PSGuard spyware problem [CLOSED]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

First we need to download and prepare some tools that we will need to fix your problem.

• Please download SmitRem.zip
  • Save the file to your desktop.
  • Right click on the file and extract it to it's own folder on the desktop.
• Please download Ewido Security Suite
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
  If you are having problems with the updater, you can use this link to manually update ewido.
  Ewido Manual Updates
  
  
• Please download Adaware SE 1.06
  Install Adaware and check for updates, but don't run it yet.
  
  
• Place a shortcut to Panda ActiveScan on your desktop.

=============


Now that you have the right tools we can start fixing your problem.
Please print out these instructions as the rest of this fix must be done in Safe mode and you won't be able to access the Internet.

Please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

* if you have trouble getting into Safe mode go here for more info.


=============


Once in Safe mode, follow these steps:

• Open the smitRem folder, then double click the RunThis.bat file to start the tool.
  • Follow the prompts on screen.
  • Wait for the tool to complete and disk cleanup to finish.
  • The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
• Open Ad-aware and do a full scan. Remove everything that it finds.
  
  
• Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop.
  • Close Ewido.
• Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
  
  
• Reboot back into normal mode and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
  
  
• Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let me know if any problems persist.

Thanks for the help, Buckeye_Sam!

I did most of the things but I was unable to do a Panda scan because it doesn’t support Mozilla and Internet Explorer cannot open the site. Also the Windows Explorer Error message keeps popping up.

Here are the requested logs:

Logfile of HijackThis v1.99.1
Scan saved at 09:38:01, on 30/07/2005 г.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=enc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=enc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=enc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=enc
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121010044281
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5168E3-5FF6-4DEA-B37C-7E3E3879110B}: NameServer = 10.100.10.10
O20 - Winlogon Notify: style2 - C:\WINDOWS\q38095796_disk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


smitRem log file
version 2.2

by noahdfear

The current date is: 30/07/2005 Ј.
The current time is: 8:03:48.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

cars
sexual life
shopping
Online Gambling folder


~~~ system32 folder ~~~

oleext.dll
ole32vbs.exe
logfiles


~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ dllcache\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll ~~~~


~~~~ KB890923\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll ~~~~


~~~~ KB867282\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll ~~~~


~~~~ KB883939\SP2QFE\wininet.dll not present! ~~~~


~~~~ Looking for C:\WINDOWS\ServicePackFiles\i386\wininet.dll ~~~~


~~~~ C:\WINDOWS\ServicePackFiles\i386\wininet.dll Present! ~~~~


~~~~ Checking C:\WINDOWS\ServicePackFiles\i386\wininet.dll for infection ~~~~


~~~~ ServicePackFiles\i386\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from ServicePackFiles\i386 ~~~

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 09:18:14, 30/07/2005 г.
+ Report-Checksum: A8342C08

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Tihomir\Application Data\Mozilla\Firefox\Profiles\br48lp59.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End

We're getting there. We still have a few things to clean up.

• Please download CWShredder but don't run it yet.
  
  
• Download KillBox and unzip it to your desktop.
  • Open Killbox and select the Delete on reboot option.
  • Copy and paste the following file to the field labeled "Full path of file to delete"
    C:\WINDOWS\q38095796_disk.dll
  • Press the Delete button (the button that looks like a red circle with a white X in it).
  • A first dialog box will ask if you want to delete the file on reboot, press the YES button.
  • A second dialog box will ask you if you want to REBOOT now. Press the YES button.
  • Your computer will reboot. It you get an error, reboot manually.
• Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.
• Please run Smitrem once again and post the new log that it produces. It didn't look like it ran to compeletion the first time.
  
  
• Run CWShredder, making sure to click "Fix".
  
  
• Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
  O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
  O20 - Winlogon Notify: style2 - C:\WINDOWS\q38095796_disk.dll
  
  
• Delete these files, if found:
  
  C:\WINDOWS\System32\intell32.exe
  c:\explorer.cab
  
  
• Reboot back to normal mode.
  
  
• Run this online virus scan using Firefox.
  http://uk.trendmicro...call_launch.php

Finally reboot once more and post a new hijackthis log and the log from Smitrem.

Well the popup is gone now, everything seems to be normal with the exception that my desktop returned to its blue default background and the taskbar and the buttons design seem little different – more Windows’98 not XP style. Internet Explorer still can’t open even a Google search.


Logfile of HijackThis v1.99.1
Scan saved at 18:09:50, on 30/07/2005 г.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=enc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=enc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=enc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=enc
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121010044281
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE5168E3-5FF6-4DEA-B37C-7E3E3879110B}: NameServer = 10.100.10.10
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


smitRem log file
version 2.2

by noahdfear

The current date is: 30/07/2005 Ј.
The current time is: 17:15:37.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!

Download the following reg file to your desktop by right clicking on the link, and selecting save as.

http://www.bleepingc...g/smitfraud.reg

Once it has downloaded, double-click on the smitfraud.reg file on your desktop and when it asks if you would like to merge the data, click on the Yes button.

Reboot your computer and you should now be able to change your desktop settings back to how you would like it. If your desktop still looks strange, go into your display properties and click on the Themes tab. Change the theme to Windows XP and you will now be using the default Windows XP settings. Then change them as you see fit.


==========


As far as IE, there's a few different ways we could proceed. But by far the easiest and best way is to visit Windows Update and install all critical udpates found for your computer, including SP2. This will update IE to the current version and should resolve that problem.

http://windowsupdate.microsoft.com/


Let me know how your desktop looks and how IE is working.

Big thanks for the help!


I added the reg file, everything is normal again, but Internet Explorer is still useless.
I managed somehow to upgrade to Service Pack 2 without using it but even after this it can’t open any site. I upgraded it to the latest version but still nothing.

There are two methods you can use to try to repair IE.

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

• From the Start menu, select Run.
  
• In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
  
• Select the OK button.
  
• Follow the prompts throughout the System File Checker process.
  
• Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

• From the Start menu, select Search, select All Files and Folders.
  
• Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
  
• Ensure that Search System Folders and Search Subfolders are also checked.
  
• In the All or Part of the File Name box, type ie.inf
  
• In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
  
• Click the Search button.
  
• In the search results pane, find the ie.inf file located in Windows\Inf folder.
  
• Right click the ie.inf file and click Install on the context menu.
  
• Reboot the computer when the file copy process is complete.

Let me know how it turns out.

Neither of the two methods worked.

Are you getting any kind of error message from IE. Please give me more detail about what it's doing.


Right click on this link and select Save as.

http://www.spywarein...tools/IEFIX.reg

Save it as iefix.reg to your desktop. Make sure the select type as All files.


Double click iefix.reg, and ok the prompt. Reboot and let me know if there is any change.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.