so I should use TDS-3 I guess your saying...alrighty then

0

Matt, There is some stuff that niether might remove. Give a bit, just sittin down to dinner. Give CoolWebShredder a shot. It might clean things up a bit and repost your log. Be back hth shep

0

1. Run this uninstaller: http://home01.wxs.nl/~kleyn080/uninst.exe When done, use the following tool to delete the files themselves: Download Drpepertobackup.exe, save to disk, and doubleclick the file; it will self extract to c:\. Find the "C:\drpeper\Find backup and Delete Peper files.vbs" file and double click it. http://www.mjc1.com/files/mo/drpepertobackup.exe On the first prompt, copy and paste: Oval60.exe .... and hit ok. On the second, paste: Lkts40s6.exe and hit ok again. It will find all the files, delete them and will make backups in the same folder. It'll open a text file (Peper.txt) with the list of all files deleted. 2. Download and run CWShredder: CWShredder 3. Run HijackThis again and place a check in the box next to the following items. Doublecheck so as to be sure not to miss one. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe O4 - Global Startup: winlogon.exe O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/IAicm.cab O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccessXP1044.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://www.geocities.com/benson91588/loader.cab O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialerXP.cab O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://nugs.net/dev/dlControl.CAB After restarting delete the following: Files: C:\WINDOWS\mwsvm.exe C:\WINDOWS\System32\stcloader.exe Folders: C:\Program Files\ISTsvc C:\Program Files\Power Scan C:\Program Files\Media C:\Program Files\Common files\updater C:\Program Files\AutoUpdate C:\Program Files\Common Files\slmss C:\Program Files\ClearSearch C:\Program Files\VBouncer 4. Reboot, run another Hijack scan and post the new log.

0

And by all means run TDS

0

Alright...so should I do what Tom41 says to do...or should I use TDS and CoolWebShredder...or should I do both and if so in what order in the sequence of Tom41's should I use TDS and CoolWebShredder

0

Follow Tom's advice, he is the man shep

0

Tom eats viruses for breakfest, lunch and dinner. Follow his advice and it will not hurt to run TDS-3 after you do. All it can do is say it did not find anything. KTTD

0

First off I just want to thank everyone who's helped me so far! Second...I'm on the part when I'm doin the DrPeper thing. But what happens is when I hit OK after putting in Oval60.exe NAV pops up and says malicious script and tells me to stop it...is this what is supposed to happen?

0

Disable Norton while running the Find backup and Delete Peper files.vbs file.

0

Turn off auto protect.

0

Alright another problem...After I disabled NAV and all that stuff...I started DrPeper again and put in the two things and each time it said that it was not allowed...some runtime error or something...so it didn't work...what now? Also should I disable System Restore cause Im kinda reluctant to do that

0

Also should I backup all my major files again while my computer is at least working before I do all this stuff...or does it not really matter

0

Run Drpeper again and put Lkts40s6.exe in at the first prompt and Oval60.exe at the second. If you still get the error message, skip that part of the instructions and continue with the rest.

0

Alrighty...I did as much as I could...I couldn't delete the folder ISTsvc (it wouldn't let me) and I couldn't find the file stcloader in C:/WINDOWS/System32 it wasn't there...But here is my log anyhow: Logfile of HijackThis v1.97.7 Scan saved at 7:47:59 PM, on 12/14/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\Lkts40s6.exe C:\WINDOWS\System32\Lkts40s6.exe C:\Documents and Settings\Philip\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.google.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O1 - Hosts: 66.250.130.130 find4u.net O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E4D0B9E4-1891-46C1-AA1A-779B136478BB} - C:\WINDOWS\System32\dsosund3d.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [winmain] winmain.exe O4 - HKLM\..\Run: [49Q8WJ#5BBD7F3] C:\WINDOWS\System32\LsxI52.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/213ed927be0e970d6b06/netzip/RdxIE601.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.2521064815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} (EGStripDownload Class) - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D703D613-2B70-47DA-B0F6-C2B7806DD63B}: NameServer = 151.196.0.39 151.196.0.38

0

Ok, You need to run this uninstaller again: http://home01.wxs.nl/~kleyn080/uninst.exe Then, go here and download 2xExplorer: http://d21c.com/Tom41/2xExplorer.zip (copy and paste the link in your browser address bar). Unzip 2xExplorer. Double click and set up the following: Menu> View> Options > Show hidden files should be checked > ok. Menu > Tools > Find Files: Named: *.exe Look in: (browse or paste in) C:\WINDOWS\System32 Check the following: 'Use Text Constraints', 'Search non-text files' and in the 'Find What' paste: kern32 All other fields leave unchecked! Hit the 'Find' tab... The scan will run for few seconds and show the results. Delete everything that is found. Then open the task manager and end process on: C:\Program Files\ISTsvc\istsvc.exe. Run HijackThis again and place a check in the box next to the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer in safe mode when you're done. R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O1 - Hosts: 66.250.130.130 find4u.net O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O4 - HKLM\..\Run: [winmain] winmain.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe Once in safe mode delete the following: winmain.exe C:\Program Files\ISTsvc Reboot to Windows and run another Hijack scan and post the log.

0

Where is the 'winmain.exe' that I need to delete in safe mode?

0

Some things seem to be going a little crazy now...like i am typing, the letters will start to suddenly go all caps without me touching caps lock...some process seems to keep opening in the background cause IE keeps going to the idle state as if i wasnt using the window ...I think it might be this process called Lkts40s6 ...theres two of these and they seem to be doing stuff...also I don't know if devldr32 is supposed to be in the processes...i thought that was part of a virus too...maybe im wrong i dunno...but things seem to be acting up...all im doing is sitting here waiting until you can tell me where to find winmain.exe cause I have done all of the steps except for the restarting in safe mode and deleting that stuff

0

Ya might want to cut your lost and just format and reload the OS. KTTD

0

Winmain.exe could be anywhere..Use the search function to locate it. Click Start > Search. (make sure to click 'More Advanced Options' and select 'Search hidden files and folders') (Make sure you can view hidden files and folders...open any folder and click Tools > Folder Options > View tab. Select 'show hidden files and folders') It looks like you will have to manually edit the registry to remove Trojan.Peper. Go here for detailed instructions. http://www.mjc1.com/files/peperpage/

0

Alright I did everything except for removing the Peper Trojan...I will do that soon though....But here is my log after doing what you told me to do in post 21: Logfile of HijackThis v1.97.7 Scan saved at 7:56:38 PM, on 12/17/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Philip\Desktop\hijackthis\HijackThis.exe O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E4D0B9E4-1891-46C1-AA1A-779B136478BB} - C:\WINDOWS\System32\dsosund3d.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [49Q8WJ#5BBD7F3] C:\WINDOWS\System32\LsxI52.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/213ed927be0e970d6b06/netzip/RdxIE601.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.2521064815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} (EGStripDownload Class) - http://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D703D613-2B70-47DA-B0F6-C2B7806DD63B}: NameServer = 151.196.0.39 151.196.0.38

0

I'm skeptical about these two in the log: O4 - HKLM\..\Run: [49Q8WJ#5BBD7F3] C:\WINDOWS\System32\LsxI52.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D703D613-2B70-47DA-B0F6-C2B7806DD63B}: NameServer = 151.196.0.39 151.196.0.38 ...but I don't know what Im talking about...just wondering Also wondering if I should do TDS3 and if so should I scan the C drive and then anything that it comes up with delete? or should I come back and post what it says is bad...I've never used the program so some help would be appreciated Also...how could guard my computer from getting another one of these nasty trojan's haha

0

This may be your internet provider; O17 - HKLM\System\CCS\Services\Tcpip\..\{D703D613-2B70-47DA-B0F6-C2B7806DD63B}: NameServer = 151.196.0.39 151.196.0.38 SmartWhois home2.bellatlantic.net (151.196.0.39) 151.196.0.0 - 151.205.255.255 Verizon Internet Services 1880 Campus Commons Dr Reston, VA, 20191 US ---------------------- Verizon Internet Services noc@gnilink.net +1-703-295-4583 Remove these and reboot. O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll O2 - BHO: (no name) - {E4D0B9E4-1891-46C1-AA1A-779B136478BB} - C:\WINDOWS\System32\dsosund3d.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot This is the peper trojan. O4 - HKLM\..\Run: [49Q8WJ#5BBD7F3] C:\WINDOWS\System32\LsxI52.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/213ed927be0e970d6b06/netzip/RdxIE601.cab After you reboot, Download 2xExplorer: http://www10.brinkster.com/expl0iter/2xExplorer.zip (rightclick on the link and choose "Save Target As"). Unzip 2xExplorer. Double click and set up the following: Menu> View> Options > Show hidden files should be checked > ok. Menu > Tools > Find Files: Named: *.exe Look in: (browse or paste in) C:\WINDOWS\System32 Check the following: 'Use Text Constraints', 'Search non-text files' and in the 'Find What' paste: kern32 All other fields leave unchecked! Hit the 'Find' tab... The scan will run for few seconds and show the results. Rightclick then > print list >right click > select all > copy and post it. and go here to get windows critical updates; http://v4.windowsupdate.microsoft.com

0

I had this same hijacker infect my computer. In all, I ended up with 5 virii and a seemingly endless supply of pop-ups and ad-ware that multiplies as fast as you can delete them. After a few hours of fighting it using Spybot S&D, I downloaded the newest Ad-Aware 6.0 from lavasoft and it cleaned up the whole mess including the lop.com toolbars from IE. =) Spybot S&D a NOT work.

0