1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyaxe damage control - Microsoft Money 2002

Discussion in 'Virus & Other Malware Removal' started by DawnHartsell, Jan 3, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    I have Windows XP; after getting Spyaxe a few days ago, I've been able to fix almost all the problems except for three

    One: Microsoft Money 2002 won't open for me. The Windows Installer begins and says "preparing to install" then "gathering information to begin configuring" and then "need CD". I only have the 2001 CD. I can't find my 2002 CD-ROM. I found a way to open Microsoft Money by opening the upgrade icon in the Microsoft Money "Systems" folder in my program files. But the Windows Installer window keeps popping up again and again and again while Money slowly opens up. Is there any way to fix this without going out and buying a new Money 2002 CD?

    Two: The little Windows Update Icon on my bottom bar keeps flashing and showing that stupid "infected" bubble. I can't seem to get rid of it except by hiding it.

    Three: I've installed Norton symantec Antivirus to deal with the Spyaxe problem. But every time a quickscan runs, it detects the same two issues over and over again: "Trojan.Zlob" and "Trojan.Zlob.D" and no matter whether I clean the infected file or delete it, the quickscan reads "unknown action" next to the files after the action is complete and they appear again and again. The file names read "nvctrl.exe" and "mssearchnet.exe".

    What do I need to give you to help me with these three problems? I've never done a hijackthis thingy that I've read on other threads. Can you walk me through sending that to you if necessary?

    Thanks,
    Little Dawn
     
  2. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    Here is my HTL:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:40:06 AM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\mssearchnet.exe
    C:\WINDOWS\system32\nvctrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.churchrez.org/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: 2Wire Wireless Client.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    I've not previously seen spyaxe or any of the smitfraud trojans damage or attack M$ money before BUT !!!


    Download smitRem.exe

    or HERE and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.

    Next, please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.

    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    then

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:

      • [*]Sweep Memory
        [*]Sweep Registry
        [*]Sweep Cookies
        [*]Sweep All User Accounts
        [*]Enable Direct Disk Sweeping
        [*]Sweep Contents of Compressed Files
        [*]Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.

    Post the contents of smitfiles.txt and the a new HJT log and the spysweeper report .
    Let us know if any problems persist.
     
  4. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    Derek,

    Thanks for your response. I did all as you instructed. I will coipy the smitfiles.txt, new HJT log and the spysweeper report below. In attempting to open Microsoft Money 2002, the Windows Installer still starts and the result is: "Error 1706 No valid source could be found for product Microsoft Money 2002. The Windows Installer cannot continue"

    Smitfiles.txt

    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Tue 01/03/2006
    The current time is: 12:00:40.54

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SpyAxeFix © by noahdfear

    spyaxe directory present

    spyaxe uninstaller present

    Starting spyaxe uninstaller

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Security Troubleshooting.url


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    wbeconm.dll
    1024 dir
    msvol.tlb
    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    mscornet.exe


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 908 'explorer.exe'

    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN! :)

    Now here's the sweeper session log:

    ********
    12:26 PM: | Start of Session, Tuesday, January 03, 2006 |
    12:26 PM: Spy Sweeper started
    12:26 PM: Sweep initiated using definitions version 595
    12:26 PM: Starting Memory Sweep
    12:37 PM: Memory Sweep Complete, Elapsed Time: 00:10:49
    12:37 PM: Starting Registry Sweep
    12:37 PM: Found Trojan Horse: antivirus gold
    12:37 PM: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103594)
    12:37 PM: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103633)
    12:38 PM: Found Adware: spyaxe
    12:38 PM: HKCR\appid\spyaxe.exe\ (1 subtraces) (ID = 1005587)
    12:38 PM: HKCR\typelib\{2bb3bcbf-411a-4c67-8e69-f4bb301dc333}\ (9 subtraces) (ID = 1005758)
    12:38 PM: HKLM\software\classes\appid\spyaxe.exe\ (1 subtraces) (ID = 1005850)
    12:38 PM: HKLM\software\classes\typelib\{2bb3bcbf-411a-4c67-8e69-f4bb301dc333}\ (9 subtraces) (ID = 1006052)
    12:38 PM: Registry Sweep Complete, Elapsed Time:00:01:05
    12:38 PM: Starting Cookie Sweep
    12:38 PM: Found Spy Cookie: 2o7.net cookie
    12:38 PM: church of the [email protected][2].txt (ID = 1957)
    12:38 PM: Found Spy Cookie: adknowledge cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2072)
    12:38 PM: Found Spy Cookie: pointroll cookie
    12:38 PM: church of the [email protected][2].txt (ID = 3148)
    12:38 PM: Found Spy Cookie: advertising cookie
    12:38 PM: church of the [email protected][1].txt (ID = 2175)
    12:38 PM: Found Spy Cookie: atlas dmt cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2253)
    12:38 PM: Found Spy Cookie: burstnet cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2336)
    12:38 PM: Found Spy Cookie: centrport net cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2374)
    12:38 PM: Found Spy Cookie: clickbank cookie
    12:38 PM: church of the [email protected][1].txt (ID = 2398)
    12:38 PM: Found Spy Cookie: overture cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3106)
    12:38 PM: Found Spy Cookie: dealtime cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2505)
    12:38 PM: Found Spy Cookie: ru4 cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3269)
    12:38 PM: Found Spy Cookie: fastclick cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2651)
    12:38 PM: church of the [email protected][2].txt (ID = 1958)
    12:38 PM: church of the [email protected][1].txt (ID = 1958)
    12:38 PM: church of the [email protected][2].txt (ID = 3105)
    12:38 PM: church of the [email protected][1].txt (ID = 3106)
    12:38 PM: Found Spy Cookie: server.iad.liveperson cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3341)
    12:38 PM: Found Spy Cookie: serving-sys cookie
    12:38 PM: church of the [email protected][2].txt (ID = 3343)
    12:38 PM: Found Spy Cookie: spyaxe cookie
    12:38 PM: church of the [email protected][1].txt (ID = 6110)
    12:38 PM: church of the [email protected][1].txt (ID = 2506)
    12:38 PM: Found Spy Cookie: statcounter cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3447)
    12:38 PM: Found Spy Cookie: webtrendslive cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3667)
    12:38 PM: Found Spy Cookie: tracking cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3571)
    12:38 PM: Found Spy Cookie: trb.com cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3587)
    12:38 PM: church of the [email protected][1].txt (ID = 1958)
    12:38 PM: Found Spy Cookie: burstbeacon cookie
    12:38 PM: church of the [email protected][2].txt (ID = 2335)
    12:38 PM: Found Spy Cookie: myaffiliateprogram.com cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3032)
    12:38 PM: Found Spy Cookie: yadro cookie
    12:38 PM: church of the [email protected][1].txt (ID = 3743)
    12:38 PM: Found Spy Cookie: adserver cookie
    12:38 PM: church of the [email protected][1].txt (ID = 2142)
    12:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
    12:38 PM: Starting File Sweep
    12:40 PM: e3009252-403d-4fe3-b95e-b61c37 (ID = 217736)
    12:41 PM: 9c970e74-3862-4e38-a9c2-e0a6d5 (ID = 217736)
    12:41 PM: a0035115.exe (ID = 217736)
    12:42 PM: 75db7ec4-bc49-4a12-a8b8-556053 (ID = 217736)
    12:42 PM: b05b79ed-fb5e-4fce-afb5-2add38 (ID = 217736)
    12:49 PM: a0035760.exe (ID = 217736)
    1:01 PM: a0034979.exe (ID = 217736)
    1:23 PM: Found Trojan Horse: trojan-downloader-zlob
    1:23 PM: a0035770.dll (ID = 216906)
    1:25 PM: 1048b60b-c139-4247-8a08-47adce (ID = 217736)
    1:28 PM: a0035765.lnk (ID = 204550)
    1:28 PM: a0035600.lnk (ID = 204550)
    1:28 PM: 9a05166d-80e4-4a9c-b1f8-f44d5b (ID = 204550)
    1:28 PM: cf23b816-4dcc-4212-a085-79e31c (ID = 204550)
    1:28 PM: 411a18c6-45f4-4385-b58e-10a013 (ID = 204550)
    1:28 PM: b6a78c75-0448-4ecc-b0e9-e3031c (ID = 204550)
    1:28 PM: a0035110.lnk (ID = 204550)
    1:28 PM: ab2b03d6-39d3-4fcf-8435-f99b7d (ID = 204550)
    1:29 PM: File Sweep Complete, Elapsed Time: 00:51:11
    1:29 PM: Full Sweep has completed. Elapsed time 01:03:32
    1:29 PM: Traces Found: 74
    1:30 PM: Removal process initiated
    1:30 PM: Quarantining All Traces: trojan-downloader-zlob
    1:30 PM: Quarantining All Traces: antivirus gold
    1:31 PM: Quarantining All Traces: spyaxe
    1:31 PM: Quarantining All Traces: 2o7.net cookie
    1:31 PM: Quarantining All Traces: adknowledge cookie
    1:31 PM: Quarantining All Traces: adserver cookie
    1:31 PM: Quarantining All Traces: advertising cookie
    1:31 PM: Quarantining All Traces: atlas dmt cookie
    1:31 PM: Quarantining All Traces: burstbeacon cookie
    1:31 PM: Quarantining All Traces: burstnet cookie
    1:31 PM: Quarantining All Traces: centrport net cookie
    1:31 PM: Quarantining All Traces: clickbank cookie
    1:31 PM: Quarantining All Traces: dealtime cookie
    1:31 PM: Quarantining All Traces: fastclick cookie
    1:31 PM: Quarantining All Traces: myaffiliateprogram.com cookie
    1:31 PM: Quarantining All Traces: overture cookie
    1:31 PM: Quarantining All Traces: pointroll cookie
    1:31 PM: Quarantining All Traces: ru4 cookie
    1:31 PM: Quarantining All Traces: server.iad.liveperson cookie
    1:31 PM: Quarantining All Traces: serving-sys cookie
    1:31 PM: Quarantining All Traces: spyaxe cookie
    1:31 PM: Quarantining All Traces: statcounter cookie
    1:31 PM: Quarantining All Traces: tracking cookie
    1:31 PM: Quarantining All Traces: trb.com cookie
    1:31 PM: Quarantining All Traces: webtrendslive cookie
    1:31 PM: Quarantining All Traces: yadro cookie
    1:31 PM: Removal process completed. Elapsed time 00:00:41
    ********
    12:23 PM: | Start of Session, Tuesday, January 03, 2006 |
    12:23 PM: Spy Sweeper started
    12:24 PM: Your spyware definitions have been updated.
    12:26 PM: | End of Session, Tuesday, January 03, 2006 |

    Now here the HTL:
    Logfile of HijackThis v1.99.1
    Scan saved at 1:39:42 PM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.churchrez.org/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: 2Wire Wireless Client.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Is it possible that during the Nortan Symantec Antivirus scan, that I chose to delete infected files that my Windows Installer needs or Microsoft Money 2002 and Outlook need in order to run?

    Any advice you have is helpful.

    Thanks,
    Little Dawn
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

    and reboot

    then let us know how it is
     
  6. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    Same problem only it takes longer. Here is the HTL:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:26:49 PM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.churchrez.org/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: 2Wire Wireless Client.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    When I click on Microsoft Money 2002, the Window Installer opens up and says "Preparing to Install" and then "Gathering information" and then "Please wait while Windows configures Microsoft Money 2002" and then a new dialogue box opens that says "The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert the Microsoft Money 2002 disk and click OK." Then at the bottom of the new dialogue box it says: "Use Source" and lists: "Microsoft Works Suite 2002 disk 2." When I click on "Cancel" it says: "Error 1706: No valid source could be found for product Microsoft Money 2002. The Windows Installer cannot continue." Then I click on OK and the last dialogue box that pops up says: "Problem with shortcut: Fatal error occurred during installation".

    And finally when I open Microsoft Outlook 2002, and I go to Tools and then Email Accounts, I get a dialogue box that reads: "The operation failed due to a registry or installation problem. Restart Outlook and try again. If problem persists, please reinstall."

    (I would pop the Microsoft Money 2002 cd in to try to fix this but I lost the cd and only have Microsoft Money 2001 cd in my files) What else can I do?

    Feeling helpless,

    Little Dawn
     
  7. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    Derek,

    I can open Microsoft Money 2002 and start using it if I go to Program Files/Microsoft Money/System/ and click on Upgrade.exe, then the Windows Installer pops up like before, but if I continue to hit cancel, it pops up repeatedly while MM2002 slowly opens, until it's completely open and I can access all my financial records and make changes to it. The Windows Installer dialogue box opens occasionally but MM2002 stays open as long as I hit cancel. Can I do anything to fix this while MM2002 is open on my computer?

    Little Dawn
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    The only thing I can suggest is uninstall money 2002 and install 2001, but I'm not certain whether they changed any of the formats between the 2 so you might lose information

    it works going up but I'm not certain on going down

    or borrow a copy of money 2002 from someone as you have the required licence in the works suite
     
  9. DawnHartsell

    DawnHartsell Thread Starter

    Joined:
    Jan 3, 2006
    Messages:
    11
    What about my problems with Outlook 2002? Any suggestions there?

    Little Dawn
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    only do what they say
    try a repair or reinstall of outlook
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430573

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice