"Windows File Protection"

Discussion in 'adware, spyware & hijack cleaning' started by AllstarOSA, Jul 14, 2004.

Thread Status:
Not open for further replies.
  1. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    I have had the following pop-ups show up on my screen, all with the title "WINDOWS FILE PROTECTION", and each time displaying one of 3 messages:

    Windows detects that this computer is infected with a spyware called "SubSearch","MoneyTree","Aornum","Win32/Aspam.Trojan"!

    Windows detects that this computer is infected with a spyware called "AccessPlugin", "IEMonit", Whazit/Rnd", "GoHip"!

    Windows detected that this computer is infected with a spyware called "Wurldmedia", "Gator", "GoHip/Browserenh", "Httper"!

    it gives the option to download software to get rid of the spyware.
    If I hit yes, it takes me to a search page with the inquiry of "spyware" already inputed, so the page is just the results.

    If I hit no, it simply closes. Whatever option I choose, it adds the following "favorites" to IE:

    -Web Hosting
    -VIAGRA
    -Spyware Removal
    -Pop Up Blocker
    -Gift Certificate
    -Easy Search
    -CASINO
    -BEST SEARCH

    Occasionally while online, my page gets redirected to: http://download.spywarespykiller.com/spyware6 rather than to whatever page I was going to.

    I've had this problem for awhile now, ran many spyware/adware programs, including Spybot S&D, Ad-Aware 6.0, and Spy Sweeper and still have it.
    I followed the directions for posting logs, ran Spybot S&D, restarted my computer, and ran "Hijack This". Here's the Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 3:56:07 PM, on 7/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\WLANSTA.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\System32\EXSHOW95.EXE
    C:\WINDOWS\System32\ICO.EXE
    C:\WINDOWS\System32\EXSHOW.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\Pelmiced.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Palm\HOTSYNC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Documents and Settings\George Mixco\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Billminder.lnk.disabled
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
    O4 - Global Startup: Quicken Startup.lnk.disabled
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01e5615875294268c223/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38099.3490393519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {ECDEDB7F-BFD2-4010-9502-D300C3DDCD54} (SystemChecker.CheckerCtrl) - http://maxebrdi.fnismls.com/Paragon/Codebase/SystemChecker.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C51A164-D279-47B2-84DB-7CF9F2924AB8}: Domain = FREMONT.COM
     
    AllstarOSA, Jul 14, 2004
    #1
  2. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    AllstarOSA, Jul 15, 2004
    #2
  3. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    AllstarOSA, Jul 15, 2004
    #3
  4. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    an update on this problem,
    Everytime I run Spybot S&D, it finds "DSO EXPLOIT"

    Also, now my page has been directed twice to a site called Casino Palazzo.
    "http://www.casinopalazzo.com/index.php?sourceid=102174" (Dont go there)

    Maybe its all related. I've seen posts regarding Casino Palazzo problems, but when I scan using HijackThis, it doesnt seem to locate anything familiar.
    Maybe some one sees something I dont, or knows something new to try. Please help!
     
    AllstarOSA, Jul 17, 2004
    #4
  5. free@tlast

    free@tlast Spyware Expert

    Joined:
    Jun 15, 2004
    Posts:
    32
    Restart your computer in safe mode, find and delete this file:

    WINDOWS\System32\winnet.dll<

    Re-run hijackthis and fix checked:

    O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll (it might say 'no file, file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    To quickly check whether you have another problem (although I don't think so..)
    Download and unzip:
    >>AppRead.zip-AppInit_Viewer made by IMM<<
    From here:
    http://freeatlast100.100free.com/
    Double Click on "regread" file, copy and post the
    contents of "regread.log" file created in the folder, along with fresh hijackthis log.

    ***Edit:
    In addition, (Courtesy of My good bud Expert Bulldog)
    Search for this file:
    -taskmgn.exe in \Windows\System32 folder (Don't confuse with
    taskmgr.exe! ) And delete the taskmgn if found, as it was
    confirmed to be the probable cause.
     
    Last edited: Jul 17, 2004
    free@tlast, Jul 17, 2004
    #5
  6. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    Alright, Heres what happened:
    I could not find the winnet.dll file. There was a wininet.dll file, I dont know if its the same or not, but it could not be deleted (in use or something) even in safemode.

    When I ran HijackThis I found the first "o2" file but couldnt find:
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    it didnt show up on the scan.
    Here's the contents of the REGREAD.LOG file:

    A handle was successfully obtained for the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
    This key has 0 subkeys.
    The AppInitDLLs value exists and reports as 2 bytes, including the 2 for string termination.

    [AppInitDLLs]
    Ansi string : ""
    0000 00 00 | ..

    And here's the HijackThis Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 9:51:28 PM, on 7/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\WLANSTA.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\System32\EXSHOW95.EXE
    C:\WINDOWS\System32\ICO.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\Pelmiced.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\EXSHOW.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\George Mixco\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Billminder.lnk.disabled
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
    O4 - Global Startup: Quicken Startup.lnk.disabled
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01e5615875294268c223/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38099.3490393519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {ECDEDB7F-BFD2-4010-9502-D300C3DDCD54} (SystemChecker.CheckerCtrl) - http://maxebrdi.fnismls.com/Paragon/Codebase/SystemChecker.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C51A164-D279-47B2-84DB-7CF9F2924AB8}: Domain = FREMONT.COM
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE3F0DD-BE56-4202-A967-969A5E87D6E0}: NameServer = 205.188.146.146

    Here's another kicker,
    A program "encountered an error" while the computer was booting up.
    The error window described it as avifil32.exe and it had the same icon as the X that was placed on the desktop by Casino Palazzo.
    I did a search on the program, and found other files that seem to be related to it:
    C:\WINDOWS\system32
    avifil32.exe
    avifil32.dll
    avifile.dll
    avicap32.dll
    avicap32.dll

    C:\i386
    AVICAP.DL_
    AVICAP32.DL_
    AVIFIL32.DL_
    AVIFILE.DL_

    C:\WINDOWS\Prefetch
    AVIFIL32.EXE-06DE7B7E

    I deleted them, deleted the X icon on the desktop. On a restart it tried to place the X on the desktop again, but there was no icon for it, so it placed a generic icon instead. I deleted that icon, and it hasnt come back, yet (usually takes awhile for it to come back, we'll see.)
    Anyway, theres the info.
     
    AllstarOSA, Jul 18, 2004
    #6
  7. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    Sorry, this is the HijackThis Log, the one posted before was before fixing the problem, although, maybe you can see the other item I couldnt find.

    Logfile of HijackThis v1.97.7
    Scan saved at 10:11:12 PM, on 7/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\WLANSTA.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\System32\EXSHOW95.EXE
    C:\WINDOWS\System32\ICO.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\Pelmiced.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\EXSHOW.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\George Mixco\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Billminder.lnk.disabled
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
    O4 - Global Startup: Quicken Startup.lnk.disabled
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01e5615875294268c223/netzip/RdxIE601.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://isupport4.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38099.3490393519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {ECDEDB7F-BFD2-4010-9502-D300C3DDCD54} (SystemChecker.CheckerCtrl) - http://maxebrdi.fnismls.com/Paragon/Codebase/SystemChecker.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C51A164-D279-47B2-84DB-7CF9F2924AB8}: Domain = FREMONT.COM
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE3F0DD-BE56-4202-A967-969A5E87D6E0}: NameServer = 205.188.146.146

    Thanks by the way. :D
     
    AllstarOSA, Jul 18, 2004
    #7
  8. free@tlast

    free@tlast Spyware Expert

    Joined:
    Jun 15, 2004
    Posts:
    32
    Well, that's a bit unfortunate.
    I specified the file(s) to look for and delete.
    Anything else you did on your own is... :doubt:
    http://www.liutilities.com/products/wintaskspro/dlllibrary/avicap32/

    And it's unlikely for pests to reside in the \i386 folder...
    Hopefully you will be able to restore the damage..
    Good luck! :ninja:
     
    free@tlast, Jul 18, 2004
    #8
  9. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    The files were easily restored. I only placed them in the recycle bin.
    So far though, the problem hasnt come up. Thanks again for the help.
     
    AllstarOSA, Jul 19, 2004
    #9
  10. AllstarOSA

    AllstarOSA Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    8
    Take a look at this though,
    [​IMG]
    the file avifil32.exe has the same icon Casino Palazzo placed on my desktop...
    perhaps keep that file deleted?
     

    Attached Files:

    AllstarOSA, Jul 19, 2004
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...