BleepingComputer.com: Previously infected with system tool, then invisible ads started occuring

My friend's PC was infected with System Tool 2011, and I was unavailable to help immediately, so I am unsure as to what steps had been taken previous to my attempting to clean the PC. As I had already dealt with System Tool before I already had TFC and knew what to look for. But then there was an unexpected surprise when ads started playing through the speakers. Also I had noticed that an occasional google redirect would occur. After actually installing an anti-virus (Avast) and activating the XP firewall, a warning pops up from Avast saying "Malicious URL Blocked", with the IP 64.111.211.xxx listed. So the ads have stopped, but the cause still exists. Malware Bytes and Avast do not find the cause of this, and I have tried all that I can think of. Any help would be greatly appreciated. Thank you in advance.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Bobby at 13:43:32 on 2011-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1326 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Bobby\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: bmgi.com
Trusted Zone: bmgi.com\bmgu
Trusted Zone: bmgi.org
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267715424015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bobby\application data\mozilla\firefox\profiles\6unqcky9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\bobby\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {FB0B0DE2-DBE6-46B9-9468-138EF7D8EF16} - c:\documents and settings\bobby\local settings\application data\{FB0B0DE2-DBE6-46B9-9468-138EF7D8EF16}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2009-3-8 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2009-3-8 52224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-15 307928]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-8 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-15 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-15 42184]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-3 54760]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-3 47640]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
.
=============== Created Last 30 ================
.
2011-05-20 18:30:01 -------- d-----w- c:\program files\ESET
2011-05-19 19:10:05 -------- dc-h--w- c:\windows\ie8
2011-05-19 15:42:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-19 15:42:42 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-18 17:43:27 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-17 20:07:49 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-17 20:07:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-17 20:07:23 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-17 18:51:38 388096 ----a-r- c:\documents and settings\bobby\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-17 18:51:37 -------- d-----w- c:\program files\Trend Micro
2011-05-17 18:43:57 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-17 18:43:42 -------- d-----w- c:\program files\Windows Media Connect 2
2011-05-17 18:40:59 -------- d-----w- c:\windows\system32\LogFiles
2011-05-17 18:36:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-17 18:33:59 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-17 18:33:50 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-17 18:33:36 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-05-17 18:33:27 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-05-17 18:33:27 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-17 18:33:18 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-17 18:32:40 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-05-17 18:32:24 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-17 18:30:31 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-05-17 18:30:31 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-05-17 18:30:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-17 18:29:18 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-05-16 00:23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-16 00:23:47 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-15 23:47:44 -------- d-----w- c:\program files\Enigma Software Group
2011-05-15 21:41:19 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-15 21:41:08 40112 ----a-w- c:\windows\avastSS.scr
2011-05-15 21:40:53 -------- d-----w- c:\program files\AVAST Software
2011-05-15 21:40:53 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-05-14 16:45:55 -------- d-----w- c:\windows\system32\drivers\disdn
2011-05-14 13:51:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-14 13:51:13 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-27 07:00:05 256 ----a-w- c:\windows\system32\pool.bin
2011-02-23 06:57:00 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 06:57:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:57:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:57:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 06:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:57:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:57:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:57:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-23 06:57:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:57:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:57:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 06:57:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 05:33:42 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-02-23 05:33:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-02-23 05:33:36 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-02-23 05:33:36 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-02-23 05:33:36 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-02-23 05:33:36 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-02-23 05:33:36 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 13:45:21.10 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth Code, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Sorry for the delay. When I returned to start the process, the computer was unable to even get to the login screen. I tried to see if I could fix it, but I think it's a lost cause. I am just going to format and reinstall. I was just making sure that it was as bad as I feared before I replied. Thank you for helping, and again, sorry for the delay (bleeping computers, eh?) Maybe they'll see it as a lesson to ensure that antivirus and firewalls are used at all times on a shared family computer. Again, thank you for your time and patience, your instructions were very clear.

Gavin

No worries, thanks for letting me know, I appreciate it.

Take care.

ST.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.