win32/adware

clack001 · 2007/07/17

well here is another one.. My wife got this one from installing an active x controller to view some video Anyway...nod32 finds it but it keeps popping up. Not really affecting systems yet, except for some noticeable lag in the system. Any help would be greatly appreciated. The one it keeps finding is c:docume~1\brad\locals~1\temp\bx18dxv.dat and its a win32/adware.agent.nao application

Scan saved at 10:25:53 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\1st Evidence Remover\erasrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Simple DNS Plus\sdnsmain.exe
C:\Program Files\Simple DNS Plus\sdnsgui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Folding@Home\winfah.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\DOCUME~1\brad\LOCALS~1\Temp\ddxplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\brad\Local Settings\Temporary Internet Files\Content.IE5\KS3QR2N2\HiJackThis[1].exe
C:\Documents and Settings\brad\My Documents\progs\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.revolutiontt.net/browse.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spyprodetector] C:\Program Files\Spyware Process Detector\spydetector.exe TRAY
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146343073578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155772135834
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\1st Evidence Remover\erasrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7179 bytes

Thanks,
Brad

TonyT · 2007/07/18

Paste the below into a Notepad windows, save to Desktop as "cleanup.cmd ".
Boot into Safe Mode and double click the cleanup.cmd file & folllow the prompts. It will remove all cookies, temp internet files, recent, temporary files & history. Run it several times if receive a message "could not delete file XXX because it is in use ". To boot to Safe Mode tap the F8 key during noot until get the boot menu, then use the UP arrow key to select Safe Mode (don't use Networking).
Note, this ONLY works with XP Professional, NOT with XP Home because XP Home does not ship with the taskkill.exe program.
If have XP Home then just manually delete the file in question.
Code:
taskkill /f /im explorer.exe
RD /S/q  "%UserProfile%\Local Settings\Temporary Internet Files "
RD /S/q  "%UserProfile%\Cookies "
RD /S/q  "%UserProfile%\Local Settings\History "
RD /S/q  "%UserProfile%\Recent "
RD /S/q   "%UserProfile%\Local Settings\Temp\ "
MD  "%UserProfile%\Local Settings\Temp\ "
pause
start explorer.exe

clack001 · 2007/07/18

thnx tony,

I have xp home just as an fyi. Ok I deleted all the internet cookies/files ect.
When I woke up this morning though Nod32 had found 15 more threats, so I not sure deleting files is going to help because now I stuck in the perpetual pop up loop. All the pop ups are for virus cleaner products (of course). And just to really start my day off right, my desktop background is now a bright red screen with a biohazard emblem in the middle that says my privacy is in danger blah blah blah. The background is comming from file:///C:/WINDOWS/privacy_danger/images/spacer.gif

So here is my latest hijack this report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:18 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\1st Evidence Remover\erasrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Simple DNS Plus\sdnsmain.exe
C:\Program Files\Simple DNS Plus\sdnsgui.exe
C:\Program Files\Folding@Home\winfah.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Documents and Settings\brad\Local Settings\Temporary Internet Files\Content.IE5\KS3QR2N2\HiJackThis[1].exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\brad\My Documents\progs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spyprodetector] C:\Program Files\Spyware Process Detector\spydetector.exe TRAY
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146343073578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155772135834
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O21 - SSODL: xvideo - {12A601DD-3E8E-4CD1-9E02-0DFA3DFAD6A9} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {D583F931-CADA-4BFA-A588-E187C004E838} - C:\WINDOWS\sounddrv.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\1st Evidence Remover\erasrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7445 bytes

Oh and just to let anyone know, I also ran vundo fix but it didnt find anything yesterday. I have to get to work now so Im gonna kill all internet activity with zonealarm and run it again..

Thanks again for any help

Brad

TonyT · 2007/07/18

Download SDFix and save it to your Desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Reboot into Safe Mode.
Next, use HjT to fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll
O21 - SSODL: xvideo - {12A601DD-3E8E-4CD1-9E02-0DFA3DFAD6A9} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {D583F931-CADA-4BFA-A588-E187C004E838} - C:\WINDOWS\sounddrv.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Also, rt click Desktop > select Properties > Desktop tab > Customize Desktop... button > Web tab > remove all Web pages in list if any there.

Use Disk Cleanup to get rid of all temp files:
Start > Programs > Accessories > System Tools > Disk Cleanup > select sytsem drive > check all available boxes > answer yes when prompted.

Make a new dir on Desktop, double click the sdsfix and extract the files to the new dir. Locate the extracted RunThis.bat and double click it. Follow the prompts.

After reboot, rescan w/ HjT & post results, new log & state of system now.

clack001 · 2007/07/18

wow what an adventure that was! Ok here goes. Did everything you suggested. Longest part of the process was the compressing of old files on the disc cleanup. That alone took 3 hours. Last thing I did was run the sd program in safemode and here is the log from that:

Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\brad\Desktop\NEWFOL~1\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\main_uninstaller.exe - Deleted
C:\WINDOWS\rs.txt - Deleted

Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\DC++\\DCPlusPlus.exe "= "C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++ "
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus "
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "= "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\brad\Desktop\NEWFOL~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Nertz Solitaire\Nertz.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\brad\Local Settings\Temp\BIT342E.tmp

Finished

So then we rebooted. The first 2 times I rebooted the system hung on my desktop, pointer was a constant hourglass and none of my icons ever came up. Its like the explorer never loaded. The third time we had som better success and thats how I'm typing here now. The system booted VERY slowly, I'd say 10 minutes, where it typically takes about 3 to boot. As of this point right now, I have no pop ups, Nod32 isnt finding any threats, my regular desktop wallpaper is back. There are 2 things which do stick out though to me:
1. very slow response time from the computer. Meaning from boot time to opening a folder, program, IE7 or just general surfing.
2. all my desktop icons are highlighted in blue. Just like when yoiu click on one to open or run one of them, they pop blue for an instant. Well mine all look like I clicked on them and the stayed blue. Not sure if that one makes sense but it's the only way I can describe it..

Lastly I ran hijack this again and here is the log from that:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:45 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\1st Evidence Remover\erasrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spyware Process Detector\spydetector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\brad\My Documents\progs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe "
O4 - HKLM\..\Run: [00ERSRRRNKY] C:\Program Files\1st Evidence Remover\eraser.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [spyprodetector] C:\Program Files\Spyware Process Detector\spydetector.exe TRAY
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146343073578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155772135834
O17 - HKLM\System\CCS\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\1st Evidence Remover\erasrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6605 bytes

Thanks again for all your help,
Brad

clack001 · 2007/07/18

update:

Things continue to improve. Speed is comming back and cpu seems to be keeping up with my mouse clicks. Also I was able to get rid of the blue highlight on the icons. Lemme know if you see anything weird in Ither of the logs.

Brad

TonyT · 2007/07/19

log looks OK.
Just for safety, disable system restore, reboot & renable it. There could be malware in the restore points. I am concerned though. In your original scan the privacy-danger was not seen. Some trojan must have downloaded it to begin with, and did we clean THAT trojan or not? I suggest doing a couple of online scans. Here's a few links:

http://housecall65.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.pandasoftware.com/products/ActiveScan.htm
http://ca.com/us/securityadvisor/virusinfo/scan.aspx

Oh, and apologies re the disk cleanup. I should have mentioned it's not necessary to do the compression step, oops!

clack001 · 2007/07/19

ok well I ran each of them, and each one found differnet trojans and said that it cleaned the infected files. The most common one that was found was trojan.bho.0

That one 18 files as found by bit defender's scan. A couple of the others that were found:
trojan.swfDL.A
trojan.genlot.ZM

The stats from bit defender:
8 viruses
27 infected files
35 deleted files

good idea to run them all again? Im assuming so

Brad

TonyT · 2007/07/19

OK, they may be hiding in a Restore Point.
Disable System Restore:
Rt click My Comp > select Properties > System Restore Tab > "Turn off ... "
Scan again.
Reboot.
Resan.
Reboot.
Post anothet HjT log.

clack001 · 2007/07/19

ok doing that now, will post back later.

And as always Thanks!

clack001 · 2007/07/19

well I'm typing this from safe mode. No matter what I do I cannot get the system to boot up normally. I was following the steps listed. I turned off the restore points, ran another scan. The second scan turned up only 1 file that was infected, which I thought to myself cool! Then the reboot. Not cool
The ststem will come up to the desktop and load all of the icons, but as soon as I click on an application, it will open but it wont run. I will have to close it and as soon as I do, the desktop crashes, all the icons disappear and Im left with a mouse pointer and my wallpaper (cant even get to the bottom taskbar as it isnt there). Now I have gone into safe mode and then into msconfig and stopped all unnecessary programs from loading at startup. Not sure if there is anything else to try. System runs fine in safe mode, even moved some files around in the event I need to reinstall xp, which is looking more and more likely

Brad

clack001 · 2007/07/19

latest hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:43 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\brad\My Documents\progs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.revolutiontt.net/browse.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - http://echospin.com/wizard/files/esWizard.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146343073578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155772135834
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O17 - HKLM\System\CS3\Services\Tcpip\..\{0083E7F5-3989-44FD-A7C6-D1BC9BEB0A0B}: NameServer = 167.206.251.13,167.206.251.14
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\1st Evidence Remover\erasrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5607 bytes

Also for some reason IE7 will only work for about 5 minutes in safe mode then it times out and will not connect to anything. If I reboot into safe mode I can reset that time and give me another 5 minutes....sigh

well I'm turning it off for the night I've had enough fun and festivities for one day

TonyT · 2007/07/21

1. Get rid of Limewire, the Limewire p2p network is loaded w/ malware.
2. Things seemed to be going fime after the SDFix cleanup, then the online scans found a lot more stuff and then downhill since.

That bothers me as I don't know what's behind the decline. Try booting in safe mode w/ networking and run online scans again. And update the NOD and scan.

clack001 · 2007/07/22

Thanks Tony for all of your help but I went and did a complete reinstall. There was so much garbage in the system that I felt it a better option
Brad

TonyT · 2007/07/22

OK, you're welcome.
I just wish we could have resolved the issues w/out forcing a reinstall.
Oh well, the reinstall will now provide a good base from which to build up again.
tt

Log in or Sign up

win32/adware

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

Share This Page

Log in or Sign up

win32/adware

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

clack001 Inactive Thread Starter

TonyT SuperGeek Staff

Share This Page

Useful Searches