• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
MarcOuwendijk

About blank help me !

7 posts in this topic

Hi I have tried to remove most of this and downed a spyware shield that keeps the majority from coming back...

 

However i got the idea the .dll is still here since the about blank keeps returning ( the spyware prog easily removes and keeps some parts permanently at bay..some not... Please help me in removing this pest:

 

Hijack LoG

 

Logfile of HijackThis v1.97.7

Scan saved at 21:28:13, on 4-7-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Norton AntiVirus\OPScan.exe

C:\Documents and Settings\Marc Ouwendijk\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8169.5149189815

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{844A4430-7634-423F-9E59-F0D9DD353054}: NameServer = 62.45.45.45 62.45.46.46

 

FindnFIX REPORT:

 

 

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

 

Microsoft Windows XP [versie 5.1.2600]

»»»IE build and last SP(s)

6.0.2800.1106 SP1-Q824145-Q330994-Q820223-Q832894-Q837009-Q831167

Het type bestandssysteem is NTFS.

C: bevat geen fouten.

 

zo 04-07-2004

9:34pm up 0 days, 0:23

 

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

 

Scanning for file(s)...

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........

»»Locked or 'Suspect' file(s) found...

 

C:\WINDOWS\System32\HLP.DLL +++ File read error

\\?\C:\WINDOWS\System32\HLP.DLL +++ File read error

 

»»»»» (*2*) »»»»»........

**File C:\FINDnFIX\LIST.TXT

HLP.DLL Can't Open!

 

»»»»» (*3*) »»»»»........

 

C:\WINDOWS\SYSTEM32\

hlp.dll Sun 27 Jun 2004 13:38:58 A...R 57.344 56,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57.344 bytes 56,00 K

 

unknown/hidden files...

 

No matches found.

 

»»»»» (*4*) »»»»».........

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\HLP.DLL

 

 

»»»»»(***5***)»»»»»

**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT

¯ Access denied ® ..................... HLP.DLL .....57344 27.06.2004

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

AppInit_DLLs =

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read INGEBOUWD\Gebruikers

(ID-IO) ALLOW Read INGEBOUWD\Gebruikers

(ID-NI) ALLOW Full access INGEBOUWD\Administrators

(ID-IO) ALLOW Full access INGEBOUWD\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access PRIVA-8H1FN689R\Marc Ouwendijk

(ID-IO) ALLOW Full access MAKER EIGENAAR

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read INGEBOUWD\Gebruikers

Full access INGEBOUWD\Administrators

Full access NT AUTHORITY\SYSTEM

Full access PRIVA-8H1FN689R\Marc Ouwendijk

 

 

»»Member of...: (Admin logon required!)

User is a member of group PRIVA-8H1FN689R\Geen.

User is a member of group \Iedereen.

User is a member of group INGEBOUWD\Administrators.

User is a member of group INGEBOUWD\Gebruikers.

User is a member of group \LOKAAL.

User is a member of group NT AUTHORITY\INTERACTIEF.

User is a member of group NT AUTHORITY\Geverifieerde gebruikers.

 

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

 

[sC] GetServiceKeyName FAILED 1060:

 

De opgegeven service is geen ge‹nstalleerde service.

 

[sC] GetServiceDisplayName FAILED 1060:

 

De opgegeven service is geen ge‹nstalleerde service.

 

 

»»Notepad check....

 

C:\WINDOWS\

notepad.exe Tue 8 Apr 2003 14:00:00 A.... 67.072 65,50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 67.072 bytes 65,50 K

 

No matches found.

 

C:\WINDOWS\SYSTEM32\DLLCACHE\

notepad.exe Tue 8 Apr 2003 14:00:00 A.... 67.072 65,50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 67.072 bytes 65,50 K

--a-- W32i APP NLD 5.1.2600.0 shp 67,072 04-08-2003 notepad.exe

Language 0x0413 (Nederlands (Nederland))

CharSet 0x04b0 Unicode

OleSelfRegister Disabled

CompanyName Microsoft Corporation

FileDescription Kladblok

InternalName Notepad

OriginalFilenam NOTEPAD.EXE

ProductName Besturingssysteem Microsoft® Windows®

ProductVersion 5.1.2600.0

FileVersion 5.1.2600.0 (xpclient.010817-1148)

LegalCopyright © Microsoft Corporation. Alle rechten voorbehouden.

 

VS_FIXEDFILEINFO:

Signature: feef04bd

Struc Ver: 00010000

FileVer: 00050001:0a280000 (5.1:2600.0)

ProdVer: 00050001:0a280000 (5.1:2600.0)

FlagMask: 0000003f

Flags: 00000000

OS: 00040004 NT Win32

FileType: 00000001 App

SubType: 00000000

FileDate: 00000000:00000000

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x INGEBOUWD\Administrators

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x PRIVA-8H1FN689R\Marc Ouwendijk

Allow 0000000B -co- 10000000 ---A ---- ---- \MAKER EIGENAAR

Allow 00000003 tco- 001200A9 ---- -S-- r--x INGEBOUWD\Gebruikers

Allow 00000002 tc-- 00000004 ---- ---- --+- INGEBOUWD\Gebruikers

Allow 00000002 tc-- 00000002 ---- ---- -w-- INGEBOUWD\Gebruikers

 

Owner: PRIVA-8H1FN689R\Marc Ouwendijk

 

Primary Group: PRIVA-8H1FN689R\Geen

 

 

 

»»»»»»Backups created...»»»»»»

9:34pm up 0 days, 0:23

zo 04-07-2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 07-04-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 07-04-2004 winkey.reg

 

»»Performing 16bit string scan....

00001150: vk UDeviceNotSelecte

00001190:dTimeout 1 5 f O h vk ' zGDIProce

000011D0:ssHandleQuota" 9 0 | . vk Spooler2

00001210: y e s ! vk swapdisk h

00001250: X vk TransmissionRetryTimeout vk

00001290: ' USERProcessHandleQuota h X

000012D0: vk 8 AppInit_DLLs Tn C : \ W I N

00001310:D O W S \ S y s t e m 3 2 \ h l p . d l l Wait

00001350:

00001390:

000013D0:

00001410:

00001450:

00001490:

000014D0:

00001510:

00001550:

 

---------- WIN.TXT

AppInit_DLLs

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs"=""

 

 

**File C:\FINDnFIX\WIN.TXT

regf

 

 

 

 

Olease please help ! Thanks in advance !

Edited by MarcOuwendijk

Share this post


Link to post
Share on other sites

Leave the notepad issue for last, and follow these steps:

 

 

*Get ready to restart:

- Go to C:\FINDnFIX\Keys1 Subfolder!

-DoubleClick on the "FIX.bat" file in that folder.

-Wait for the popup -Alert to restart your computer in 15 seconds.

 

On restart, navigate to System32 folder:

-Locate and select the "HLP.DLL" file (as it will be visible)

And use the folder's top menu>edit>

move to folder...

Select the C:\junkxxx as destination and move

the "HLP.DLL" there.

--------------------------------------------------------------

 

When done, go back to-

C:\FINDnFIX\ main folder,

DoubleClick on the "RESTORE.bat" file, post the output! (log1.txt)

Share this post


Link to post
Share on other sites

I may have made a mistake...before your reply i looked up hpl.dll cause someone i know suggested it and was able to locate and delete it manually.... (i did use the fixbat before though)

 

i tried your instructions too but then the file was gone ofcourse and no outcome come...same with the restore...

 

the hpldll is not there anymore... and to be sure i redid the logpart (see it below the latest phrase) ...it was not mentioned anymore (where int he first log the hpdll was mentioned now it said no files found)

 

Did the manual delete turn out right in the end or did i screw up and am i in for more trouble ?? Please reply ..thank youso much in advance

 

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

 

Microsoft Windows XP [versie 5.1.2600]

»»»IE build and last SP(s)

6.0.2800.1106 SP1-Q824145-Q330994-Q820223-Q832894-Q837009-Q831167

Het type bestandssysteem is NTFS.

C: bevat geen fouten.

 

zo 04-07-2004

10:05pm up 0 days, 0:05

 

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

 

Scanning for file(s)...

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........

»»Locked or 'Suspect' file(s) found...

 

 

»»»»» (*2*) »»»»»........

**File C:\FINDnFIX\LIST.TXT

 

»»»»» (*3*) »»»»»........

 

No matches found.

 

unknown/hidden files...

 

No matches found.

 

»»»»» (*4*) »»»»».........

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

 

 

»»»»»(***5***)»»»»»

**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

AppInit_DLLs =

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read INGEBOUWD\Gebruikers

(ID-IO) ALLOW Read INGEBOUWD\Gebruikers

(ID-NI) ALLOW Full access INGEBOUWD\Administrators

(ID-IO) ALLOW Full access INGEBOUWD\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access MAKER EIGENAAR

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read INGEBOUWD\Gebruikers

Full access INGEBOUWD\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group PRIVA-8H1FN689R\Geen.

User is a member of group \Iedereen.

User is a member of group INGEBOUWD\Administrators.

User is a member of group INGEBOUWD\Gebruikers.

User is a member of group \LOKAAL.

User is a member of group NT AUTHORITY\INTERACTIEF.

User is a member of group NT AUTHORITY\Geverifieerde gebruikers.

 

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

 

[sC] GetServiceKeyName FAILED 1060:

 

De opgegeven service is geen ge‹nstalleerde service.

 

[sC] GetServiceDisplayName FAILED 1060:

 

De opgegeven service is geen ge‹nstalleerde service.

 

 

»»Notepad check....

 

C:\WINDOWS\

notepad.exe Tue 8 Apr 2003 14:00:00 A.... 67.072 65,50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 67.072 bytes 65,50 K

 

No matches found.

 

C:\WINDOWS\SYSTEM32\DLLCACHE\

notepad.exe Tue 8 Apr 2003 14:00:00 A.... 67.072 65,50 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 67.072 bytes 65,50 K

--a-- W32i APP NLD 5.1.2600.0 shp 67,072 04-08-2003 notepad.exe

Language 0x0413 (Nederlands (Nederland))

CharSet 0x04b0 Unicode

OleSelfRegister Disabled

CompanyName Microsoft Corporation

FileDescription Kladblok

InternalName Notepad

OriginalFilenam NOTEPAD.EXE

ProductName Besturingssysteem Microsoft® Windows®

ProductVersion 5.1.2600.0

FileVersion 5.1.2600.0 (xpclient.010817-1148)

LegalCopyright © Microsoft Corporation. Alle rechten voorbehouden.

 

VS_FIXEDFILEINFO:

Signature: feef04bd

Struc Ver: 00010000

FileVer: 00050001:0a280000 (5.1:2600.0)

ProdVer: 00050001:0a280000 (5.1:2600.0)

FlagMask: 0000003f

Flags: 00000000

OS: 00040004 NT Win32

FileType: 00000001 App

SubType: 00000000

FileDate: 00000000:00000000

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x INGEBOUWD\Administrators

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x PRIVA-8H1FN689R\Marc Ouwendijk

Allow 0000000B -co- 10000000 ---A ---- ---- \MAKER EIGENAAR

Allow 00000003 tco- 001200A9 ---- -S-- r--x INGEBOUWD\Gebruikers

Allow 00000002 tc-- 00000004 ---- ---- --+- INGEBOUWD\Gebruikers

Allow 00000002 tc-- 00000002 ---- ---- -w-- INGEBOUWD\Gebruikers

 

Owner: PRIVA-8H1FN689R\Marc Ouwendijk

 

Primary Group: PRIVA-8H1FN689R\Geen

 

 

 

»»»»»»Backups created...»»»»»»

10:05pm up 0 days, 0:06

zo 04-07-2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 07-04-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 07-04-2004 winkey.reg

 

»»Performing 16bit string scan....

00001150: vk UDeviceNotSelecte

00001190:dTimeout 1 5 f O h vk ' zGDIProce

000011D0:ssHandleQuota" 9 0 | . vk Spooler2

00001210: y e s ! vk swapdisk h

00001250: X vk TransmissionRetryTimeout vk

00001290: ' USERProcessHandleQuota h X

000012D0: vk 8 AppInit_DLLs Tn C : \ W I N

00001310:D O W S \ S y s t e m 3 2 \ h l p . d l l Wait

00001350:

00001390:

000013D0:

00001410:

00001450:

00001490:

000014D0:

00001510:

00001550:

 

---------- WIN.TXT

AppInit_DLLs

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs"=""

 

 

**File C:\FINDnFIX\WIN.TXT

regf

Share this post


Link to post
Share on other sites

Well, I have no idea what you did exactly, following other steps on your own

but according to your set of logs, the offending file was:

-HLP.DLL not -"hpldll"

 

Hopefully you deleted the right file... ;)

 

Let me mention that the 'Restore' file has several purposes:

It scans your System dir as well as the moved file, and at

the same time it restores your registry hiv and security to default.

 

Some commands may no longer execute correctly if the entire

set of steps is not followed.

 

Your log shows no infection, but the last part can't be run, as you deleted the file.

Since you are running non-English version of Windows, I can't make up all the specs on your log!

 

Same goes for your notepad issue.

Find this (hidden) folder:

C:\WINDOWS\SYSTEM32\DLLCACHE\

notepad.exe Tue 8 Apr 2003

 

And replace your non-working notepads, whether in

System32 and/or Windows.

 

At this point you are most likely done.

Delete the entire FINDnFIX folder(s) from C:, and empty dir 'junkxxx' that was recreated.

Run any and all removal tools, and hopfully you're all set! ;)

Share this post


Link to post
Share on other sites

Thanks man ! :thumbsup: i deleted the right one indeed just mistyped it...i ran all tools...offline first and then online once more so i hope it works....if not i'll post again and hope you (or any other) can be of help againt hen...

 

for now..fingers crossed re-do the notepad and hope it is fixed...

 

Thanks once again for all the help

Share this post


Link to post
Share on other sites

Thanks it's still away but today i got an error saying kernel check fault...and it caused my pc to reboot... can that be because it is looking for the file i succesfully deleted ? If so do i need to delete another part too or reper a certain kernel piece ?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0