1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: A Mess.....3 viruses

Discussion in 'Virus & Other Malware Removal' started by Roe727, Feb 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    ok...no problem...I really, really, really appreciate your help....
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Let's see if we can get rid of some of the other malware and keep it gone long enough to get either L2MFix or the Symantec tool to work.

    I'll go through the log and post the recommendations shortly.
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I was posting when Katie posted this. Since she is probably already working on it, I'll let her have at it.
     
  4. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Ok...I'm running the ad-adware right now. Thank you for your help.
     
  5. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    AdAdware is up to 696 New Critical Objects!!!!! and still scanning.
     
  6. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Because XP will not always show you hidden files and folders by default.
    Reset your search settings first.

    Open Folder Options>view and check your settings:
    Select
    Show hidden files and folders
    Display the contents of system folders
    Uncheck: Hide protected operating system files
    Next go to Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
    Be sure the first three boxes are selected:
    Search System folders
    Search Hidden Files and folders
    Search SubFolders
    ------------

    Download CWShredder from this link:
    http://www.intermute.com/spysubtract/cwshredder_download.html
    -----------------
    Go to Add Remove programs and uninstall:

    Bargain Buddy
    My Web Search
    ---------------


    Boot to Safe mode.

    Go to start >Run and type Hijackthis. Press enter.

    Select and fix these items:


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Susan Zweig\Local Settings\Temp\gS2v.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

    O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
    O4 - HKLM\..\Run: [aahhkmhebqj] C:\WINDOWS\System32\nvdzzqrw.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0K.exe
    O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [I4b] C:\documents and settings\susan zweig\local settings\temp\I4b.exe
    O4 - HKLM\..\Run: [Tn] C:\documents and settings\susan zweig\local settings\temp\Tn.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
    O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe" /startup
    O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
    O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
    O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvbe32.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\jtnezabz.exe] C:\WINDOWS\jtnezabz.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [pmlduc] C:\WINDOWS\System32\pmlduc.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SStb.exe] SStb.exe
    O4 - HKLM\..\Run: [tlixFF] C:\documents and settings\susan zweig\local settings\temp\tlixFF.exe
    O4 - HKLM\..\Run: [DSgfKTf] C:\documents and settings\susan zweig\local settings\temp\DSgfKTf.exe
    O4 - HKLM\..\Run: [Okmwczw] C:\Program Files\Gkusccw\Yaallcd.exe
    O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
    O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\27.exe\27.exe"
    O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
    O4 - HKLM\..\Run: [ueKxG.exe] c:\windows\system32\ueKxG.exe
    O4 - HKLM\..\Run: [4qXNTJ] C:\windows\system32\4qXNTJ.exe
    O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop62.exe
    O4 - HKLM\..\Run: [oF9U3ng] ochv9i.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Susan Zweig\Desktop\l2mfix\second.bat
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKCU\..\Run: [Zoq8RhMnV] nvueers.exe
    O4 - HKCU\..\Run: [Lbsefvo] C:\WINDOWS\System32\??ool32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    O4 - HKCU\..\Run: [prutnct] C:\WINDOWS\System32\prutnct.exe
    O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZCxdm244XXUS
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bargain-buddy.net/cashba...er_ICMEDIAX.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...245bc6f8b5fbb1c
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2FD74BEC-AA17-49C0-A74E-3B20BE946496} - http://www.cursorzone.com/toolbar/f...e_bundle_p2.cab
    O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/Dist...r2501031120.EXE
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50043/QDow_AS2.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
    O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll
    O21 - SSODL: WinTools - {ABEC834E-AD86-6496-9524-85347844E8DF} - C:\PROGRA~1\COMMON~1\ODBC.dll (file missing)
    O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

    -----------------

    Go to
    C:\Documents and Settings\Susan Zweig\Local Settings\Temp

    Select all files and delete everything.

    If they exist ,delete these folders:
    Use The KillBox if need be. Anything which won't delete, use Kill on reboot. End Explorer Shell. Do not reboot until you have finished the entire list.

    C:\PROGRAM FILES\COMMON FILES\WinTools
    C:\Program Files\E2G
    C:\Program Files\SEP
    C:\Program Files\eSyndicate
    C:\WINDOWS\EliteToolBar
    C:\Program Files\SEP
    C:\PROGRAM FILEs\MYWEBSEARCH
    C:\WINDOWS\System32\wsxsvc
    C:\WINDOWS\System32\vmss
    C:\PROGRAM FILES\Toolbar
    C:\Program Files\NaviSearch
    C:\Program Files\Web_Rebates
    C:\Program Files\CSBB
    C:\Program Files\Gkusccw
    C:\PROGRAM FILES\COMMON FILES\tsa

    C:\Program Files\SurfSideKick 2


    IF they exist Delete these files using The KillBox if need be. Anything which won't delete, use Kill on reboot. End Explorer Shell.
    C:\WINDOWS\System32\mssaru.dll
    C:\WINDOWS\System32\ms.exe
    C:\active.exe
    C:\WINDOWS\System32\nvdzzqrw.exe
    C:\WINDOWS\System32\Cxe0K.exe
    EXPLORERZ.EXE
    C:\WINDOWS\System32\winupdtl.exe
    C:\Program Files\Common Files\Java\bptre.exe"
    C:\Program Files\Common Files\Java\Xcpy1.exe"
    C:\WINDOWS\mmups.exe
    C:\Program Files\SurfSideKick 2\Ssk.exe
    C:\windows\system32\kalvvbe32.exe
    C:\WINDOWS\jtnezabz.exe
    C:\WINDOWS\System32\pmlduc.exe
    SStb.exe
    ssqb.exe
    C:\WINDOWS\System32\wys.exe
    c:\windows\system32\ueKxG.exe
    C:\windows\system32\4qXNTJ.exe
    C:\WINDOWS\newpop62.exe
    ochv9i.exe
    nvueers.exe
    C:\WINDOWS\System32\??ool32.exe
    C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\WINDOWS\zeta.exe

    Restart the computer.

    Run CoolWebShredder.
    Run Ad-Aware.
    Try the VX2 remover again.

    Let me know how it goes.
    Post a new Hijckthis Log.


    I see you are running Ad-Aware. Anything it removes is a good thing. But then do follow up using these instructoins please.
     
  7. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    ok...this is going to take awhile and I have to pick up my son at work, so my post may not be for awhile.
     
  8. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Good Luck. See you later.
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Good luck from me as well!

    Thanks Katie! :)
     
  10. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    ok....system froze up after running ad-adware. I went to restart it and got a screen that says:
    Checking file system on C:
    The type of the file system is NTFS.
    One of your disks needs to be checked for consistency. you may cancel the disk check, but it is strongly recommended etc. etc. I let it run. It said it fixed some things and went and booted.

    I ran adadware..it deleted everthing but about 2 files.

    I booted in safe mode. Ran Hijackthis and checked what you told me to, although a few weren't there.

    Checked for the other files and deleted the ones I found.

    Rebooted and I'm running Ad-Adware again.

    I will post back after.
     
  11. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Ok good. After you do that, please run CoolWebShredder too.
     
  12. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Ran AdAdware again only got 6 files....wooohooo...but...they were Bargain Buddy and an VX2 files, I deleted again and made a note of where they are in the registry, but I'm not sure on Windows XP how to get to the registry.

    I tried to runFxSpl2me again, but still no luck....gets stopped at that one file.

    I still have an error message coming up that reads:
    Object Name: C:program Files'common files'dell.dll
    Virus Name: Trojan Horse
    Action Taken: Unable to repair this file

    Ran CW Shredder, the part that ran all said not present, but then it hit a glitch and couldn't run any further.

    I do think we are making headway here....thank you.

    Here is a new log after doing all that and rebooting:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:03:09 PM, on 2/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\WINDOWS\System32\kuiury.exe
    C:\WINDOWS\System32\EXPLORERZ.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\System32\nvueers.exe
    C:\WINDOWS\System32\??ool32.exe
    C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Susan Zweig\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKCU\..\Run: [Zoq8RhMnV] nvueers.exe
    O4 - HKCU\..\Run: [Lbsefvo] C:\WINDOWS\System32\??ool32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    O4 - HKCU\..\Run: [prutnct] C:\WINDOWS\System32\prutnct.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\RECYCLER\NPROTECT\00741092.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-6.0.1.20/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    And here is another Vx2 log:

    Log for VX2.BetterInternet File Finder (ALL)

    Files Found---

    Additional Files---

    Keys Under Notify---
    crypt32chain
    cryptnet
    cscdll
    ScCertProp
    Schedule
    sclgntfy
    SensLogn
    termsrv
    wlballoon


    Guardian Key--- is called:

    Guardian Key--- :


    Let me know where we go from here....Thank you
    Roe
     
  13. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I'm here and reading. Give me a few minutes.
     
  14. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Also in the Find It NT-2K-XP Folder. would you run find.bat and post the results please?

    To get into the XP registry go to Start>Run
    Type regedit. Press enter.
     
  15. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Ok...here it is just sitting there....I ran it as soon as you posted it.

    Also, when I try to get in the registry it opens and closes really fast. Won't stay open?? Probably something with the virus I still have??

    I'm exhausted...need to call it a night and pick up where we left off tomorrow.
    Let me know what to do here.
    Thanks!!!!!!
    Roe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326954

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice