Pls Help!

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 4"
J2SE Runtime Environment 5.0 Update 6"
J2SE Runtime Environment 5.0 Update 8"
J2SE Runtime Environment 5.0 Update 9

Re-boot and install:\Java Runtime 6


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

After clicking Fix, exit HJT.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the All Files button.*(or on the folders option)*
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\WINDOWS\system32\qzviz.dll

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the box to unregister .dll's. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now attach new logs for:

* GetRunKey
* ShowNew
* HJT

 

Please use windows explorer (or run Pocket Kill Box) to delete this folder:
C:\Program Files\Video ActiveX Object
(You can also just find it by opening the program files in my computer.)

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exeO8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

After clicking Fix, exit HJT

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

[qoute]
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
"ShowSuperHidden"=dword:00000001
"HideFileExt"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
"user32.dll"=

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\sharedtaskscheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"=-
[/qoute]

Now attach new logs for:

* GetRunKey
* ShowNew
* HJT

 

You need to explain to me what you are doing.
You did not rename HJT - Scan saved at 9:58:56 p.m., on 9/04/2007
C:\Program Files\HijackThis\HijackThis.exe

Nothin that I had you "fix" was infact fixed ....all the HJT entries and the registry patches are not done.

Are you just attaching the old logs?

 

The last logs you attached all had the same items that we have addressed....

Please run and attach new logs (HJT/GetRun/ShowNew) as well as the log from counterspy that you ran and had it fix / delete the things it found.

 

We are making some progress. The HJT items are indeed gone, however the registry patch is not taking.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Were you unable to find and delete:
C:\\Program Files\\Video ActiveX Object

If so, run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the All Files button.*(or on the folders option)*
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Video ActiveX Object

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the box to unregister .dll's. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now attach new logs for:
GetRun
ShowNew

 

We are still not getting the registry patch to work. And there is nothing in the Pocket Kill Box backup files. Are you having trouble with either of these?
Let's try it again.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the All Files button.*(or on the folders option)*
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Video ActiveX Object\isamntr.exe
C:\WINDOWS\ua2.dll

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the box to unregister .dll's. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now attach new logs for:
GetRun
ShowNew

 

You need to tell me what is happening.

PocketKill Box deleted the ua2.dll ...but does this folder still exist on your computer:
C:\Program Files\Video ActiveX Object?

Let me know how things are running.

 

Your link is not working. You didn't tell me how things are working....perhaps you should rescan and attach new GetRun and ShowNew logs.

 

This item in your search needs to go bye bye!! ZlobVidoeAccessActiveX ---> delete this!

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Attach a new RunKeys log.

 

The registry patch is not working........are you having difficulties with it?

Did you delete the video active x folder (s)?

Tell me what is happening.

 

Please read all of the below before doing anything!

Tim keeps asking you if you are having problems with the registry patch. You need to tell us what happens when your double click on the fixME.reg patch. You should first receive a prompt asking if you want to add it to the registry and you must click Yes! Then you need to tell us if you are receiving any error messages! If not, are you getting a message that says the it was successfully added to the registry? I'm going to give you a new fixME.reg patch to use. But before using it, I'm going to have you do a few other steps.

First download the current version of GetRunKey from the link in the READ ME. You are now 5 versions out of date! Use it from now on.

Uninstall the below software:
AVG AntiSpyware <-- We are finished with this trial now, and you have Windows Defender running!
Mozilla Firefox (1.0.7) <-- Way out of date!!!
Sunbelt CounterSpy <-- We are finished with this trial now, and you have Windows Defender running!
Windows Safety Alert <-- should have been uninstalled in step 0 of the READ ME

Then install the current version of FireFox from: Mozilla Firefox

Then delete the below two folders which may be left behind by the uninstall of CounterSpy:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Also delete the below folder and file
C:\Documents and Settings\Danielle de Thierry\Desktop\vrlxf91a
C:\Documents and Settings\Danielle de Thierry\Desktop\vrlxf91a.zip


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to add to the registry.

Make sure you tell us if you receive a success message when you double click to add it to the registry.

Now attach a new log from GetRunKey!

 

That looks better! How is everything working now?