download . trojan virus removal

Computing.Net > Forums > Security and Virus > download . trojan virus removal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

download . trojan virus removal

Name: VCVC
Date: January 13, 2004 at 21:16:22 Pacific
OS: Windows XP Pro
CPU/Ram: P4 / 512

Comment:

Hi,
Can you help me. I have the download.trojan virus as well my System 32 folder opens on log on and when opening Internet Explorer. NAV, Adaware, Spybot, Spyblaster, The Cleaner and Trojan removals no help. Below is Hijack file.
Thank you,
VC
Logfile of HijackThis v1.97.7
Scan saved at 12:07:43 AM, on 1/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\KhwX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\KhwX.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elise Schmelzkopf\Desktop\wpsetup.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\TEMP\_INS0432._MP
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Elise Schmelzkopf\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2EFCCEFF-C0FF-B92A-4A6F-C830F12A3AF0} - C:\WINDOWS\system32\hcsrzhlx.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {ACD26858-725E-317F-DDEB-C704552347B8} - C:\WINDOWS\system32\prnoaokh.dll
O2 - BHO: (no name) - {B2234DFD-DA2B-AB94-0AA2-C0B6B567BC80} - C:\WINDOWS\system32\coniyyan.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svjjqxef] C:\WINDOWS\nmtzqqrr.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Pcn67i0.exe
O4 - HKLM\..\Run: [a] C:\WINDOWS\System32\kqjopa.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ELISES~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [j] C:\WINDOWS\System32\hhwtvu.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HOUF] C:\WINDOWS\HOUF.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Elise Schmelzkopf\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Elise Schmelzkopf\Client\HelpExp.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.200.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.200.4

Sponsored Link

Ads by Google

Response Number 1

Name: Imp
Date: January 14, 2004 at 09:11:35 Pacific

Reply:

The right program you need right away:
Trojan Remover !!!
http://www.simplysup.com/tremover/details.html

Response Number 2

Name: Abnormal
Date: January 14, 2004 at 09:43:30 Pacific

Reply:

Move Hijack This to a permanent directory like c:\program files\hijack this\hijackthis.exe. This way you can undo any changes if something goes wrong.
Please follow these steps, in exactly that order:
Run this uninstaller:
http://home01.wxs.nl/~kleyn080/uninst.exe
When done, use the following tool to delete the files themselves:
Download Drpepertobackup.exe, save to disk, and doubleclick the file; it will self extract to c:\.
Find the "C:\drpeper\Find backup and Delete Peper files.vbs" file and double click it.
http://www.mjc1.com/files/mo/drpepertobackup.exe

A box will appear, copy and paste:KhwX.exe and hit ok.
A second box will appear, copy and paste Pcn67i0.exe
and hit ok.
It will find all the files, delete them and will make backups in the same folder.
It'll open a text file (Peper.txt) with the list of all files deleted.
Post the log files deleted, and also a
new hijackthis log.
Good luck

abnormal

Response Number 3

Name: VCVC
Date: January 14, 2004 at 12:54:12 Pacific

Reply:

Hi,
Thanks for the help. Imp, I tried Trojan Remover but it didn't help.
Abnormal, I downloaded uninst.exe but it didn't open any window, so I don't know if it did anything. I downloaded and ran Drpepertobackup.exe found no KhwX.exe but found Pcn67i0.exe. That log is below and new hijackthis log also.
Thanks for your help.
--------------------------
Drpepertobackup log
1/14/2004 3:41:55 PM
C:\WINDOWS\SYSTEM32\Pcn67i0.exe
C:\WINDOWS\SYSTEM32\SbziJQ.exe
C:\WINDOWS\SYSTEM32\Xej7.exe
Logfile of HijackThis v1.97.7
Scan saved at 3:44:29 PM, on 1/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2EFCCEFF-C0FF-B92A-4A6F-C830F12A3AF0} - C:\WINDOWS\system32\hcsrzhlx.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {ACD26858-725E-317F-DDEB-C704552347B8} - C:\WINDOWS\system32\prnoaokh.dll
O2 - BHO: (no name) - {B2234DFD-DA2B-AB94-0AA2-C0B6B567BC80} - C:\WINDOWS\system32\coniyyan.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146

Response Number 4

Name: Abnormal
Date: January 14, 2004 at 13:37:04 Pacific

Reply:

Put a check mark next to these, fix checked and reboot.
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {2EFCCEFF-C0FF-B92A-4A6F-C830F12A3AF0} - C:\WINDOWS\system32\hcsrzhlx.dll
O2 - BHO: (no name) - {ACD26858-725E-317F-DDEB-C704552347B8} - C:\WINDOWS\system32\prnoaokh.dll
O2 - BHO: (no name) - {B2234DFD-DA2B-AB94-0AA2-C0B6B567BC80} - C:\WINDOWS\system32\coniyyan.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xej7.exe
This is the peper trojan you still have.
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
After you reboot run cwshredder, click fix not scan.
cwshredder.zip

cwshredder.exe
For the peper trojan leftovers;
Download 2xExplorer: http://gd.tuwien.ac.at/pc/bazar/2xExplorer.zip
(rightclick on the link and choose "Save Target As").
Unzip 2xExplorer. Double click and set up the following:
Menu> View> Options > Show hidden files should be checked > ok.
Menu > Tools > Find Files:
Named: *.exe
Look in: (browse or paste in) C:\WINDOWS\System32
Check the following: 'Use Text Constraints', 'Search non-text files' and in the 'Find What' paste: kern32
All other fields leave unchecked!
Hit the 'Find' tab...
The scan will run for few seconds and show the results. Rightclick then > print list >right click > select all > copy and post it.
More info on how to find the peper files;
http://www.mjc1.com/files/peperpage/
Post another log when your done.
Good luck

abnormal

Response Number 5

Name: VCVC
Date: January 14, 2004 at 14:36:57 Pacific

Reply:

Hi Abnormal,
I followed your directions and ended with nothing listed in the 2xExplorer results file.
Does that mean the computer is clean.
TRhanks again for the help,
VC

explore nav iptables ads.web.aol.com winlogon.exe virus removal	iexplore.exe virus removal WinLogon Trojan Virus download fake virus
See More

Response Number 6

Name: Abnormal
Date: January 14, 2004 at 16:16:13 Pacific

Reply:

Looks like it may be gone, post another
log for us to see.

Response Number 7

Name: VCVC
Date: January 15, 2004 at 06:46:31 Pacific

Reply:

Sorry, I forgot, here's the log.
Thanks again for the assistance.
Logfile of HijackThis v1.97.7
Scan saved at 9:43:00 AM, on 1/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146

Response Number 8

Name: Abnormal
Date: January 15, 2004 at 09:32:29 Pacific

Reply:

VCVC,
If you are suddently getting audio ads out of the blue.. its probably the new advertising "feature" with the new version of AIM.
To stop this, put the sites ads.aol.com, ads.web.aol.com, VTOT.proxy.aol.com and ar.atwola.com in the restricted sites section of Internet Explorer. If you don't know, you can find this under tools, internet options and then security.
ads.aol.com
ar.atwola.com
VTOT.proxy.aol.com
ads.web.aol.com
after you do that, no more audio ads.
Remove these two lines to stop VTOT.proxy.aol.com.
O17 - HKLM\System\CCS\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{134C3913-96AC-4FCD-855E-B3F698F92BB8}: NameServer = 205.188.146.146
Other than that, your good to go.
Good luck

abnormal

Response Number 9

Name: VCVC
Date: January 15, 2004 at 15:52:27 Pacific

Reply:

Thank you Abnormal,
I really appreciate all the help. I couldn't have done it without. After a few days of trying I discovered this site and your feedback and assistance pulled me through.
Thanks again,
VCVC

Response Number 10

Name: Abnormal
Date: January 15, 2004 at 16:21:52 Pacific

Reply:

Secure yourself with the tips under my name, all I ask for my time.

Good luck and stay safe.

abnormal

Response Number 11

Name: Innocent_netuser
Date: January 20, 2004 at 15:13:56 Pacific

Reply:

when i did the running thing a error came up that said that i cant open it while im in system32 mode

Sponsored Link

Ads by Google

AVG Update

spyware? virus? help?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: download . trojan virus removal

download.trojan virus

Summary

www.computing.net/answers/security/downloadtrojan-virus/10429.html

Download.Trojan Virus

Summary

www.computing.net/answers/security/downloadtrojan-virus/10744.html

Download.trojan virus

Summary

www.computing.net/answers/security/downloadtrojan-virus/8971.html

From the Geek Dictionary
DLL - Dynamic Link Library - Used as a storage center for executable code for app...

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Net bt clearing

System is very slow

Antivirus System Pro alert

How does this work?

formula for doctors rotation schedule

All Awaiting Reply

Tom's News
Queues in Manhattan Form as DROID Launches

Report: $99 iPhone 3GS in Time For the Holidays

Game Boy, Ball Gets Into Toy Hall of Fame

iPhone Developer Stealing Private Info

Nintendo: There is No Wii HD

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE