HI folks. I really have some serious issues here.
I am visiting my grandmothers house and somehow they have managed to download 8 viruses(7 which I have removed) and some sort of adaware that keeps popping up every 60 seconds with a new pop-up window.
Its called look.2.me or something like that and it is not listed under the Hijackthis log nor can I find it through cwshredder, spybot, adaware, or any of the others. I even downloaded a pop-up blocker which is pretty much worthless.
Then yesterday I tried to update the Norton Antivirus definitions and there was an error message. I found that I needed to re-install Norton. So I uninstalled it and rebooted the machine.
When I rebooted, I tried to reinstall it and everytime I do, it says a previous uninstall of Norton hasnt completed because I need to reboot yet.
10 reboots later, now the thing is starting to crash constantly.
There are Internet Explorer error that wont repair themselves when I try that. Scan disk wont run. (Even with a reboot when it freezes).
We dont have a copy of Windows98se here and even if we did, we have a lot of info we dont want to lose here, as there is no back up copy.
Is there a utility I can run or somehting that will self -fix some of these problems? Maybe just starting with Norton which is making me feel like I need therapy here.
I have to leave tomorrow from this house and would love to have this working accordingly before I leave.
Also, Microsoft update will not work.
I get to the page and it wont load.
Maybe this is a few different steps involved here.

Any suggestions?????

Help!

I read with the help of Google, that this is a nasty one.

My solution to all troubles on my computer is this:

start the program PVIEW.EXE, which gives a list of programs that are running at the time you doubleclick on pview.exe

this way you see what programs may cause problems, including the folder where it is situated. just delete (or rename) it.
(if that doesn't work ion windows, restart in ms-dos and delete it then. wrtie down the exact folder and name of the spyprogram.

you can download (and get info about) pview.exe here:

http://www.x10.crevier.org/pview/

(if that doesn't work in windows, restart in ms-dos and delete it then. Before restarting in ms-dos, write down the exact folder and name of the spyprogram).


pview

Report Offensive Follow Up For Removal

Going to try that now......

it is a good idea to hit the button "Immunize" of the spyware cleaner "Spybot"

sorry, wrong shortcut, this is the one:

http://www.teamcti.com/pview/

prcview

Report Offensive Follow Up For Removal

Ok,I have run the pview and really dont see which one is out of place.
Tried to reboot in ms-dos by the way and its been so long since Ive been in there, I was able to get to the folder (System) its in, but couldnt seem to locate it. The file is called Dendl.dll.
I forget what commands to find a file let alone even remove it.

Here is the Pview list...any ideas?

(Oh and I did immunize on spybot as well:)

ATI2CWXX.EXE 4294742373 C:\WINDOWS\SYSTEM\ATI2CWXX.EXE ATI Common Windows Display Driver Extension 4.12.1003. Copyright © ATI Technologies Inc., 1999
ATI2EVAE.EXE 4294836397 C:\WINDOWS\SYSTEM\ATI2EVAE.EXE ATI2EVAE.EXE
ATIPTAXX.EXE 4294753353 C:\WINDOWS\SYSTEM\ATIPTAXX.EXE ATI Task Icon 4.12.2468. Copyright (C) 1998-2000 ATI Technologies Inc.
EXPLORER.EXE 4294856753 C:\WINDOWS\EXPLORER.EXE Windows Explorer 4.72.3110.1. Copyright (C) Microsoft Corp. 1981-1997
KERNEL32.DLL 4279232361 C:\WINDOWS\SYSTEM\KERNEL32.DLL Win32 Kernel core component 4.10.1998. Copyright (C) Microsoft Corp. 1991-1998
MMTASK 4294851881 C:\WINDOWS\SYSTEM\mmtask.tsk Multimedia background task support module 4.03.1998. Copyright © Microsoft Corp. 1991-1998
MPREXE.EXE 4294845533 C:\WINDOWS\SYSTEM\MPREXE.EXE WIN32 Network Interface Service Process 4.10.1998. Copyright (C) Microsoft Corp. 1993-1998
MSGSRV32 4294955981 C:\WINDOWS\SYSTEM\MSGSRV32.EXE Windows 32-bit VxD Message Server 4.10.1998. Copyright (C) Microsoft Corp. 1992-1998
MSTASK.EXE 4294859785 C:\WINDOWS\SYSTEM\MSTASK.EXE Task Scheduler Engine 4.71.1972.1. Copyright (C) Microsoft Corp. 2000
POPUPSTOPPERPROFESSIONAL.EXE 4294650297 C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE Pop-Up Stopper Professional 1, 0, 0, 1. Copyright (C) 2002-2003
PRCVIEW.EXE 4294460597 C:\WINDOWS\TEMP\PRCVIEW.EXE Process Viewer Application 3.7.3.1. Developed by Igor Nys, 1995-2003
PSTORES.EXE 4294571353 C:\WINDOWS\SYSTEM\PSTORES.EXE Protected storage server 5.00.1877.3. Copyright (C) Microsoft Corp. 1981-1998
RNAAPP.EXE 4294699345 C:\WINDOWS\SYSTEM\RNAAPP.EXE Dial-Up Networking Application 4.10.1998. Copyright (C) Microsoft Corp. 1992-1998
RUNDLL32.EXE 4294812081 C:\WINDOWS\RUNDLL32.EXE Run a DLL as an App 4.10.1998. Copyright (C) Microsoft Corp. 1991-1998
STIMON.EXE 4294723673 C:\WINDOWS\SYSTEM\STIMON.EXE Still Image Devices Monitor 4.10.1998. Copyright (C) Microsoft Corp. 1996-1998
SYSTRAY.EXE 4294730797 C:\WINDOWS\SYSTEM\SYSTRAY.EXE System Tray Applet 4.10.1998. Copyright (C) Microsoft Corp. 1993-1998
TAPISRV.EXE 4294679257 C:\WINDOWS\SYSTEM\TAPISRV.EXE Microsoft® Windows(TM) Telephony Server 4.10.1998. Copyright (C) Microsoft Corp. 1994-1998
TASKMON.EXE 4294712885 C:\WINDOWS\TASKMON.EXE Task Monitor 4.10.1998. Copyright (C) Microsoft Corp. 1998
VSMON.EXE 4294857837 C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE TrueVector Service 4.5.530.000. Copyright © 1998-2003, Zone Labs Inc.
WINZIP32.EXE 4294453705 C:\PROGRAM FILES\WINZIP\WINZIP32.EXE WinZip Executable 8.0 (3105). Copyright (c) WinZip Computing, Inc. 1991-2000 - All Rights Reserved
ZLCLIENT.EXE 4294768269 C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE Zone Labs Client 4.5.530.000. Copyright © 1998-2003, Zone Labs Inc.

Look, I really need some help here, gonna only be here til tomorrow morning.......
Please???

I don't find enough information to assist.
It's like you have a 500 piece puzzle, lost some of the pieces and are asking us which ones are missing. Can't tell from here.

You started out with one problem and compounded it with the Norton problem.

You state the offending file to be Dendl.dll but it is not listed in the PRCView log.

So it was broken and now it is really broken.

What is your problem to be addressed first?
Uninstalling Norton?
Getting rid of the Dendl.dll?
Getting rid of the popups?
Troubleshooting crashes?
Not sure where you are at.

Bryan

First of all, if you read the first few posts COMPLETELY, you'll see that I have an adaware imposter that has caused all these problems. Norton detected it as that file.(dendl.dll)(also known as......look.2.me)
Think maybe you should do the same as the others here have done and myself, and read up on Look.2.me, which by the way when I do read up on it, doesnt seem to give an accurate solution. Not one that works anyways.
Sorry if my posting offended you of the dendl.dll, but also if you read all these posts you will plainly see I was only taking the advice I was given. Now start at the beginning and someone please tell me what they think I might do next before I set this computer on fire.
This really bothers me that this is not a followable post as I know darn well, its pretty clear.
I have spyware causing pop-ups, and it also seems to be crashing and destroying other programs, short of reinstalling windows, I am wondering if theres something else I can try.

Thank you.

Not trying to give you a hard time. I see that you are getting quite anxious due to your time contraints.

Where are you at now?

You can boot to Windows and work it?

What is your present first priority?

Bryan

Windows HAS been booting up.

I want to get this pop up thing off of here. I have tried everything.
I need Norton back.

These are my first priorities.

Run Spybot S&D again. Make sure it is updated first.

Then run HiJackThis and post it's log for review here.

I am tracking this post.

Bryan

Besides Norton Antivirus are you running any other Norton or Symantec products on your machine?

Bryan

No Im not-doing that all now.

Running spybot right now-it appears it found one item so far.

Here is the Hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 4:45:22 PM, on 7/26/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37935.3789699074
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

That first ieautosearch one has been removed.

That pop-up window was not fixed however, popped up right after that last post.

This is balls to the wall style,

check in regedit under start > run > regedit

HKEY_LOCAL_MACHINNE\Software\Microsoft\Windows\CurrentVersion\Run and all the other other Run* folders and delete every entry.

Do the same for the follwing registry links

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and all other run* folders

now run msconfig start > run > msconfig
and uncheck everything, dont restart at this time, get the latest update to spy-bot, and dont just say you have ot, get it, then run it, immunize your computer after fixing what it finds. Now click on tools in spy-bot and click on Resident, check on both the "tea timer" and the browser blocker helper, then and only then reboot you system and let us know the result.

Will I recheck some of these things before I reboot though, because some of these programs make the computer function.....

Dont check rundll32, and best let nothing load, the computer functions only by input, so load whats needed after a clean boot

Well, spybot wont even run now...says it caused some sort of invalid page fault, and now my computer is slowly freezing up...any suggestions?

Export each Run command in the registry first if you are going to play those games.
The .reg files you get will enable you to put any of them back you find you need later.

Have you asked the Security & Virus forum about Look.2.me and Dendl.dll to see if they have a proper fix. Try to be certain about the name of the virus if it is still possible at this stage.

Derek.W

I thought I should let you know that when I ran msconfig, I didnt see anything but one thing to uncheck, there was only one thing listed.
Also Autoexec was blank as was config.

press control+alt+del a few times, make sure nothing is checked to start when windows loads, you may want to view config.sys and autoexec.bat in the c:\ drive and see if they have anything suspicious before rebooting. Other then that all I can think of is your poor parents must think youve gone blind or made god angry with all those porn sites you must have visited to get sucha nasty infection :p

Ok, well, I had already deleted them as he said.

Now what.

Ok LOL, first of all, I am a woman, no need to be on smut sites.
Very funny.
Secondly, everytime I visit my grandmother, there is a new suprise on here needing to be fixed...its just this is the worst one so far.
I keep telling her to update everything, and she keeps forgetting........arghhhhhhhhh!!!

reboot, load up windows and surf around fir a bit, let us know what happens.

Ok...rebooted.
Didnt see anything load.It appears right now when I hit ctrl alt delete, I see rundll32 and rnaapp which I understand to be the dial up connection.
My home page loaded, then a pop-up popped up right away.

Guess it didnt work?

Now what.

Ok...rebooted.
Didnt see anything load.It appears right now when I hit ctrl alt delete, I see rundll32 and rnaapp which I understand to be the dial up connection.
My home page loaded, then a pop-up popped up right away.

Guess it didnt work?

Now what.

Well, you might be able to disable the pop-ups with spyware-blaster, another tool made to fight the spam. Search google for it, other then that what is your "home site" maybe the pop-up is scripted into the site let us surf there and see.,

I have spywareblaster.

My home page is www.msn.com

If you deleted the items in #17, that was probably a bad idea. Most of the items there are legitimate. That's probably why nothing showed up in MSCONFIG--STARTUP. I'd recommend restoring a previous registry. Shut down windows and choose the option to restart in msdos mode. Then at the c:\windows> prompt type:

scanreg/restore

and enter. Choose a registry to restore with a date that just precedes you deleting those registry items. That will restore the registry to what it was before you made the changes. When it's done, reboot.

As to the Norton problems, it's common for an uninstall to not work. There was a recent thread with a link to a site on how to fix that. I'll see if I can find it.

Got to add/remove programs in control panel and uninstall that popup blocker.

I'll also see what I can find out about the hijacker.

Ok, so what does this pop-up say, what happens when you click the X and how long before another one is open?

Would you say its about normal web surfing pop-up now, or is it machine chugging cant close one b4 another is open.

DAVE NO WHAT THE HELL !!!!!!!

dont restore your registry, most of the programs deemed legit were installed by you or your grandmother, and ill bet both eyes none of them are sever enough as to criple your machine, for all we know what you have is a virus thats catching a ride on one of those programs that are loading, most likely anything loading out of c:\windows\system and 200% for sure rundll32 I would suggest rolling back your registry. I would suggest all the programs you want to load at startup you open and select that option from within that application, god DAVE what if we have half her system cleaned up and she does this only to have the punk program smear itslef throuh-out her box again.

and thats wouldnt* sugest rolling back, thats a no no.

do suggest:

Hijackthis

spywareblaster

pestpatrol

spy-bot

ad-aware

and TD3

Im to lazy to post links copy & paste in google it'll find them

pr3d

If we were gonna delete all those entries it would have been better to export them one at a time as I suggested earlier.

That way we could have (later) examined them as text files and decide which were safe to restore. The problem with not doing so is that the baby will go out with the bath water, which could lead to difficulties. Often the entires have "switches" which are not easy to guess.

Derek.W

Are you nuts? You don't delete all the run items in the registry! The power profiles, task manager, scheduling agent, scan registry and system tray are all legitimate and put there by windows. No doubt most if not all of the other entries are OK too. Anything you need to disable can be done in MSCONFIG--STARTUP.

ChickofTed, if you follow pr3d's advice you're going to end up with a big mess.

I'll wait until you decide what to do.

ok, systemtray and taskmon and what not will reload on there own dont worry about those, and anything you uncheck from ms-config is going to reload once scanreg see's it in run, runonce, run- keep running, dont stop, run, faster!

Im calling my therapist.

ok,

open regedit for Derek and DAVE do this for me:

go back to HKLM and HKCU and only in the run folder right click > select new > String Value > name it SystemTray and type systray.exe as the value

make one for scanref too, they should look like this

[ab]SystemTray "systray.exe"
[ab]ScanRegistry "C:\windows\scanregw.exe /autorun"

ok but nothing more then that in your runs, not schedual agent not taskmon

We have we gone on a fast run here.

I was looking on the Spybot forum boards and did not find anything specific to help but I went into SpyBot's Include files and sure enough look2me is one of the files it checks for.

You are running SpyBot S&D V1.3 with the updates from July 9, 2004 correct?

I was not able to detect anything in your HJT log that stood out as a problem other than the following unknowns:
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll

Otherwise I can't imagine why SpyBot is not catching look2me for you.

Bryan

I have this feeling she has it but its not updated cause she wont wait for the damn download lol.

Ok, I have spybot 1.2 and I have all the latest updates......looking at includes too here......

ChickofTed

What did your therapist say?

I wonder how many third party proggies will no longer run, or if you have any idea what they are.

Have fun.

Derek.W

Everytime I check for updates, it says there are no new updates.trust me, if I thought being impatient would fix my problem, I would have lost it by now:P

Sure enough, Look2me is in there, but Spybot isnt finding it.

Hmmmmmmm....

If you delete a run item from the registry it's not going to 'reload on it's own'. Of course you can manually edit it back in but why delete it in the first place if it's supposed to be there? And once it's deleted how is someone, especially a novice, supposed to know what to add, where to add it and the exact syntax?

Spybot v1.2 no longer has updates since the current version is 1.3

.. but carry on (it's a slow night)

I'm just looking for clues at the scene of the crime

Report Offensive Follow Up For Removal

Hopefully thats what we have you here for:)

PR check your e-mail.

Get SpyBot S&D V 1.3 here.

You have to uninstall Version 1.2 first.
Use Add/Remove programs in the Control Panel.

Then install Version 1.3.
Once installed check for updates on the US site and then run it to check for problems.

(The way things are going you will probably have problems like I did with V1.3 with it causing an error on some of the includes files but I am an optimist.)

Bryan

Well, the new version of spybot didnt resolve a thing. Actually i rebooted this time and now there were ebay and amazon.com icons on my desktop that werent there before.

Anyone else here have any ideas?

Jboy posted this in a thread a couple months ago:

look2me removal

You may as well run hijackthis again and post back the log.

ogfile of HijackThis v1.97.7
Scan saved at 9:11:05 PM, on 7/26/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37935.3789699074
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

This is all the log I have, I dont even know how to get all these programs running again.

But I did get rid of the pop-up window:)

The cdlsp.dll looked odd. A google search turned up this:

cdlsp.dll

You may want to remove it and see if the amazon and ebay stuff is gone.

The '09' items look odd also but leave them for now.

I have a feeling that your just gona have to live with the pop ups

I just said the pop-ups are gone, now I have a bunch of programs that arent starting at boot that I dont know how to get going again.

Not to mention that I have to leave today and she has NO virus protection yet.

I need to get this back on here and this going and I have about 2 hours.

Youve had 58!! replies in 2 days,
id say this forum cares....
just back up the data thats important, format & reinstall the o/s...
i havent read all the replies, but you do have explore set to display ALL the files ?
hidden ones included?

If you have not run out of time and realizing that you are short on time otherwise...forget Norton for now and install a copy of the free AVG anti virus software.

Update it, run a scan and go home.

You can fix Norton the next time around.

Bryan

Is there a place I can download a Norton 2004 removal tool?

I got everything else in place and working right again:)

I know Michael...isnt that great that this forum is this supportive???
I wasnt expecting this much response,,,,,
Now back to my previous post....

Would this be of any help?

If you're still there, did you get cdlsp.dll removed? Did you get the startup run items reinstalled?

Seeing the words LSP in your log (and cdlsp.dll) I wonder if this might be relevant:

LSP FIX

Derek.W

You're right Derek. That link I posted eventually connected to an lsp fix download. I didn't notice that at the time.