I followed your instructions and ran all of the recomened downloads.
however i hav'nt been able to run the windows update as it does'nt support my
browsr anymore. anyway after running the downloads i was able to delete
spy sheriff from the control panel which i could not do before.
after i did this i was left with a white desktop background
which i cannot delete and wininet.dll has been deleted. As soon as
i logon now i get this message telling me that wininet.dll is not present and
i cannot use internet explorer either beacuse i have an invalid syntax error. at
the moment i am having to use this on line dating pop up link which connects me
to netscape.
here is my hjt scan;
Logfile of HijackThis v1.99.1
Scan saved at 14:20:57, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
F:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
F:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\BroadJump\Client Foundation\CFD.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\Program Files\Netscape\Communicator\Program\netscape.exe
F:\Documents and Settings\Pual\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.uk.netscape.com/uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.uk.netscape.com/uk/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar_en_2.0.95-big.dll (file missing)
O4 - HKLM\..\Run: [PrinTray] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] F:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] F:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] F:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] F:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PSGuard spyware remover] F:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.4.lnk = F:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: Widgets.LNK = F:\Program Files\Starware\Products\Widgets\bin\Widgets.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O12 - Plugin for .mpeg: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://F:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://cw.netglearni...iles/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://F:\Program Files\AutoCAD LT 2000i\InstFred.ocx
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} (Starware) - http://files-pl.star...tarware_323.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://F:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10036.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe
O20 - Winlogon Notify: style2 - F:\WINDOWS\q17656528_disk.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE