Jump to content


Photo

Can't enter information on any web pages


  • This topic is locked This topic is locked
8 replies to this topic

#1 Magnumto

Magnumto

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 16 September 2005 - 08:06 PM

My home computer is infected with abetterinternet. I initially tried to remove it using their "uninstaller" and, after what seemed like progress, I got the "type the security code above" message to complete the uninstall. From that point forward we have been unable to enter any information at all on any web site - not so much as a username, so obviously we can't sign up with spywareinfo on that computer, nor post, nor submit logs, etc. I'm not certain that abetterinternet is responsible for this problem, but the two certainly seem connected.

We have tried to remove it with Ad Aware, Microsoft Beta, and SpyBot without success. Unfortunately, given the limitations, HJT logs will have to be forwarded via email to the computer I'm writing this post with, and then posted.

OS: Windows XP Home
Anti-virus: PC-Cillin
Firewall: Zone Alarm

HJT Log performed with everything off (anti-virus, anti-spyware, etc.).

Logfile of HijackThis v1.99.1
Scan saved at 9:44:13 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\efecxck.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jackson\My Documents\My Downloads\HiJackThis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *r4.attbi.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cxhvnt] C:\WINDOWS\system32\efecxck.exe r
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {5B344006-A955-4C63-8A09-30781BD50EFA} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6FCEE594-74DD-489C-8A20-1070915B3040} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {A71BF603-225D-49A0-A985-63AA4E81CB47} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126014245703
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe




Any help would be greatly appreciated.

Thanks.

Edited by Magnumto, 19 September 2005 - 01:13 AM.


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 20 September 2005 - 06:10 AM

Hello Magnumto

This is the only way that we know HOW TO remove this Nail infection.

I hope you can download from the infected computer. If not let me know.

PLEASE READ AND FOLLOW THEM CAREFULLY; YOU MAY WANT TO PRINT OR SAVE THESE INSTRUCTIONS LOCALLY BEFORE STARTING.

Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but DO NOT run it yet.

Please download this revised installer for the Nailfix utility. DO NOT run it yet.

Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
  • Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
  • Select an option when the Windows Advanced Options menu appears, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next, run Ewido again.
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following item:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [cxhvnt] C:\WINDOWS\system32\efecxck.exe r


Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always end in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).

Now, run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Wait for further instructions on the remaining issues.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Magnumto

Magnumto

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 September 2005 - 12:00 PM

Thanks so much for your help on this, nasdaq. I have followed your instructions with the following notes:
1) I was unable to locate a file named anything similar to "O4 - HKLM\..\Run: [cxhvnt] C:\WINDOWS\system32\efecxck.exe r[/b]"
2) I understood your instructions regarding deleting the file "c:\windows\system32\random.exe" but, as noted above, was unable to locate such a file.

I have pasted the two files you requested below. Thanks again SO MUCH for your help.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:40 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Jackson\My Documents\My Downloads\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *r4.attbi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {5B344006-A955-4C63-8A09-30781BD50EFA} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6FCEE594-74DD-489C-8A20-1070915B3040} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {A71BF603-225D-49A0-A985-63AA4E81CB47} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126014245703
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:37:22 PM, 9/20/2005
+ Report-Checksum: 650DB43E

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
[804] C:\WINDOWS\system32\whwcwb.exe -> Trojan.Agent.cp : Cleaned with backup
[1180] VM_00DB0000 -> Adware.BetterInternet : Error during cleaning
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP557\A0100525.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP557\A0100531.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP557\A0100695.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP567\A0108560.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP567\A0108637.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP596\A0109239.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP597\A0109362.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP597\A0109404.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP597\A0109427.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP618\A0113766.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP619\A0113881.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP619\A0113900.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP619\A0113902.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP619\A0114975.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP620\A0117086.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP621\A0117302.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP621\A0117303.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP621\A0117321.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP622\A0117719.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP622\A0117721.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP622\A0117722.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP622\A0117723.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP622\A0117843.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0119914.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0120191.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0120224.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122793.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122814.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122865.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122873.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122883.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122895.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0122912.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP623\A0123216.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP628\A0123312.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP628\A0123329.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP628\A0123349.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP628\A0123357.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP550\A0084045.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{48759DCE-362D-46B1-9314-C8A5CC0ABF62}\RP550\A0084048.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\whwcwb.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\groenziqj.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Jackson\Cookies\jackson@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D3C42F58-71EC-41E3-8108-30F23F\3FE9CE74-12FE-41C7-AF30-E4B358 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6741630A-0A0A-48AC-958E-DB0194\582942AD-A522-4A92-9F00-F0589D -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A41718EA-EB06-49A0-A142-B23E36\C612080F-A289-4483-A592-5390D1 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9F1F4654-2689-437D-994E-DBF0AF\3AE1CF8A-07B7-41BF-A11F-9B6B1C -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A8774594-E52C-4697-8D12-431940\BEDBED25-A734-49AD-8AA1-562EB0 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\80D91A60-5732-4BEE-BD76-1D4EA8 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\67069A2F-2612-43CA-97D0-365DF3 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\5D8A9043-EFF1-4431-A947-5F1DCC -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\B2E0B3E0-8861-40BE-AFB2-E40459 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\03C7492F-AE21-457F-8736-1F2FBD -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\4D4ADC5D-F679-45A6-81FF-F2D196 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\98F21418-6E92-4795-AC62-942FE1 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\3827DAEC-56D8-41F3-9394-981F12 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\7E4B32E8-4EC6-45DC-A5D5-6F0C86 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\C5F454AD-5F1F-4A1C-9B24-980449 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\F5EA665C-8265-4F86-A7F9-72F395 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\C7F43C18-35E3-4BF0-992B-F9321D -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\0F2EFCCB-F9BA-4D43-85BE-03A8C9 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\ED93299C-5D39-4D15-8643-7DE790 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\19F2AA92-2F49-4589-A3B5-78F9AC -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\DF43061B-DB27-4DC0-BE4D-83B1D6 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\33EE9455-DAF6-42EE-A18E-C858B1 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\E1C7601B-5EFC-465D-A07D-4DF1AA -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\BA5CFF38-7C3F-4126-8EA1-F9B01E -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\09CAA1DE-8B38-45D4-9E43-34FF54 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\15CA4AF8-D990-4A8C-AB9B-B47EA7 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\68287869-1D6D-4390-860A-2EEEC4\8FB9C8FB-37DB-4AAB-A94E-5CC6F8 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6F26183F-21F5-4776-92D4-893EC6\60D5C307-34B9-4D92-A118-3EDAAA -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\843BC191-DF01-4DAD-B480-6BF1DB\4EC1C6AE-1F17-4045-9C87-7275A6 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5CCF9A40-77E4-48C4-B20E-248035\E4EA3726-65E0-470C-855F-7AE183 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6D12BD6B-B1B5-4DA6-AA0A-9ED1CB\00269F5D-2C33-4527-B6B2-A3F238 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\AD6D2214-3FC7-489C-8508-B1971A -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\AE6ED793-7391-4704-B8D6-BF0EAE -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\9D2E2D67-0B56-4F21-BD78-560756 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\E67938F2-417A-44AD-BB06-907890 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\CB636B8F-75A8-427A-9A6B-11D6BC -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\A225510C-AD0C-44BC-A128-714D7B -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\08F68428-B3BB-45C5-8F14-FB80CC -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\D565227A-7B92-4660-9D2D-46F9FB -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\4912EE34-9B55-4C31-B561-B4DA04 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\5CB3F2C5-9031-4FA6-BFEF-898F2F -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\04D6C177-CF08-4803-8646-E97C57 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\98364085-7982-448C-A094-689167 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\95B85771-1C50-4B37-A48D-C1788C -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\EF9ECBA4-DF50-4DCC-BA48-3F075C -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\570B8202-3C2C-40B3-9450-0C34AB -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\EC756EA3-073B-45C2-A793-526E38 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\9C2FCB9C-EA04-4DE8-B92B-BAB6E8 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\AC97EAEC-D1ED-4AC8-9765-A31111 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\415BE9B8-5E12-4F5F-996C-207A73 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\A4A02C47-D680-46E2-A72C-8D0D91 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\A2C7825C-8D4B-4ED1-B093-9F20D1 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\A0E01C7C-F1AE-4481-A75A-167506 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4944CA0-220D-4A23-973F-528375\87019D23-FCAF-4FFB-9703-73D9D4 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\29B6C229-722E-4245-BFB5-D04B13\43A5797F-E884-4E11-A0C8-45B84C -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1B122EE-2F2D-460D-8D2C-366ADC\170FF896-655C-425D-A4F0-5FCE47 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\28384134-3F87-462C-A4C8-AAE53C -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\00EA2063-75B0-4319-995E-51F542 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\8EB253D4-3A68-454D-96A8-956485 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\7B1C9219-B525-4927-B3D5-49EC2F -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\77B99B5B-5FCB-4203-864F-31EDE6 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\095FDCEC-62BA-436C-9352-CB7827 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\CED68097-1EA6-4825-85B9-739D6C -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\6DE80503-6030-4F2B-BD94-570E2D -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\8286227D-5A01-4135-A8D1-63170B -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\37C09AD3-D2F5-4FA8-9458-61A432 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF2E5962-182F-4273-8509-D32F43\C2F9BBC0-1E1F-41E4-8C19-296DF3 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\1CE55DF7-5890-4D6F-A826-978DBC -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\2548A7DE-C47D-4CAD-97EF-7709B7 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\FEB7CF99-1B73-4BFA-A0B8-01FAAB -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\C721D97C-C7C9-441E-B452-DF31E5 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\C0EF3376-F7AF-4ED3-B0BA-10742A -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\309F23D9-C4F7-4F0B-BFE3-FA8149 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\74CBE85B-500A-4E5A-AD27-9CDD70 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\938A4DDF-5CBE-4605-A00B-0681F1 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\A72B2D00-EBB4-4076-A2F1-6E6436 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\320E980B-ABA6-4AC7-BA01-8BB74D -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\5F56471E-BA79-421A-8444-DFE900 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\E9A83F54-2BE1-4636-A2E0-A8061E -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\FC0AFAD6-C580-48B2-9AA8-0A09EA -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\CBF640F9-03A3-46FF-995D-716CD0 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\9EF27DD9-3122-4929-8E04-DBDA6F -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\B39F0202-C415-4567-8913-523BB5 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\ED8769D3-7A37-4811-A639-18FDB7 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\48302022-04F5-49D3-8028-2904D4 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\644FA587-E42E-4D70-B006-4167C0 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BF68D35-96E1-4263-AD9F-4DAA27\788B7E5A-81BF-4B7A-95C9-9F4FC6 -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F8A76C1-8046-447C-B609-9CD913\5B9B7A8B-37B2-4612-B5B7-8B38C3 -> Trojan.Agent.ay : Cleaned with backup


::Report End

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 21 September 2005 - 08:33 AM

Magnumto

Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always end in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).


You did not find efecxck.exe be cause it had morphed into an other name.
The random.exe was to indicate that it was a random .exe file.

Ewido has cleaned it all. You need only to fix these items.

Close all Windows and Browsers, run HijackThis and fix.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
<-- If these O6 items were set by a LAN Adminitrator do not fix them, ask him/her first. Fixing these 06 items will reset your Control Panel Menu options which were probably disabled when you installed Spybot and Destroy.

Reboot to reset the regitry.

Here are some immediate suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following :
  • SpywareBlaster - It will prevent most spyware from ever being installed.
  • SpywareGuard - It offers realtime protection from spyware installation attempts.
  • IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
I also recommend reading these articles.
How did I get infected in the first place?
http://forums.net-in...?showtopic=3051
If the above site is not available. Try:
http://forums.subrat...p?showtopic=519
Essential tips for infection prevention
http://www.spywarein...showtopic=24339
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Magnumto

Magnumto

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 September 2005 - 10:12 AM

Thanks for your help. I ran Ewido again and nothing bad was identified. However, I am still unable to enter any information on web pages. Any other suggestions? Here's my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:51:17 AM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jackson\My Documents\My Downloads\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *r4.attbi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK.disabled
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {5B344006-A955-4C63-8A09-30781BD50EFA} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6FCEE594-74DD-489C-8A20-1070915B3040} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {A71BF603-225D-49A0-A985-63AA4E81CB47} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126014245703
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 23 September 2005 - 07:29 AM

Magnumto

Unter the Menu: Tools/Internet Options/Advanced tab.

Chech if your Java applet is enable.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Magnumto

Magnumto

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 24 September 2005 - 06:10 AM

My java applet is enabled, and I restored system defaults. Still no luck. Any other ideas?

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 24 September 2005 - 08:09 AM

Download this .reg file to a temporary place, like Desktop.
http://www.spywarein...tools/IEFIX.reg
Close all other windows and browsers
Double-click on it and answer Yes.
This will restore all the default Search settings for I. E.

If still no joy, then:

Start, Run, type in cmd, press enter

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll


Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,281 posts

Posted 07 October 2005 - 12:51 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button