Even After Removing Spyware - IE6 Wont Work

[Zentraleinheit]

Fixed one problem - Another replaced it

At first whenever my friend connects to the Internet using JUNO/ IE6/
WINDOWS 2000.
It "dinged" repeatedly, and the address keeps rapidlychanging in the lower
left corner. Before finally stopping at a page displaying the following:

We're Sorry There was an error processing your request. Please try again in
a few moments.

But you couldn't!

After running Spybot, CWShredder, LSP-Fix, and Hijackthis I got it to the
point where it will connect to a website, FOR 1 SECOND before displaying
IE's "This page cannot be displayed" page.

Yet, If I use IE6's "search" button I do get steady stronmg connection to
Google.

What am I doing wrong?

Have I maybe clean out too much?

I have asked around, but, nobody would even reply.

Can someone please help?

P.S. If it would help - here is the logfile generated by the CWShredder

**** Run Keys ****

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [IgfxTray] C:\WINNT\system32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
RUN: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
RUN: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
RUN: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
RUN: [Microsoft Works Update Detection] C:\Program Files\Microsoft
Works\WkDetect.exe
RUN: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
RUN: [PCTVOICE] pctspk.exe
RUN: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE
4.0\SetHook.exe
RUN: [uupggkbpt] C:\WINNT\system32\ynyiuryh.exe
RUN: []
RUN: [EPSON Stylus C84 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84
Series" /O5 "LPT1:" /M "Stylus C84"
RUN: [msident] C:\WINNT\system32\msident.exe
RUN: [winpack] C:\WINNT\system32\winpack.exe


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Documents and Settings\Suzette\Local
Settings\Temp\pft4~tmp\Reader\ActiveX\AcroIEHelper.ocx


**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINNT\System32\msjava.dll
IEExt: [@shdoclc.dll,-866] C:\WINNT\System32\msjava.dll


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Local Page: C:\WINNT\System32\blank.htm


**** IE Context Menu (Right click) ****

IEContext: [E&xport to Microsoft Excel]
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{93557FB8-E5AD-4EA6-A9EB-A382E6689972}] SEQPACKET 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{93557FB8-E5AD-4EA6-A9EB-A382E6689972}] DATAGRAM 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BED3B024-2C60-4960-9812-B18DC3C94281}] SEQPACKET 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BED3B024-2C60-4960-9812-B18DC3C94281}] DATAGRAM 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{907426B2-347A-45F9-8B5A-1D30394CA900}] SEQPACKET 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{907426B2-347A-45F9-8B5A-1D30394CA900}] DATAGRAM 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{771A17E7-D706-4196-BC19-392275CD8ED7}] SEQPACKET 3
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{771A17E7-D706-4196-BC19-392275CD8ED7}] DATAGRAM 3
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D42551AD-24AF-4E89-919E-D074730CDCAD}] SEQPACKET 4
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D42551AD-24AF-4E89-919E-D074730CDCAD}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
[http://www.apple.com/qtactivex/qtplugin.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F}
[http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.51348
37963] C:\WINNT\System32\iuengine.dll C:\WINNT\System32\iuctl.dll
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
[http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://www.google.com
SEARCH: [CustomizeSearch] http://www.google.com
SEARCH: [] www.google.com

 

[Jan Il]

Hi Zentraleinheit

You might also try the following and see if it helps:

First.. you may yet have some adware on the system,thus, download, install,
immediately update AdAware and run it as well. SpyBot does not detect
adware.

AdAware SE
http://snipurl.com/brqf

You should also download and run this applicaiton to make sure your
connection is good.

Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip



Also....you may need to restore the search functions as well:



Restore Search
http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG

to restore your default Search functionality. You'll have to manually
re-select any Customizations you may have had, however



What type of website are you trying to connect to at this time?





If these steps do not resolve your problem, or you need help with the above,
please post back to this thread with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Fixed one problem - Another replaced it

At first whenever my friend connects to the Internet using JUNO/ IE6/
WINDOWS 2000.
It "dinged" repeatedly, and the address keeps rapidlychanging in the lower
left corner. Before finally stopping at a page displaying the following:

We're Sorry There was an error processing your request. Please try again in
a few moments.

But you couldn't!

After running Spybot, CWShredder, LSP-Fix, and Hijackthis I got it to the
point where it will connect to a website, FOR 1 SECOND before displaying
IE's "This page cannot be displayed" page.

Yet, If I use IE6's "search" button I do get steady stronmg connection to
Google.

What am I doing wrong?

Have I maybe clean out too much?

I have asked around, but, nobody would even reply.

Can someone please help?

P.S. If it would help - here is the logfile generated by the CWShredder

**** Run Keys ****

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [IgfxTray] C:\WINNT\system32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
RUN: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
RUN: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
RUN: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
RUN: [Microsoft Works Update Detection] C:\Program Files\Microsoft
Works\WkDetect.exe
RUN: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
RUN: [PCTVOICE] pctspk.exe
RUN: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE
4.0\SetHook.exe
RUN: [uupggkbpt] C:\WINNT\system32\ynyiuryh.exe
RUN: []
RUN: [EPSON Stylus C84 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84
Series" /O5 "LPT1:" /M "Stylus C84"
RUN: [msident] C:\WINNT\system32\msident.exe
RUN: [winpack] C:\WINNT\system32\winpack.exe


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Documents and Settings\Suzette\Local
Settings\Temp\pft4~tmp\Reader\ActiveX\AcroIEHelper.ocx


**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINNT\System32\msdxm.ocx


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINNT\System32\msjava.dll
IEExt: [@shdoclc.dll,-866] C:\WINNT\System32\msjava.dll


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Local Page: C:\WINNT\System32\blank.htm


**** IE Context Menu (Right click) ****

IEContext: [E&xport to Microsoft Excel]
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{93557FB8-E5AD-4EA6-A9EB-A382E6689972}] SEQPACKET 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{93557FB8-E5AD-4EA6-A9EB-A382E6689972}] DATAGRAM 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BED3B024-2C60-4960-9812-B18DC3C94281}] SEQPACKET 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BED3B024-2C60-4960-9812-B18DC3C94281}] DATAGRAM 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{907426B2-347A-45F9-8B5A-1D30394CA900}] SEQPACKET 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{907426B2-347A-45F9-8B5A-1D30394CA900}] DATAGRAM 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{771A17E7-D706-4196-BC19-392275CD8ED7}] SEQPACKET 3
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{771A17E7-D706-4196-BC19-392275CD8ED7}] DATAGRAM 3
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D42551AD-24AF-4E89-919E-D074730CDCAD}] SEQPACKET 4
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D42551AD-24AF-4E89-919E-D074730CDCAD}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
[http://www.apple.com/qtactivex/qtplugin.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F}
[http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.51348
37963] C:\WINNT\System32\iuengine.dll C:\WINNT\System32\iuctl.dll
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
[http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://www.google.com
SEARCH: [CustomizeSearch] http://www.google.com
SEARCH: [] www.google.com

 

[Zentraleinheit]

You should also download and run this applicaiton to make sure your
connection is good

Like I said, there is no problem connected to, and staying on the net.

However, I'll try them, but, I think the problem is with-in IE6 since the
Hijackthis log does not seem to
show any trace of the ad/spy ware (websearch - Twaintech - DyFuca -
Transponder - Gema, Imiserv A - ipinsite)
that infected my friend's system before using Spybot.

What type of website are you trying to connect to at this time?

ANY!

The problem is that nomatter the webpage you try to connect to by either
hyperlinking or manually entering the
adresss. The result will appear only for 1 second before "the Page cannot
be display" page is put up.

It it would also help - here is a copy of the hijackthis log.

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
www.google.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents
and Settings\Suzette\Local
Settings\Temp\pft4~tmp\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program
Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [PrinTray]
C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [uupggkbpt] C:\WINNT\system32\ynyiuryh.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON
Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKCU\..\Run: [msident] C:\WINNT\system32\msident.exe
O4 - HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
Master 4.1\CM_camera.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bgca.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.513483
7963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Jan Il]

Hi Zentraleinheit
Perhaps it is not totally a problem with IE. This entry has been positively
identified as a malicious program. In the HijackThis program, place a check
mark next to the following entry:

O4 - HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe

(Description: Adware downloader - recognized by Kaspersky antivirus as
Trojan-Downloader.Win32.Agent.gg )

Do the following:

1. Open HiJackThis and run it again. Put a check mark in the box next to
this file and then click the Fix Checked button.

2. Close HJT and reboot the computer.

3. Delete the file winpack.exe which resides in C:\WINDOWS\System32\ or
C:\WINDOWS\System\. If you can't find it, go to Start>Search>Files or
Folders>type in winpack.exe and click search. Go to the folder where it is
listed and delete it. If it will not let you delete it from within Wondows,
then reboot to Safe Mode and then delete it.

How To Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

4. Empty your recycle bin.

5. Run Windows Update, let it san the system and install ALL necessary
critical updates.

6. Run the Adaware and delete any files it finds.

7. Make sure the anti-virus program is up to date with the latest patches.
If they do not have an anti-virus program, download and install AVG Personal
SE Edition Anti-Virus, which is free, and run it.

8. Reboot one last time.

9. There are additional suspicious entries found in the log. The next step
is to run HijackThis again and create another log file. This time post your
log on one of the forums below to have the experts there analyze the log and
advise you of any further actions to be taken.

Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30

Bleeping Computer Forum

http://www.bleepingcomputer.com/forums/forum22.html

(Note: You will have to Register to post the log at the forums. Follow all
posting instructions carefully to avoid having your log ignored or deleted..



If these steps do not resolve your problem, or you need help with the above,
please post back to this thread with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

You should also download and run this applicaiton to make sure your

connection is good

Like I said, there is no problem connected to, and staying on the net.

However, I'll try them, but, I think the problem is with-in IE6 since the
Hijackthis log does not seem to
show any trace of the ad/spy ware (websearch - Twaintech - DyFuca -
Transponder - Gema, Imiserv A - ipinsite)
that infected my friend's system before using Spybot.

What type of website are you trying to connect to at this time?

ANY!

The problem is that nomatter the webpage you try to connect to by either
hyperlinking or manually entering the
adresss. The result will appear only for 1 second before "the Page cannot
be display" page is put up.

It it would also help - here is a copy of the hijackthis log.

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
www.google.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents
and Settings\Suzette\Local
Settings\Temp\pft4~tmp\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program
Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [PrinTray]
C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [uupggkbpt] C:\WINNT\system32\ynyiuryh.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON
Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKCU\..\Run: [msident] C:\WINNT\system32\msident.exe
O4 - HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
Master 4.1\CM_camera.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bgca.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.513483
7963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Zentraleinheit]

Thanks But...

5. Run Windows Update, let it san the system and install ALL necessary

critical updates

I can't access anything so I can't get to the Microsoft website.

This time post yourlog on one of the forums below to have the experts there

analyze the log and
advise you of any further actions to be taken.

I have posted my hijackthis log to the www.spybot.com forum 4 days ago. No
body replies. That is why I am using the newsgroups.

This entry has been positively identified as a malicious program. In the

HijackThis program, place a check mark next to the following entry: O4 -
HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe

Well, my spy dictionary told me that this was nothing.

 

[Jan Il]

Hi Zentraleinheit

Thanks But...

critical updates

I can't access anything so I can't get to the Microsoft website.

If you have performed all the other steps I suggested and are still unable
to access IE, you should do this step as soon as you have access again.

there
analyze the log and
advise you of any further actions to be taken.

I have posted my hijackthis log to the www.spybot.com forum 4 days ago. No
body replies. That is why I am using the newsgroups.

Have you posted it to one of the two forums I suggested? They are both
usually very prompt, within 24 hours as a rule. You might try one of them
and see if you get a faster response.

This entry has been positively identified as a malicious program. In the

HijackThis program, place a check mark next to the following entry: O4 -
HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe

Well, my spy dictionary told me that this was nothing.

I have only related the information provided by the HJT detection tools the
experts recommend. That is also why I suggested that you post the log at
one of the HJT forums I provided for the experts to review as well.
However, to do so or not is your choice

I am sorry that I was not able to help resolve your problem. Perhaps
someone else here will have a better answer.

Good luck to you.

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Zentraleinheit]

I am sorry that I might have come across as a little rought in my last
reply.

It just in trying to type a reply before my connection times out I sometime
forget my manner.

I went to the AUMHA forum and finnal got an answer.

And yes my friend's computer is infected with 3 tojans.

I let you know how the cleaning process comes out.

 

[Jan Il]

Hi Zentraleinheit

I am sorry that I might have come across as a little rought in my last
reply.

It just in trying to type a reply before my connection times out I sometime
forget my manner.

I went to the AUMHA forum and finnal got an answer.

And yes my friend's computer is infected with 3 tojans.

I let you know how the cleaning process comes out.

Yes....please do report back what is found and what helped. I am very glad
that you were able to get assistance with your log on AumHa. I'm sure the
experts there will have you back up and running soon.

Thank you for posting back with the followup, I do appreciate it very much.
And thank you for your patience.

Jan
Smiles are meant to be shared,
that's why they're so contagious