCI device on Motherboard). I hit F1 to continue and the system started up and said that it found new hardware and pulled up the installation wizard, which I cancelled out of.
When I restarted however, it would not let me to connect to the internet. After about 6 tries of shutdowns and restarts, I finally was able to not get the hardware message and get online. By the time I got to this forum though the system froze again, hence I'm now working from my desktop instead of the laptop.
I have DSL and have noticed that there is a definative link between when I receive the "new harware found" message, and when I don't. When I receive the message, I am unable to connect to the internet no matter if I try to use wireless or if I hook up the big cable to the laptop. It's like it doesn't recognize it.
I decided to run another comprehensive scan with Norton again to see if it would find anything, but it came up blanks except that it showed over 3000 files in my temp folder. Keeping in mind that I just ran Norton yesterday, and found it strange to have so many files show up since I have only been to two websites and spent very little time online.
Thanks again for looking,
Bob and Cay
paws
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 01:52 AM Post #5
Advanced Member
Group: OCP Techs
Posts: 680
Joined: 11-November 04
From: Lat' 51N, Long' not much East or West, (UK)
Member No.: 18,221
Operating System: Win XP (Pro & Home) Win 2000, Linux
Gender:Creature
Hi Bobncay, This curious as you say!
The fact that Norton picked up a downloader after you restored your system to an earlier date, but did not detect it earlier, tends to suggest that your system Restore point was maybe infected.
However at this stage please DO NOT turn off system restore to flush the Restore points as even an infected one can sometimes be better than no restore points at all!
I think the next steps should be:
1 Next time the new hardware wizard appears, go along with it follow its recommendations and see how you go:
2 Visit the malware removal forum; post an HJT log and let the malware removal experts there, see what's going on inside your machine and if the infection is still present. If the issues with your machine remain after it has been declared clean by the malware removal expert, please post back here in this thread and we will do our best to help.
I will not give directions on how to download, run, an post an HJT log in the Malware removal forum, as I see you last visited that forum in March.
Regards
paws
--------------------
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.tomcoyote.org/donate.php/
Doug
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 10:37 AM Post #6
Be kinder than you think is necessary
Group: OCP Techs
Posts: 2,528
Joined: 15-May 05
From: California
Member No.: 32,477
Operating System: Win98, Win2k Pro, XP Pro, XP Home
Gender:Male
Hi Bob and Cay.
Hi Paws.
I wonder if your machine is showing any Warnings in Device Manager (red or yellow signs next to Device items?
I also wonder if you have an item in Device Manager labled "Other" or "Other Devices".
Device Drivers do occasionally get corrupted, so machines may detect that there is a device without a recognizable installed driver.... Thus "found new hardware".
If you are able to determine what the Device is in Device Manager, it might help you to properly install it and be done with the alert.
Click on "Remove" for any items with yellow or red warnings, then Reboot your machine.
Windows will detect the removed device as New Hardware, and will attempt to install a fresh copy of the necessary Driver.
______
As to the "downloader" detection.
As good as Norton is, it might be detecting something that is:
1. a normal safe download or update installation protocol for an application you intend to have
2. a piece of malware that would better be removed using a strong AntiSpyware like AVG AntiSpyware or Trojan Hunter
(I also like the free (and safe) tool from Sophos, that can be downloaded and run from CD. The scan/remove run takes between 10 to 30 minutes for either of the three above in my experience)
AVG AntiSpyware http://free.grisoft....pyware/us/frt/0
Trojan Hunter http://www.misec.net/trojanhunter/ (30 day limited trial)
Sophos offers a free "emergency copy of their downloader/trojan removal utility"
Here: http://www.sophos.co...tion/worms.html
(download for Windows XP is about 1/2 way down the linked page)
QUOTE
* Windows 2000/XP/2003
1. Download an emergency copy of SAV32CLI. On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
2. Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
3. At the infected computer, place the CD in the CD drive (D: in this example).
At the command prompt type
D:
to access the CD drive. Type:
CD SAV32CLI
Then type:
SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
to remove the worm.
4. Before leaving Safe Mode, edit any registry entries mentioned in the worm analysis recovery instructions.
5. If problems persist, contact support.
Any of the above three are Free and Safe to use.
__________
As for your problem getting connected online:
QUOTE
Start - Run - (type)cmd
this will bring up a DOS Box display with a blinking cursor
At the blinking cursor type the following commands in sequence, waiting for the procedures to complete before entering the next command:
ipconfig /release - enter <-- notice the required space before the "/"
ipconfig /renew - enter <-- notice the required space before the "/"
ipconfig /flushDNS - enter <-- notice the required space before the "/"
(Each of the above ipconfig steps may take from a few seconds to a minute or so to complete.
Wait for the blinking cursor to return before moving on to typing the next command.)
___________
If the above does not remedy the problem, try this Next:
go here:
http://files.webatta...insockxpFix.exe
Download Winsockxpfix.exe to your Desktop
Run Winsockxpfix.exe
For additional information about Winsockfix.exe you may read, here:
The graphical presentation walks the user through the entire process.
http://www.iup.edu/h...net/winfix.shtm
After you use the above procedures, it may still be a good idea as Paws recommended, to post a HJT Log over in Malware Removal to clean up any other baddies that may have slipped in.
Best Regards
--------------------
Miracles most often appear,
when summoned by preparation.
The help you receive here is free.
If you wish, you may donate to help keep us online.
Good Host for Screen Shots and Images
Post when you want, help when you can.
bobncay
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 06:38 PM Post #7
New Member
Group: Authentic Member
Posts: 13
Joined: 1-March 07
From: nisswa, MN
Member No.: 68,323
Operating System: windows xp
Gender:Male
Thank you Paws and Doug. I will post my HJT log for the experts to decipher!
As far as following the directions on the "found new hardware" message, I will be unable to do them since it wants to go out to the web to look for the software to go with it.
What I've learned so far is that if I get the message, I can't get to the web and the laptop does not lock up. If I don't get the message, I can get online, but only for a very short time before the system locks up.
Kind of a danged if you do, danged if you don't scenario.
I will try the suggestion you two laid out, and post back my findings.
Thanks again!
Bob and Cay
bobncay
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts 5 minutes ago Post #8
New Member
Group: Authentic Member
Posts: 13
Joined: 1-March 07
From: nisswa, MN
Member No.: 68,323
Operating System: windows xp
Gender:Male
Good afternoon Paws and Doug. Writing to you from my desktop. Starting to think the laptop might serve better as a paper weight!
So far, no success, but I have come to one conclusion; whenever I am able to go online is when the freeze-ups occur. If I stay disconnected from the internet, the laptop does not freeze up.
As to your suggestions here is what I found:
In device manager, there is no warnings however there is a listing for "other devices" as you suspected. If you expand that listing, there are two yellow question marks that appear.
As to the anti-spyware software, I ran the AVG scan since I was a bit familiar with the program from my last bout of problems in March of this year. It detected 6 different cookies of low risk, 1 program of high risk called "Not-A-Virus popcap loader" and 1 of low risk with the same name; "Not-A-Virus popcap loader".
I then ran the Winsock fix you recommended.
As for getting online when I can't, I tried the commands you listed in DOS, but it still didn't let me on.
I downloaded my HJT log and will post that in the Malware section shortly.
thanks again,
Bob and Cay