Jump to content


Photo

Cool Web Search


  • Please log in to reply
3 replies to this topic

#1 modmouse

modmouse

    Member

  • New Member
  • Pip
  • 2 posts

Posted 06 July 2004 - 06:18 PM

I am running on windows ME. I have run all sorts of spyware programs like- Ad-Aware, SpyBot, CWShredder. but I cannot remove CWS.Bootconf. Everytime I run CWShredder, it tells me that CWS.Bootconf has been removed but it immediately comes back.

it would be much appreciated if someone could tell me whats going on here...i never had this much trouble with a cws before

thanks

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 06 July 2004 - 06:27 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 modmouse

modmouse

    Member

  • New Member
  • Pip
  • 2 posts

Posted 06 July 2004 - 06:47 PM

Logfile of HijackThis v1.97.7
Scan saved at 6:57:13 PM, on 7/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ATLVO.EXE
C:\WINDOWS\APPYR32.EXE
C:\WINDOWS\SDKMW.EXE
C:\WINDOWS\SDKNN32.EXE
C:\WINDOWS\SDKPP32.EXE
C:\WINDOWS\SYSTEM\ADDPT.EXE
C:\WINDOWS\ATLBL32.EXE
C:\WINDOWS\SYSTEM\APIMG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ADDHM.EXE
C:\WINDOWS\SYSTEM\IPDK32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\OOFR2MNWY.EXE
C:\WINDOWS\SYSTEM\WINGM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\PETER'S PROGRAMS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
F1 - win.ini: run=hpfsched
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {BD85FF67-C43F-4377-4D51-43E5E92B5A18} - C:\WINDOWS\SYSTEM\IETT.DLL (file missing)
O2 - BHO: (no name) - {F261DF5E-B0AF-DDED-4F46-3F48A8F50CDF} - C:\WINDOWS\SYSTEM\WINGM.DLL (file missing)
O2 - BHO: (no name) - {369C0211-FC36-1DF7-3735-BC3F84CD802F} - C:\WINDOWS\SYSNW.DLL (file missing)
O2 - BHO: (no name) - {5427C122-41DC-07F0-770B-7D0652D91511} - C:\WINDOWS\SDKYO.DLL (file missing)
O2 - BHO: (no name) - {AF7908C9-41F4-AEDD-0CE4-434907CE91DC} - C:\WINDOWS\SDKUH32.DLL
O2 - BHO: (no name) - {8EAD4BC7-6754-81AE-DA50-935DCBE2A432} - C:\WINDOWS\SYSTEM\NETDU.DLL (file missing)
O2 - BHO: (no name) - {49F8F604-B7AC-5876-933A-2E3729E47B49} - C:\WINDOWS\JAVAVF32.DLL (file missing)
O2 - BHO: (no name) - {75BCC47F-FF73-DFD6-3935-55E8AFDD2820} - C:\WINDOWS\NETJM32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OOFR2MNWY] C:\WINDOWS\TEMP\OOFR2MNWY.EXE
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [WINGM.EXE] C:\WINDOWS\SYSTEM\WINGM.EXE
O4 - HKLM\..\Run: [IETT.EXE] C:\WINDOWS\SYSTEM\IETT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [MSLU32.EXE] C:\WINDOWS\MSLU32.EXE
O4 - HKLM\..\RunServices: [NTVF.EXE] C:\WINDOWS\SYSTEM\NTVF.EXE
O4 - HKLM\..\RunServices: [JAVAPY.EXE] C:\WINDOWS\JAVAPY.EXE
O4 - HKLM\..\RunServices: [MFCIH32.EXE] C:\WINDOWS\MFCIH32.EXE
O4 - HKLM\..\RunServices: [SDKCB32.EXE] C:\WINDOWS\SDKCB32.EXE
O4 - HKLM\..\RunServices: [MSMJ.EXE] C:\WINDOWS\MSMJ.EXE
O4 - HKLM\..\RunServices: [NETEZ.EXE] C:\WINDOWS\NETEZ.EXE
O4 - HKLM\..\RunServices: [CRJR32.EXE] C:\WINDOWS\SYSTEM\CRJR32.EXE
O4 - HKLM\..\RunServices: [SYSHS32.EXE] C:\WINDOWS\SYSHS32.EXE
O4 - HKLM\..\RunServices: [ADDKV32.EXE] C:\WINDOWS\ADDKV32.EXE
O4 - HKLM\..\RunServices: [APPYR32.EXE] C:\WINDOWS\APPYR32.EXE
O4 - HKLM\..\RunServices: [IEBC32.EXE] C:\WINDOWS\SYSTEM\IEBC32.EXE
O4 - HKLM\..\RunServices: [MFCEQ32.EXE] C:\WINDOWS\SYSTEM\MFCEQ32.EXE
O4 - HKLM\..\RunServices: [MFCEV32.EXE] C:\WINDOWS\MFCEV32.EXE
O4 - HKLM\..\RunServices: [APIQJ32.EXE] C:\WINDOWS\SYSTEM\APIQJ32.EXE
O4 - HKLM\..\RunServices: [SDKDM32.EXE] C:\WINDOWS\SYSTEM\SDKDM32.EXE
O4 - HKLM\..\RunServices: [CRLQ32.EXE] C:\WINDOWS\CRLQ32.EXE
O4 - HKLM\..\RunServices: [SDKMW.EXE] C:\WINDOWS\SDKMW.EXE
O4 - HKLM\..\RunServices: [ADDJW.EXE] C:\WINDOWS\SYSTEM\ADDJW.EXE
O4 - HKLM\..\RunServices: [ADDFW32.EXE] C:\WINDOWS\SYSTEM\ADDFW32.EXE
O4 - HKLM\..\RunServices: [ADDNE.EXE] C:\WINDOWS\ADDNE.EXE
O4 - HKLM\..\RunServices: [NTMC.EXE] C:\WINDOWS\NTMC.EXE
O4 - HKLM\..\RunServices: [SYSXW.EXE] C:\WINDOWS\SYSXW.EXE
O4 - HKLM\..\RunServices: [ATLGO.EXE] C:\WINDOWS\SYSTEM\ATLGO.EXE
O4 - HKLM\..\RunServices: [MFCPB.EXE] C:\WINDOWS\SYSTEM\MFCPB.EXE
O4 - HKLM\..\RunServices: [D3MG.EXE] C:\WINDOWS\D3MG.EXE
O4 - HKLM\..\RunServices: [CRUB32.EXE] C:\WINDOWS\CRUB32.EXE
O4 - HKLM\..\RunServices: [SYSRK.EXE] C:\WINDOWS\SYSTEM\SYSRK.EXE
O4 - HKLM\..\RunServices: [SDKPD.EXE] C:\WINDOWS\SYSTEM\SDKPD.EXE
O4 - HKLM\..\RunServices: [JAVAQI32.EXE] C:\WINDOWS\SYSTEM\JAVAQI32.EXE
O4 - HKLM\..\RunServices: [ADDCK32.EXE] C:\WINDOWS\SYSTEM\ADDCK32.EXE
O4 - HKLM\..\RunServices: [APPAS32.EXE] C:\WINDOWS\APPAS32.EXE
O4 - HKLM\..\RunServices: [ATLBD.EXE] C:\WINDOWS\ATLBD.EXE
O4 - HKLM\..\RunServices: [CRDD32.EXE] C:\WINDOWS\CRDD32.EXE
O4 - HKLM\..\RunServices: [ATLVO.EXE] C:\WINDOWS\SYSTEM\ATLVO.EXE
O4 - HKLM\..\RunServices: [JAVAEI.EXE] C:\WINDOWS\JAVAEI.EXE
O4 - HKLM\..\RunServices: [MFCKJ32.EXE] C:\WINDOWS\SYSTEM\MFCKJ32.EXE
O4 - HKLM\..\RunServices: [WINJP32.EXE] C:\WINDOWS\WINJP32.EXE
O4 - HKLM\..\RunServices: [APPHG32.EXE] C:\WINDOWS\APPHG32.EXE
O4 - HKLM\..\RunServices: [SDKNN32.EXE] C:\WINDOWS\SDKNN32.EXE
O4 - HKLM\..\RunServices: [SDKPP32.EXE] C:\WINDOWS\SDKPP32.EXE
O4 - HKLM\..\RunServices: [MSKR.EXE] C:\WINDOWS\SYSTEM\MSKR.EXE
O4 - HKLM\..\RunServices: [SDKJE.EXE] C:\WINDOWS\SDKJE.EXE
O4 - HKLM\..\RunServices: [ADDPT.EXE] C:\WINDOWS\SYSTEM\ADDPT.EXE
O4 - HKLM\..\RunServices: [NTMD32.EXE] C:\WINDOWS\SYSTEM\NTMD32.EXE
O4 - HKLM\..\RunServices: [WINWJ32.EXE] C:\WINDOWS\SYSTEM\WINWJ32.EXE
O4 - HKLM\..\RunServices: [NETLZ32.EXE] C:\WINDOWS\NETLZ32.EXE
O4 - HKLM\..\RunServices: [WINPA.EXE] C:\WINDOWS\WINPA.EXE
O4 - HKLM\..\RunServices: [ATLBL32.EXE] C:\WINDOWS\ATLBL32.EXE
O4 - HKLM\..\RunServices: [APIMG.EXE] C:\WINDOWS\SYSTEM\APIMG.EXE
O4 - HKLM\..\RunServices: [ADDHM.EXE] C:\WINDOWS\ADDHM.EXE
O4 - HKLM\..\RunServices: [IPDK32.EXE] C:\WINDOWS\SYSTEM\IPDK32.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\MPROCESSOR.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?1067719957130
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab

thanks for taking a look

#4 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 06 July 2004 - 07:04 PM

Sorry for intruding on this thread, but I have a small request for you modmouse, before dave38 proceeds with removal instructions :)

Can you please locate the following files, and send a zipped package consisting of the files below to this e-mail address

SDKUH32.DLL
NETJM32.DLL
IETT.EXE
WINGM.EXE


Thanks a lot in advance..and I will let dave38 continue with the fix :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button