I have not deleted any files except the ones you instructed me to. I tried to access internet explorer without addons but no success.
I have not deleted any files except the ones you instructed me to. I tried to access internet explorer without addons but no success.
Well, actually you did delete some entries I didn't ask to delete though...
From your first HijackThislog:
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchToolBHO - {A23BF7EF-4A12-4799-B9CD-72C36EE21983} - C:\Program Files\SearchTool\SearchTool.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
Your second HijackThislog:
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
You have been fixing entries in HijackThis that were legitimate.
So, open your HijackThis, select the option backups there and select to restore next entries:
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
then reboot your computer.
Also restore these please:
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
Because you have been fixing them as well.
After some research, the error you are getting is related with the MSN Toolbar Suite - and you have been fixing these entries in HijackThis.
Same problem here: http://forums.spybot.info/showthread.php?t=8034
the only item i found in the backup list was dsweballow. all the others you mentioned are not in the list. i will have a look at the wepage in the forum that you suggested
Anyway, what I also suggest is, from the computer you're on now - where you can get on the Internet with Internet Explorer, download Firefox: http://www.mozilla-europe.org/nl/products/firefox/
Then put the Firefox installer on USB stick or CD and transfer it to the other computer.
Install Firefox there. That's another browser - so with that one you should be able to surf.
then also post the logs I asked (Combofix log and a new HijackThislog), so I can see what else is now missing from your HijackThislog.
i have installed firefox and am now communicating with you from the pc that has problems.
this is the combofix logfile you had asked for:
ComboFix 07-08-30.3 - "lina" 2007-09-04 15:56:47.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.89 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\SearchTool
C:\Program Files\SearchTool\SearchTool.dll
C:\Program Files\WinUpdater
C:\Program Files\WinUpdater\Temp\license.txt
C:\Program Files\WinUpdater\update.exe
((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))
2007-09-04 01:02 <DIR> d-------- C:\Program Files\ACW
2007-09-03 22:23 <DIR> d-------- C:\WINDOWS\system32\backuped
2007-09-03 22:23 <DIR> d-------- C:\Program Files\True Sword 4
2007-09-03 22:23 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\True Sword
2007-09-02 23:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 22:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-02 09:58 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Uniblue
2007-08-30 17:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-30 17:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-30 14:27 <DIR> d-------- C:\Program Files\Safer Networking
2007-08-30 11:25 3,188 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-30 03:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-30 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-30 00:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-29 12:48 <DIR> d-------- C:\Program Files\HUMAX ZORRO TOOLBOX V2
2007-08-21 20:43 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-08-21 20:43 <DIR> d-------- C:\DOCUME~1\lina\APPLIC~1\Web Page Maker V2
2007-08-18 14:07 <DIR> d-------- C:\Program Files\Humax Digital
2007-08-18 13:56 <DIR> d-------- C:\Program Files\Change to 5400z_plus
2007-08-18 13:56 43,520 --a------ C:\WINDOWS\system32\HBuilder.exe
2007-08-18 13:56 2,764 --a------ C:\WINDOWS\system32\PQB.bat
2007-08-18 13:56 191 --a------ C:\WINDOWS\system32\pls.reg
2007-08-15 10:14 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-15 09:26 <DIR> d-------- C:\Program Files\Florikey V4.0 Beta
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-03 21:45 --------- d-------- C:\Program Files\Windows Desktop Search
2007-09-01 16:28 --------- d-------- C:\Program Files\The Cleaner
2007-09-01 01:33 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-30 04:20 --------- d-------- C:\Program Files\XoftSpySE
2007-08-18 13:57 --------- d-------- C:\Program Files\Florikey
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-09 19:19 --------- d-------- C:\Program Files\Easy Outlook Express Backup
2007-07-05 14:32 --------- d-------- C:\Program Files\Pat Sajak's Lucky Letters
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 11:46 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2001-11-23 12:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
((((((((((((((((((((((((((((( snapshot_2007-09-02_233553.96 )))))))))))))))))))))))))))))))))))))))))
----a-w 81,920 2003-06-06 09:21:56 C:\WINDOWS\eSellerateControl350.dll
----a-w 356,352 2005-10-11 12:40:52 C:\WINDOWS\eSellerateEngine.dll
-c--a-w 17,408 2003-03-31 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\PSAPIOLD.DLL
-c--a-w 23,040 2004-08-03 22:56:46 C:\WINDOWS\ServicePackFiles\i386\PSAPIOLD.DLL
----a-w 227,639 2007-09-04 13:59:24 C:\WINDOWS\system32\inetsrv\MetaBase.bin
----atw 16,384 2007-09-04 14:00:49 C:\WINDOWS\Temp\Perflib_Perfdata_188.dat
----atw 16,384 2007-09-04 07:26:09 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
----atw 16,384 2007-09-02 23:06:53 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat
----a-w 227,626 2007-09-02 21:17:02 C:\WINDOWS\system32\inetsrv\MetaBase.bin
-c--atw 16,384 2006-06-22 10:04:28 C:\WINDOWS\Temp\Perflib_Perfdata_188.dat
-c--atw 16,384 2006-05-18 14:35:39 C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
----atw 16,384 2007-07-04 10:32:14 C:\WINDOWS\Temp\Perflib_Perfdata_884.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"eTrust PestPatrol Active Protection"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2004-09-27 07:09]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
"Cmaudio"="cmicnfg.cpl" []
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 11:13]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-15 08:58]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 02:18 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
R3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys
R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
RApcss RpcSs
Contents of the 'Scheduled Tasks' folder
2007-09-04 13:38:00 C:\WINDOWS\Tasks\TC_update.job - C:\Program Files\The Cleaner\cleaner.exe
2007-05-08 21:10:13 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-09-04 07:26:33 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-09-01 08:46:45 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 16:01:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-04 16:03:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-04 16:03
C:\ComboFix2.txt ... 2007-09-04 15:32
C:\ComboFix3.txt ... 2007-09-04 15:08
--- E O F ---
This is the HJT file :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:19, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\VM303_STI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.elvira.int.tc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-73586283-746137067-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-73586283-746137067-682003330-1003 Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe (User '?')
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1147730576500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147730668375
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 7724 bytes
Well, the malware is gone here now.
Now it's a matter of restoring getting rid of that error in Internet Explorer after you have been fixing these legitimate entries.
What I suggest is, Uninstall Windows Desktop search. Read the instructions here how to do this: (Under the part Uninstalling Windows Desktop search)
http://www.microsoft.com/technet/pro...dtstshoot.mspx
In case you're having problems with uninstalling it, first try to reinstall it again on top of the corrupted one.
If that fails as well read this:
http://forums.microsoft.com/MSDN/Sho...60925&SiteID=1
But once again, and as I already asked you previously, please disable Teatimer, because it may interfere with deletions, uninstalls etc...
Last edited by miekiemoes; 2007-09-04 at 19:37.
First I uninstalled spybot until i fix this prob. then i managed to uninstall windows desktop search from control panel - add/remove programs.
the problem of homepage hijacked is solved, but i still have the other problems, except that the window about windows desktop search tray admin is gone.
what advice do you give me next, please?
What other problems do you mean here?but i still have the other problems
when i start up the computer the tray at the bottom of the monitor does not work as it used to, example: web windows disappear when i minimize,etc, system restore does not function. if i try to use it, a window comes up saying that system restore is not able to protect my computer. Also when i open a folder i cannot move files from it. there are many other problems.