Adware files needing removal from my computer

 You have one seriously sick puppy there.    Many things wrong...we will try one at a time, but in multiple step posts. Don't get discouraged if things don't go as directed...be flexible and work it out as best as you can. Some files may mutate and require more posts...try not to reboot after posting a new log and hearing back from me as the bad .dll files can change.

First...kill your peper infection:   I see it in this entry:

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe

Kill it using this page:

http://russelltexas.com/malware/peper/pepercomments.htm


Next....Warning! Unsafe Hijackthis folder! Please create a new folder named HJT in the first level of the C: drive. Copy or move the hijackthis executable file into the HJT folder and delete all other zip copies and extracted copies elsewhere.

See FAQ's 2,3,4 at

http://russelltexas.com/malware/faqhijackthis.htm


Next....Get CW Shredder to repair some of your CoolWebSearch infestations (you appear to have multiple infections):

http://www.spywareinfo.com/~merijn/files/cwshredder.zip version 1.59.0

Follow the directions for running the program at the next link.

http://www.bleepingcomputer.com/forums/index.php?showtutorial=47

At bleepingcomputer.com start reading at the section that says:

You can download this program here: CWShredder

(Note...we have noticed recently some CWS variants are harder to remove unless the shredder is run in Safe Mode...hit F8 while booting to enter Safe Mode and run the shredder.) Make sure you select the FIX button and not the Scan only button!

After cleaning with the shredder in Safe Mode do this:

Reboot in normal mode Windows and download and run these two programs (Spybot S&D and Adaware). Use Spybot first. (1.3 version)
http://majorgeeks.com/download2471.html Adaware download link at next hyperlink.

Follow the directions completely at:

http://www.cjwd.demon.co.uk/spybot-adaware.html

Print out and go slow on the instructions to set up the custom scan options for Adaware. These settings will be retained for future custom scans so don't go nuts thinking you have to do this every time you run it!

Reboot if asked by either program and let it complete any cleanup. Then reboot a final time after running both and run Windows Disk Cleanup: Start/Run/ type: cleanmgr

I check all the categories at the end of the scan and click OK.

Post back with a new log as a reply to this message (PLEASE stay in this message posting thread for continuity). A few of your infections will be addressed with these tools, but there will be much more to do.
HTH,

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at TomCoyote.com and SpywareInfo.com to help with malware like viruses, worms, adware, scumware, foistware and crudware in general. They are also the only experts specifically trained to analyze and advise on Hijackthis logs: Texruss, Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley. (If you are one of our classmates and not on this list email me for an addition to this list...we need all the help we can get *;-) BTW...clicking on people's usernames at the left will reveal information about them if they chose to have an open profile. My credentials are available for your perusal.

Texruss:

The Adaware software was not able to load on my computer for some odd reason.  I tried it several times, and it wouldn't work.  I did everything else you suggested, and it worked just fine.  Here is my new log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\d3tx32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\apivs.exe
C:\WINDOWS\System32\mbpmfxb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SpyBlocs\SpyBlocs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\msrexe.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\temp\DUDUTsVD7.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wtssvtr.exe
C:\Documents and Settings\Craig Clampett\Application Data\ttuh.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\Hijackthis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoisk.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\CRAIGC~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\CRAIGC~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\CRAIGC~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoisk.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {66E7A648-A2D0-B506-715E-8D564D8364C2} - C:\WINDOWS\system32\netny32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe
O4 - HKLM\..\Run: [apivs.exe] C:\WINDOWS\system32\apivs.exe
O4 - HKLM\..\Run: [jmekpggfl] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [te2b9] C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DUDUTsVD7] C:\windows\temp\DUDUTsVD7.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bsxfrbrr] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SVIDEOM] C:\WINDOWS\System32\SVIDEOM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtssvtr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Craig Clampett\Application Data\ttuh.exe
O4 - HKLM\..\RunOnce: [apiul.exe] C:\WINDOWS\system32\apiul.exe
O4 - HKLM\..\RunOnce: [appaw32.exe] C:\WINDOWS\system32\appaw32.exe
O4 - HKLM\..\RunOnce: [appgv32.exe] C:\WINDOWS\appgv32.exe
O4 - HKLM\..\RunOnce: [appfp.exe] C:\WINDOWS\appfp.exe
O4 - HKLM\..\RunOnce: [d3ew.exe] C:\WINDOWS\d3ew.exe
O4 - HKLM\..\RunOnce: [d3sm.exe] C:\WINDOWS\d3sm.exe
O4 - HKLM\..\RunOnce: [apirl.exe] C:\WINDOWS\apirl.exe
O4 - HKLM\..\RunOnce: [javayx32.exe] C:\WINDOWS\javayx32.exe
O4 - HKLM\..\RunOnce: [msmv.exe] C:\WINDOWS\system32\msmv.exe
O4 - HKLM\..\RunOnce: [ntxn32.exe] C:\WINDOWS\ntxn32.exe
O4 - HKLM\..\RunOnce: [appyf.exe] C:\WINDOWS\appyf.exe
O4 - HKLM\..\RunOnce: [addsk32.exe] C:\WINDOWS\addsk32.exe
O4 - HKLM\..\RunOnce: [crtt.exe] C:\WINDOWS\system32\crtt.exe
O4 - HKLM\..\RunOnce: [winzf.exe] C:\WINDOWS\winzf.exe
O4 - HKLM\..\RunOnce: [syslk.exe] C:\WINDOWS\syslk.exe
O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
O4 - HKLM\..\RunOnce: [ntwq.exe] C:\WINDOWS\ntwq.exe
O4 - HKLM\..\RunOnce: [addjm.exe] C:\WINDOWS\addjm.exe
O4 - HKLM\..\RunOnce: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\system32\addyb.exe
O4 - HKLM\..\RunOnce: [apicd.exe] C:\WINDOWS\apicd.exe
O4 - HKLM\..\RunOnce: [mfcoj32.exe] C:\WINDOWS\system32\mfcoj32.exe
O4 - HKLM\..\RunOnce: [mshw32.exe] C:\WINDOWS\system32\mshw32.exe
O4 - HKLM\..\RunOnce: [addzn32.exe] C:\WINDOWS\addzn32.exe
O4 - HKLM\..\RunOnce: [crcf.exe] C:\WINDOWS\crcf.exe
O4 - HKLM\..\RunOnce: [javair.exe] C:\WINDOWS\system32\javair.exe
O4 - HKLM\..\RunOnce: [crte.exe] C:\WINDOWS\crte.exe
O4 - HKLM\..\RunOnce: [sdkue.exe] C:\WINDOWS\system32\sdkue.exe
O4 - HKLM\..\RunOnce: [atlon32.exe] C:\WINDOWS\atlon32.exe
O4 - HKLM\..\RunOnce: [msrg.exe] C:\WINDOWS\msrg.exe
O4 - HKLM\..\RunOnce: [addvi.exe] C:\WINDOWS\addvi.exe
O4 - HKLM\..\RunOnce: [sdkok.exe] C:\WINDOWS\sdkok.exe
O4 - HKLM\..\RunOnce: [mssl32.exe] C:\WINDOWS\mssl32.exe
O4 - HKLM\..\RunOnce: [d3cq32.exe] C:\WINDOWS\system32\d3cq32.exe
O4 - HKLM\..\RunOnce: [apipe32.exe] C:\WINDOWS\apipe32.exe
O4 - HKLM\..\RunOnce: [javafr32.exe] C:\WINDOWS\javafr32.exe
O4 - HKLM\..\RunOnce: [sdkpv.exe] C:\WINDOWS\system32\sdkpv.exe
O4 - HKLM\..\RunOnce: [mfckv32.exe] C:\WINDOWS\mfckv32.exe
O4 - HKLM\..\RunOnce: [ipkz.exe] C:\WINDOWS\system32\ipkz.exe
O4 - HKLM\..\RunOnce: [winzz32.exe] C:\WINDOWS\system32\winzz32.exe
O4 - HKLM\..\RunOnce: [apidb32.exe] C:\WINDOWS\system32\apidb32.exe
O4 - HKLM\..\RunOnce: [mfcxh.exe] C:\WINDOWS\system32\mfcxh.exe
O4 - HKLM\..\RunOnce: [ieqq32.exe] C:\WINDOWS\ieqq32.exe
O4 - HKLM\..\RunOnce: [javana.exe] C:\WINDOWS\javana.exe
O4 - HKLM\..\RunOnce: [javaty.exe] C:\WINDOWS\system32\javaty.exe
O4 - HKLM\..\RunOnce: [javahn.exe] C:\WINDOWS\system32\javahn.exe
O4 - HKLM\..\RunOnce: [atlhu32.exe] C:\WINDOWS\atlhu32.exe
O4 - HKLM\..\RunOnce: [d3yw.exe] C:\WINDOWS\d3yw.exe
O4 - HKLM\..\RunOnce: [addhy32.exe] C:\WINDOWS\addhy32.exe
O4 - HKLM\..\RunOnce: [netjj32.exe] C:\WINDOWS\netjj32.exe
O4 - HKLM\..\RunOnce: [winsp.exe] C:\WINDOWS\winsp.exe
O4 - HKLM\..\RunOnce: [syscy.exe] C:\WINDOWS\system32\syscy.exe
O4 - HKLM\..\RunOnce: [sysfm32.exe] C:\WINDOWS\system32\sysfm32.exe
O4 - HKLM\..\RunOnce: [atlhb.exe] C:\WINDOWS\atlhb.exe
O4 - HKLM\..\RunOnce: [netvc.exe] C:\WINDOWS\netvc.exe
O4 - HKLM\..\RunOnce: [ipck32.exe] C:\WINDOWS\ipck32.exe
O4 - HKLM\..\RunOnce: [msxn.exe] C:\WINDOWS\msxn.exe
O4 - HKLM\..\RunOnce: [appdf.exe] C:\WINDOWS\system32\appdf.exe
O4 - HKLM\..\RunOnce: [ntfb32.exe] C:\WINDOWS\ntfb32.exe
O4 - HKLM\..\RunOnce: [cruw.exe] C:\WINDOWS\system32\cruw.exe
O4 - HKLM\..\RunOnce: [crgw32.exe] C:\WINDOWS\system32\crgw32.exe
O4 - HKLM\..\RunOnce: [sdkvy.exe] C:\WINDOWS\system32\sdkvy.exe
O4 - HKLM\..\RunOnce: [sysrk32.exe] C:\WINDOWS\system32\sysrk32.exe
O4 - HKLM\..\RunOnce: [appzp.exe] C:\WINDOWS\system32\appzp.exe
O4 - HKLM\..\RunOnce: [netkq.exe] C:\WINDOWS\netkq.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\system32\msir.exe
O4 - HKLM\..\RunOnce: [mfcgw.exe] C:\WINDOWS\system32\mfcgw.exe
O4 - HKLM\..\RunOnce: [sysba.exe] C:\WINDOWS\system32\sysba.exe
O4 - HKLM\..\RunOnce: [addab.exe] C:\WINDOWS\addab.exe
O4 - HKLM\..\RunOnce: [nted32.exe] C:\WINDOWS\nted32.exe
O4 - HKLM\..\RunOnce: [netgo.exe] C:\WINDOWS\netgo.exe
O4 - HKLM\..\RunOnce: [sdkzr32.exe] C:\WINDOWS\system32\sdkzr32.exe
O4 - HKLM\..\RunOnce: [netyd.exe] C:\WINDOWS\system32\netyd.exe
O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\mskn32.exe
O4 - HKLM\..\RunOnce: [javarg.exe] C:\WINDOWS\system32\javarg.exe
O4 - HKLM\..\RunOnce: [appuz32.exe] C:\WINDOWS\system32\appuz32.exe
O4 - HKLM\..\RunOnce: [mspk32.exe] C:\WINDOWS\system32\mspk32.exe
O4 - HKLM\..\RunOnce: [apieu.exe] C:\WINDOWS\apieu.exe
O4 - HKLM\..\RunOnce: [d3zo32.exe] C:\WINDOWS\system32\d3zo32.exe
O4 - HKLM\..\RunOnce: [sdkyq.exe] C:\WINDOWS\sdkyq.exe
O4 - HKLM\..\RunOnce: [javall32.exe] C:\WINDOWS\system32\javall32.exe
O4 - HKLM\..\RunOnce: [javacu32.exe] C:\WINDOWS\javacu32.exe
O4 - HKLM\..\RunOnce: [addgs32.exe] C:\WINDOWS\addgs32.exe
O4 - HKLM\..\RunOnce: [iedy.exe] C:\WINDOWS\iedy.exe
O4 - HKLM\..\RunOnce: [crmy.exe] C:\WINDOWS\system32\crmy.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Pop-Up Blocs v2.0.lnk = C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: winlgn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

Let me know what my next move should be....

Thanks,

Noleguy

Actually Texruss, I was finally able to find a site and download Ad-aware properly.  Therefore, here is my new log for you to review:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\mbpmfxb.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpyBlocs\SpyBlocs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\temp\DUDUTsVD7.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\cruk32.exe
C:\WINDOWS\appii.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\Hijackthis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoisk.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoisk.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {B550E44A-A371-83DE-2CDF-619537449A87} - C:\WINDOWS\cruk32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe
O4 - HKLM\..\Run: [jmekpggfl] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [te2b9] C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DUDUTsVD7] C:\windows\temp\DUDUTsVD7.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bsxfrbrr] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SVIDEOM] C:\WINDOWS\System32\SVIDEOM.exe
O4 - HKLM\..\Run: [cruk32.exe] C:\WINDOWS\cruk32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Pop-Up Blocs v2.0.lnk = C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: winlgn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

Sorry about the second posting, but it wasn't till after I posted the first log, that I was able to successfully download Ad-aware...

Thanks again,

Noleguy

If you killed the peper infection we can delete the line. Otherwise run it again.  http://russelltexas.com/malware/peper/pepercomments.htm

Fix check these in Hijackthis:

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe
(If you fixed it with the Peper tool)

O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab

Exit Hijackthis and reboot.

Get the new CWShredder from Merijn (released TODAY) and run it with the proper instructions:

You have a CoolWebsearch infection.

Get CW Shredder to repair your CoolWebSearch infestations:

http://majorgeeks.com/download4086.html

Follow the directions for running the program at the next link.

http://www.bleepingcomputer.com/forums/index.php?showtutorial=47

At bleepingcomputer.com start reading at the section that says:

You can download this program here: CWShredder

(Note...we have noticed recently some CWS variants are harder to remove unless the shredder is run in Safe Mode...hit F8 while booting to enter Safe Mode and run the shredder.) Make sure you select the FIX button and not the Scan only button!


Post back with a new log as a reply to this message...there will be more to do.
HTH,

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at TomCoyote.com and SpywareInfo.com to help with malware like viruses, worms, adware, scumware, foistware and crudware in general. They are also the only experts specifically trained to analyze and advise on Hijackthis logs: Texruss, Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley. (If you are one of our classmates and not on this list email me for an addition to this list...we need all the help we can get *;-) BTW...clicking on people's usernames at the left will reveal information about them if they chose to have an open profile. My credentials are available for your perusal.

Texruss:

Sorry about the delay, I was taking some time off away from the computer.  Here is my latest log, after the last removals were complete:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\mbpmfxb.exe
C:\Program Files\SpyBlocs\SpyBlocs.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\temp\DUDUTsVD7.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\Hijackthis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoisk.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoisk.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [jmekpggfl] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [te2b9] C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DUDUTsVD7] C:\windows\temp\DUDUTsVD7.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bsxfrbrr] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Pop-Up Blocs v2.0.lnk = C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: winlgn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

Let me know what my next move should be...

Noleguy

Run Hijackthis, scan and check the box left of these numbered line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoisk.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoisk.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoisk.com/index.htm

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O4 - HKLM\..\Run: [jmekpggfl] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\Run: [te2b9] C:\documents and settings\craig clampett\local settings\temp\te2b9.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DUDUTsVD7] C:\windows\temp\DUDUTsVD7.exe
O4 - HKLM\..\Run: [bsxfrbrr] C:\WINDOWS\System32\mbpmfxb.exe
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Pop-Up Blocs v2.0.lnk = C:\Program Files\Pop-UpBlocsv2.0\Pop-UpBlocsv2.0.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: winlgn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

With no other windows open click on fix checked button in Hijackthis.

Exit Hijackthis.

Reboot to SAFE MODE and Show HIDDEN FILES and folders

FAQ 8 and 9 on this page: http://www.russelltexas.com/malware/faqhijackthis.htm

Open Windows Explorer: type the word explorer at Start/Run box and click OK:

Drill on down and delete the following files and/or folders:


Files:
C:\WINDOWS\mxTarget.dll
C:\WINDOWS\System32\mbpmfxb.exe
C:\WINDOWS\system32\xvwizard32.hta
C:\WINDOWS\System32\pdfupd.dll
C:\WINDOWS\System32\winlgn.exe
C:\WINDOWS\System32\mbpmfxb.exe

Folders:
C:\documents and settings\craig clampett\local settings\temp  all files in temp folder leave temp name intact
C:\windows\temp          all files in temp folder leave temp name intact

C:\Program Files\Pop-UpBlocsv2.0
C:\Program Files\Spyware Stormer
C:\Program Files\SpyBlocs
C:\Program Files\MyWebsearch
C:\Program Files\ClockSync

Download and run these two programs (Spybot S&D and Adaware) at the link below. Use Spybot first.

Most of the Internet baddies can be killed by a one-two punch with Spybot and Adaware assuming these three factors are achieved:

1. Latest version
2. Configured correctly for running options
3. New definitions from update feature

Chris has posted an excellent tutorial by dgosling on how to run Spybot S&D and also how to enable customized deep scanning functions for Adaware. Once you set these options they will be retained for future scans by Adaware.

Follow the directions in this detailed guide for Spybot and Adaware...print out the directions in the custom scan tutorial as a reference while you set these options for the custom setup of Adaware. These custom settings will be retained for future custom scans so don't go nuts thinking you have to do this every time you run it! It may take you five minutes to set them up, but it's worth it.

http://www.cjwd.demon.co.uk/spybot-adaware.html

Please note the free Spybot 1.3 does have a slight bug...it detects some DSO exploits falsely. Hopefully an upgrade will fix this.The problem is not serious and should not deter people from using Spybot.

Reboot in normal mode Windows and run Disk Cleanup: type cleanmgr at Start/Run. Scan all hard drives and check all categories at the end and click OK.

If you have any problems with Disk Cleanup completing...XP users can fix it here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;812248

Or try this fix: http://www2.whidbey.net/djdenham/DeleteOldFiles.htm

Reboot and browse a bit and post a new Hijackthis log.

Special Comments:


After the final all clear is given by us you should flush your Restore Points for XP (assuming that is your OS...your header info for Hijackthis log is missing...please include in next post) . That means disabling the Restore Point, rebooting to flush it, then re-enabling a new Restore Point. The reason why we need to do this is to purge the bad files hidden in System Restore which can't be cleaned by your antivirus programs.

See FAQ 12 here: http://www.russelltexas.com/malware/faqhijackthis.htm

All the best,

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at TomCoyote.com and SpywareInfo.com to help with malware like viruses, worms, adware, scumware, foistware and crudware in general. They are also the only experts specifically trained to analyze and advise on Hijackthis logs: Texruss, Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley. (If you are one of our classmates and not on this list email me for an addition to this list...we need all the help we can get *;-)  BTW...clicking on people's usernames at the left will reveal information about them if they chose to have an open profile. My credentials are available for your perusal.