Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spysheriff


  • Please log in to reply
50 replies to this topic

#1 skeney

skeney

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 13 July 2005 - 06:50 PM

Hi guys

I had a post logged to remove Spysheriff and was told to use Spybot & Ad-aware first before using Hijack This. I used Ad-aware & Spybot & now can't get my computer to work at all. I was using Ad-aware & it told me to restart my PC so I did & when I restarted nothing would work.

I can turn the PC on but once I have logged in I get a blue screen saying Fatal Error & then I get a pop-up saying that an IE file is missing & to run whatever Spy program I have ... but I can't because it won't let me see my desktop ... all I can do then is log off when I hit ctrl alt del.

The error msg does mention something about Trojan Horse (but I left the error msg at home so can't tell you exactly what it says).

Does anyone know if this sort of thing happens when you use Ad-aware or what I can do to get the PC working again ...

Thanks very much

Edited by skeney, 13 July 2005 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 15 July 2005 - 03:27 PM

Welcome skeney to Bleeping Computer.

We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On your infected computer, boot again in safe mode and open your task manager again.
Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.

In your Task Manager, click 'applications' (first tab).
Click the New Task button.
Cick browse.

Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)
Search for that smitrem folder.
Right click on the smitrem folder and choose: Copy

Now browse again via Task Manager to My Documents or Program Files.
Right click somewhere in there, right click and choose: Paste
Now open the smitrem folder you just copied and pasted and click the file: RunThis.bat
Then click open.
In the window where it says 'Create new task', click OK.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.
Reboot to normal mode and post a hijackthis log in your next reply.


Posted Image
Life is what happens while you're making other plans

#3 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 15 July 2005 - 09:50 PM

Thankyou, I have copied the file onto floppy disk and when I turn on the infected computer I cannot find how to use safe mode. Can you please advise what keys I should be using. thankyou in advance.
:thumbsup:

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 15 July 2005 - 09:54 PM

reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Posted Image
Life is what happens while you're making other plans

#5 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 16 July 2005 - 09:38 PM

Thanks - I got into Safe Mode & did what you said.

When I rebooted it did get rid of the error message on my desktop saying "Security Warning - A fatal error in IE has occured - trojan spy.html smitfraud.c ... "

But, I still get the error message when I try & log in which says "explorer32dbg exe-unable to locate component. This application has failed to start because wininet.dll was not found. re-installing the application may fix this problem." This is the problem that seemed to arise when I ran Ad-aware.

So now when I start the PC, I can enter my password to log in but after that, the blank blue screen appears & nothing seems to happen.

Thanks for your patience, we seem to be getting their slowly . :thumbsup:

#6 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 17 July 2005 - 06:15 AM

Looks like you have two major infections packed in one computer :thumbsup:

You may need the non-infected computer to prepare the reg file.

Let's take on the other one now.

Copy the part below into notepad and save it as unhko.reg

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{60371670-81B9-4d06-9C42-4DEC1AABE62B}]

[-HKEY_CLASSES_ROOT\TypeLib\{4947DDCC-D549-4D0B-9685-AA58B20E9642}]

[-HKEY_CLASSES_ROOT\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ATLASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SEHLPstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP.1]

Doubleclick the file and confirm you want to merge it with the registry.

***

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE
C:\Windows\explorer32dbg.exe
C:\Windows\iexplore_dbg.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

***

After the reboot, check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll

O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE

Reboot once more. See if you can post me a HijackThis log this time to check what is left.


Posted Image
Life is what happens while you're making other plans

#7 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 19 July 2005 - 03:20 PM

Sorry for all the silly questions ...
Do I need to do all of this on the non-infected PC ?
It sounds as though I should be using the Killbox. & HijackThis on the infected PC but am not sure as I still can't log in properly.
Thanks.

#8 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 19 July 2005 - 03:58 PM

Questions are never silly. It would be silly not to ask and then do the wrong thing :thumbsup:

You use the non-infected computer to make the file.
Then you transfer it to the infected one and run it there.

Then do the killbox and the HijackThis part on the infected one too.

Because your explorer wont load, you'll need to perform everything via taskmanager (ctrl-alt-del) > applications > new task > browse.


Posted Image
Life is what happens while you're making other plans

#9 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 23 July 2005 - 04:53 PM

Alrighty ... I did everything that you said ... Almost. BTW, I am still getting that error message that says "explorer32dbg exe-unable to locate component. This application has failed to start because wininet.dll was not found. re-installing the application may fix this problem." Should I have got rid of that by now ?

I created the reg file & transferred it to my PC. I downloaded Killbox & ran it but when I had to enter the following, it wouldn't let me paste it all at once, so I pasted one line at a time into the yellow box, and put a comma in between each line, was that correct? It wouldn't let me do anything else but that.

C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE
C:\Windows\explorer32dbg.exe
C:\Windows\iexplore_dbg.exe

I also didn't get the pending options prompt.

I then downloaded HijackThis & ran it, but it also wouldn't let me just check the following (or I didn't know how to just check the following) :

O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll

O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE

So, I followed the instructions from the HijackThis log that tells you how to use it. Anyway, I did get a HijackThis log which I can now happily show you.

This must be so frustrating for you - I know it's frustrating for me when I can't follow instructions. I guess that's why I'm here though ... to get an expert to help a dummy ... :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:59 p.m., on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpa.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F3 - REG:win.ini: run=C:\WINNT\system32\svhost.exe
O2 - BHO: (no name) - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - (no file)
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINNT\winadvt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System backup] C:\WINNT\system32\web.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [FastStart] C:\WINNT\system32\svcnut32.exe home
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\RunOnce: [mptsgsvc.exe] mptsgsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SMSSU] C:\WINNT\system32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINNT\system32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [System backup] C:\WINNT\system32\web.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Win32res] C:\WINNT\win32res.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RICOH Gate.lnk = C:\Program Files\Caplio RR10\rgate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F74BB8AB-8F12-465A-B977-ECC02A4318B0}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by skeney, 23 July 2005 - 04:56 PM.


#10 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 23 July 2005 - 05:29 PM

We will get there, one step at the time.
You are not frustrating me. You have never done anything like this. Hang in there and we will clean this computer together.

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Download FixO by Miekiemoes and unzip it.
Make sure all the files remain in the unzipped folder.
Click FixO.bat and run it.
When it's finished, press a button and notepad will open with some txt in it.
Save it to your desktop for now. In the end copy and paste the content of it in your next reply.

***

Download SmitRem
your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each.

C:\WINNT\system32\dskrfuoui.dll
C:\WINNT\system32\svhost.exe
C:\WINNT\system32\svcnut32.exe
C:\WINNT\system32\SMSSU.EXE
C:\WINNT\system32\Tmntsrv32.EXE
C:\WINNT\system32\web.exe
C:\WINNT\win32res.exe
C:\Windows\explorer32dbg.exe
C:\Windows\iexplore_dbg.exe
C:\WINDOWS\System32\mptsgsvc.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

Open HijackThis. Press scan. You will see the log on your screen. There is a box in front of each of these lines.
Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpa.dll/blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dskrfuoui.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home

F3 - REG:win.ini: run=C:\WINNT\system32\svhost.exe

O2 - BHO: (no name) - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - (no file)

O4 - HKLM\..\Run: [System backup] C:\WINNT\system32\web.exe

O4 - HKLM\..\Run: [FastStart] C:\WINNT\system32\svcnut32.exe home

O4 - HKLM\..\RunOnce: [mptsgsvc.exe] mptsgsvc.exe

O4 - HKCU\..\Run: [SMSSU] C:\WINNT\system32\SMSSU.EXE

O4 - HKCU\..\Run: [Tmntsrv32] C:\WINNT\system32\Tmntsrv32.EXE

O4 - HKCU\..\Run: [System backup] C:\WINNT\system32\web.exe

O4 - HKCU\..\Run: [Win32res] C:\WINNT\win32res.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{F74BB8AB-8F12-465A-B977-ECC02A4318B0}: NameServer = 69.50.176.156,195.225.176.31

Close all programs leaving only HijackThis running.
Click on 'Fix Checked' when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!

Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log, the log made bij FixO and the Ewido Log by using Add Reply.

Edited by g2i2r4, 23 July 2005 - 05:32 PM.



Posted Image
Life is what happens while you're making other plans

#11 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 27 July 2005 - 01:14 AM

OK ... up to the stage of placing a shortcut of Panda ActiveScan on my desktop. I just right clicked on it (on the website) & clicked add shortcut to desktop, and then saved the shortcut to my floppy & then transferred it to my PC, is that correct ?

Also, when I installed & launched Ewido, I opened it & never got a prompt to update, and when I hit update on the side, it did nothing ... I tried a few times but nothing ever happened, any suggestions ?

Everything else is going fine so far.

#12 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 27 July 2005 - 02:21 AM

Did you try updating Ewido from within Ewido?
On the left hand side of the main screen click update
Click on Start.[I]


Posted Image
Life is what happens while you're making other plans

#13 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 29 July 2005 - 09:58 PM

OK - well, not looking so good. I ended up being able to update Ewido so that was fine.

FixO was fine, log is pasted below.

Ad-Aware refused to work, it wouldn't even start, still getting the same error msg as I was before about wininet.dll not being installed & needing to re-install it to fix the problem.

Killbox was fine.

Hijack this was OK but all of the files that you listed didn't appear on my screen so I could only check about half of them.

SmitRem was fine, log is pasted below.

Ewido was fine, log is pasted below.

Couldn't find how to open control panel when I am in safe mode, searched for a long time but still couldn't find it.

Still cannot get back into windows ... after logging in it still sits on the blue screen & nothing loads. Also, still get the error message saying wininet.dll was not found.

Think it's time to give up on this PC ? I can't seem to be able to do anything to fix it ...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:29:12 p.m., 29/07/2005
+ Report-Checksum: F2F95205

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5} -> Spyware.FreshBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-299502267-1060284298-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5} -> Spyware.FreshBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
C:\Documents and Settings\Administrator\c.exe -> Spyware.Spywad : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20050729-194833-623.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Documents and Settings\Administrator\down.exe -> Spyware.iSearch : Cleaned with backup
C:\Documents and Settings\Administrator\efefe.exe -> Spyware.iSearch : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G9CHIB0D\up9[1].txt -> TrojanDownloader.Small.atc : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GP6RW5EZ\rdgNZ1996[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WLG3O3O7\tb[1].txt -> Spyware.ToolBand : Cleaned with backup
C:\Documents and Settings\Administrator\sefe.exe -> Not-A-Virus.Hoax.Renos.c : Cleaned with backup
C:\Documents and Settings\Administrator\tool.exe -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\dload.exe -> Trojan.LowZones.bn : Cleaned with backup
C:\WINNT\java\javasys.exe -> TrojanDownloader.Small.ajk : Cleaned with backup
C:\WINNT\Q2146847.exe -> Dialer.Generic : Cleaned with backup
C:\WINNT\system32\ADFEIDMJ.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\diantzpt.exe -> Trojan.SpoofDNS.b : Cleaned with backup
C:\WINNT\system32\dmsadmins.exe -> Spyware.Msnagent : Cleaned with backup
C:\WINNT\system32\drivers\wlan1934.sys -> Trojan.Ants : Cleaned with backup
C:\WINNT\system32\dumpsprep.exe -> TrojanDropper.Small.xl : Cleaned with backup
C:\WINNT\system32\dwgdu.exe -> TrojanDownloader.Small.arr : Cleaned with backup
C:\WINNT\system32\dxiesft.dll -> Spyware.DXiesft : Cleaned with backup
C:\WINNT\system32\ERCNNGCM.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\GQCEIEBO.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\hdcpt.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdcze.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdeaq.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdemi.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdjpu.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdlzb.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdmzv.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdnjr.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdrjc.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdtto.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hducw.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\hdzkg.dll -> Not-A-Virus.HackTool.Hidd.k : Cleaned with backup
C:\WINNT\system32\HOBLKBOR.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\IDJBFITG.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\ie2cltr.dll -> Spyware.SBSoft : Cleaned with backup
C:\WINNT\system32\ipdnssec6.exe -> Trojan.DNSChanger.k : Cleaned with backup
C:\WINNT\system32\JCFIGRFH.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\JKHLQTPD.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\KRNRCDRM.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\LMNEMPMS.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\mptsgsvc.exe -> TrojanDownloader.Agent.10 : Cleaned with backup
C:\WINNT\system32\mqspbkup.exe -> TrojanDropper.Agent.jd : Cleaned with backup
C:\WINNT\system32\msmjh.dll -> TrojanDownloader.Murlo.c : Cleaned with backup
C:\WINNT\system32\MSO\sysnew.exe -> TrojanDownloader.Zdesnado.af : Cleaned with backup
C:\WINNT\system32\NMMLELBI.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\nsa102.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsb6.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsbC.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsc7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsc7C.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nse7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nseAA.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsfE0.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsg88.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsh7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsh8E.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsh94.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsi13E.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsi22.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsi6.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsi7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsiB.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsiC4.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsj9.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsk7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsk8C.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nskFA.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nslA4.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsm15.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsm1B.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsn7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsoDD.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsp95.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsq7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsq9B.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsrCE.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nst125.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nst73.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nstC.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsu5.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsv8.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsv9.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsvA.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsvF2.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsvF7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsvFC.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsw110.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nswC4.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsx6E.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsx7.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsx8.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nsz8.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\nszC9.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\OQDDIGQE.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\P2P Networking\MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\WINNT\system32\P2P Networking\P2P Networking.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\WINNT\system32\PIKSTIJC.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\QTHMJERS.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\qwinnta.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\sesmgr.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\spojw.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system32\TEBEFHFF.exe -> TrojanDownloader.Agent.bh : Cleaned with backup
C:\WINNT\system32\wmsfake.exe -> TrojanDropper.Small.mg : Cleaned with backup
C:\WINNT\win32res.exe -> Trojan.Agent.fl : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup


::Report End






running from ---
A:\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

같같같같같같같같같같같같같같같같같같같같같같같같같같
existing bad files:
-----------------------------------------------------
SMSSU.EXE present
Tmntsrv32.EXE present
explorer32dbg.exe present
iexplore_dbg.exe present
xmllib.dll present
XMLLIBUI.exe present
winadvt.dll present
xmllibw.dll present


existing important bad keys:
-----------------------------------------------------


Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------






smitRem log file
version 2.2

by noahdfear

The current date is: Fri 29/07/2005
The current time is: 19:49:21.48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

winstall.exe


~~~ Wininet.dll ~~~

CLEAN!





Logfile of HijackThis v1.99.1
Scan saved at 2:49:11 p.m., on 30/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RICOH Gate.lnk = C:\Program Files\Caplio RR10\rgate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#14 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:05 AM

Posted 30 July 2005 - 03:12 AM

If you want to give up, that's your choise.

We helpers (almost) never give up on a computer.

Please run a scan:
Panda ActiveScan

Save the log and post it here please.

***
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from notepad into your post

Edited by g2i2r4, 30 July 2005 - 03:13 AM.



Posted Image
Life is what happens while you're making other plans

#15 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:04:05 PM

Posted 30 July 2005 - 07:41 PM

Thanks ... don't wanna give up, just don't wanna waste your time.

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
AOL Instant Messenger
AOL Toolbar 2.0
Caplio RR10 Software
CC_ccStart
ccCommon
EPSON Printer Software
ES C41 Problem Solver
ewido security suite
HijackThis 1.99.1
LiveReg (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
MSRedist
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton WMI Update
P2P Networking
Pop-Up Stopper
QuickTime
Spy Sweeper
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Viewpoint Media Player
Windows XP Service Pack 2
Yahoo! Messenger
Yahoo! Toolbar

I saved the shortcut to Panda Activescan on A: & took it home ... & the shortcut won't work. It comes up with an error msg saying something along the lines of ...

Error loading C:/WINNT/System32/mshtml.dll

The specified module could not be found.

How do I do the scan at home ? I also downloaded the scan here & it won't let me save it on a floppy to take it home ... :thumbsup:

Edited by skeney, 30 July 2005 - 08:46 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users