• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
wisevlad

CWShredder doesn't work

9 posts in this topic

Dear All,

 

My browser has been hijacked by CWS, and I write to ask you help on this.

Since I had this problem before, I knew the cwshredder is the best out there to cure this disease.

 

So I downloaded the latest version of CWShredder and ran it (after running Adware, SpyBot, kill2me, and Spy sweeper).

The dialogue box said that I have a CWS smartserach variant which closes the CWShredder and it seemed that your program knows how to work around this.

 

Everything worked fine (CWS bootconf was removed, and the program said no other variants were identified) until 'fix' reached 'CWS Smartsearch'. After a second of hanging, the program was closed saying that unexpected error happens so the program is closed by windows (It was not a 'missing DLL' error you mentioned in your site).

 

Then I looked up forums and found that I need to run another program first

(CWS smartsearch killer), so I tried that. But the program said that I have no infection.

 

Although I tried with these combination tons of times (CWS smartsearch killer first, then CWS shredder next), it kept running into the same error - no infection found by smartsearch killer, CWShredder closed at removing cws smartsearch.

 

I have no clue what I did wrong. Still the browser is being redirected to some stupid sites at every 3-5 minutes (and even so when I just turned my machine on and not use browser). Hijackthis log doesn't show any suspicious procedures - most of them are what I installed from legitimate source (such as freechal.com or nprotect.com). Only thing that I fixed after scanning was 'ieautosearch' part, but those three lines keep appearing even after I fixed it.

Could anyone please help me out on this? It has been a bix pain in the back for almost a week... For your info, I attach the log file from hjt.

 

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Luvin\Desktop\HijackThis.exe

N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Luvin\Application Data\Mozilla\Profiles\default\9ptfi01h.slt\prefs.js)

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [FcMessenger] C:\Program Files\Freechal Messenger\FcMessenger.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\Openoffice\program\quickstart.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O9 - Extra button: Freechal Messenger (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: Dialpad KR Java Applet - http://www.dialpad.co.kr/dialpadweb/phone/vscp.cab

O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://rsvweb.asiana.co.kr/initech/plugin/axINIplugin20.cab

O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://asiana.contents.mylinker.co.kr/module/MyLinker.cab

O16 - DPF: {16B21577-3ABA-49AA-96F9-811B7BCFA9CA} (Dialpad KR VegaLoader Class) - http://www.dialpad.co.kr/dialpadweb/phone/helper.cab

O16 - DPF: {1E1F1304-A717-4B26-A907-DBD5A39060DD} (SJAX2 Control) - http://msg.seenjoy.com/cab/SJAX2.cab

O16 - DPF: {2A41F8DA-2D88-4ED4-BDD7-A78C88532D9F} (SJDownUtilX Control) - http://www.seenjoy.com/AVChat/DownLoad/SJD...SJDownUtilX.cab

O16 - DPF: {450E1410-102D-429B-8716-3F30D6C56502} (iWalletSg Class) - http://www.commerce-pay.com/pg2/include/iWalletSingle.cab

O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab

O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab

O16 - DPF: {5EA05469-949D-4B37-8B46-2D32D95691FC} (SJDownloader) - http://www.seenjoy.com/AVChat/DownLoad/SJD...JDownloader.cab

O16 - DPF: {61D91A12-0032-47CD-B4D2-44817FFB3145} (FcActiveUpload.Upload) - http://home.freechal.com/etc/FcActivePacka...ctiveUpload.CAB

O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.sktelecom.com/inimas/autoc...niMasPlugin.cab

O16 - DPF: {7A95C123-295D-408C-9699-873A4C9873AF} (FcCommCtrl.FcUpload) - http://home.freechal.com/etc/FcActivePacka.../FcCommCtrl.CAB

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/XecureObje.../xw_install.cab

O16 - DPF: {920AB56F-933F-4469-A779-E228554CBDA2} (FcCommCtrl.PDSDropBox) - http://home.freechal.com/etc/FcActivePacka.../FcCommCtrl.CAB

O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://update.nprotect.net/keycrypt/keb/npkxsite.cab

O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8123.3362037037

O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggyCtl.cab

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl2.cab

 

 

Thank you so much for your help in advance.

 

Best,

 

Desperate Young

Share this post


Link to post
Share on other sites

Hi wisevlad

Can you post a complete log including the header.We need to make sure that nothing is in there that shouldn't be.

Share this post


Link to post
Share on other sites

Hello OlTramp,

 

Thank you for the reply. Actually the following is the complete(?) hijackthis log of my system now. It seems to me that I have no suspicious components, but I am not that confident. I look forward to your precious helps...

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:26:42 PM, on 5/16/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Openoffice\program\soffice.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\taskmgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Luvin\Desktop\HijackThis.exe

 

N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Luvin\Application Data\Mozilla\Profiles\default\9ptfi01h.slt\prefs.js)

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [FcMessenger] C:\Program Files\Freechal Messenger\FcMessenger.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\Openoffice\program\quickstart.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O9 - Extra button: Freechal Messenger (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: Dialpad KR Java Applet - http://www.dialpad.co.kr/dialpadweb/phone/vscp.cab

O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://rsvweb.asiana.co.kr/initech/plugin/axINIplugin20.cab

O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://asiana.contents.mylinker.co.kr/module/MyLinker.cab

O16 - DPF: {16B21577-3ABA-49AA-96F9-811B7BCFA9CA} (Dialpad KR VegaLoader Class) - http://www.dialpad.co.kr/dialpadweb/phone/helper.cab

O16 - DPF: {1E1F1304-A717-4B26-A907-DBD5A39060DD} (SJAX2 Control) - http://msg.seenjoy.com/cab/SJAX2.cab

O16 - DPF: {2A41F8DA-2D88-4ED4-BDD7-A78C88532D9F} (SJDownUtilX Control) - http://www.seenjoy.com/AVChat/DownLoad/SJD...SJDownUtilX.cab

O16 - DPF: {450E1410-102D-429B-8716-3F30D6C56502} (iWalletSg Class) - http://www.commerce-pay.com/pg2/include/iWalletSingle.cab

O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab

O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab

O16 - DPF: {5EA05469-949D-4B37-8B46-2D32D95691FC} (SJDownloader) - http://www.seenjoy.com/AVChat/DownLoad/SJD...JDownloader.cab

O16 - DPF: {61D91A12-0032-47CD-B4D2-44817FFB3145} (FcActiveUpload.Upload) - http://home.freechal.com/etc/FcActivePacka...ctiveUpload.CAB

O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.sktelecom.com/inimas/autoc...niMasPlugin.cab

O16 - DPF: {7A95C123-295D-408C-9699-873A4C9873AF} (FcCommCtrl.FcUpload) - http://home.freechal.com/etc/FcActivePacka.../FcCommCtrl.CAB

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/XecureObje.../xw_install.cab

O16 - DPF: {920AB56F-933F-4469-A779-E228554CBDA2} (FcCommCtrl.PDSDropBox) - http://home.freechal.com/etc/FcActivePacka.../FcCommCtrl.CAB

O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://update.nprotect.net/keycrypt/keb/npkxsite.cab

O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8123.3362037037

O16 - DPF: {A4CC2CFF-D8DE-481E-81FC-B51186283282} (PZLunch Control) - http://down01.freechal.com/FcVaccine/PCZiggyCtl.cab

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl2.cab

Edited by wisevlad

Share this post


Link to post
Share on other sites

I am having this same exact problem also. Ran Adaware, Spybot and CWS smartsearch killer all before trying to run CWShredder (version 1.57.0). CWShredder runs through the first few entries and then when it gets to CWS.Smartsearch it crashes. I am running Win 200 SP4 with all my updates. I can post my Hijackthis log in another post if anyone thinks it will help. Thanks in advance.

Share this post


Link to post
Share on other sites

Hello first post.

 

Im having a simular problem, not exactly the same. I keep running CWShredder, it says it removes Smartsearch but pest patrol keeps finding CWS infection. I let Pest Patrol kill the infection and it also kill's my connection to the internet. My computer is slowing down to a crawl, but my browser is not being redirected. I have run all the programs mentioned in the above posts plus dllfix.exe and find-all. Everything says there is no infection. But then when I run the system my hard drive is being hammered, everything is slow. I run CWShredder again and it says it removes SmartSearch again. :blink:

 

Im just going to wipe my hard drive in the next day or two. I just posted this in case someone wants to see logs from anything I ran, maybe it could help someone else. :unsure:

 

Thanks.....

Share this post


Link to post
Share on other sites

Hi wisevlad,

Close all browsers and rerun HJT. Check and click fix checked for the following-

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O1 - Hosts: 207.36.196.189 auto.search.msn.com

Do you know what this is? Is it something you downloaded?

O4 - HKCU\..\Run: [FcMessenger] C:\Program Files\Freechal Messenger\FcMessenger.exe

As for your 016 items I can't be sure. Problem is I can't get any info on most of them. Perhaps you know. If not check and fix them also. Any that you need will be downloaded the next time you visit that site.

Share this post


Link to post
Share on other sites

Top Dog and Ianstar-

Please start a thread of your own. It is to hard trying to fix multiple posters in one thread.

Go here for Hijack This

Unzip,update and scan. The scan button will turn into a save log button. Save it,copy and paste it into a thread of your own. Don't fix anything yet because most of it is needed.Make sure you place HJT into a folder of it’s own. You may need to restore an item and you will not be able to from a temp. dir

Share this post


Link to post
Share on other sites

Hi OlTramp,

 

Thanks for your reply !!! I have been looking forward to hearing from you.. ;)

The followings are my replies to your questions and some updates:

 

1) In fact, I have kept removing those three "autosearch" part whenevern I scanned using hijackthis. But it appears again when I reboot.

 

2) As for

O4 - HKCU\..\Run: [FcMessenger] C:\Program Files\Freechal Messenger\FcMessenger.exe,

this is the messenger program that I downloaded from the legitimate source. Also, many of O16 parts are all programs that I know. I've been using these for more than a year without any problem, so I don't think these are the source of cws.

 

3) Without your reply, I deleted some suspicisous folders in registry (in root). They had names like 'adbar....' and didn't seem like a good(?) one. Although this deleting was not extensive, new-explorer-poping and redirecting stopped after this for a while. Unfortunately, this problem got back again after a while (after turning on the machine again).

 

Well, actually I used Netscape after deleting them because I couldn't log in any of webmail accounts of mine such as yahoo using MS explorer. Even though I typed in the right id and password, the browser didn't let me log in like I didn't type anything. So I used Netscape and it was all right while I used Netscape.

So even I could download Mozilla just in case that I have a problem with Netscape (although they are based on same engine(?), as I know of). After using a couple of hours without being annoyed by those stupid problems, I turned off the machine.

 

4) When I turned on machine again about half an hour ago, cws stroke back. It even appeared when I used Netscape as well as Mozilla !!

<_<

I have no clue what to do. CWShredder still crashed at CWS.smartsearch, and other programs don't identify a problem....

:(

 

5) I found some suspicious dll files with pv and dllfix. But I couldn't delete it. Whenever I tried to get rid of it, the dialogue box popped up saying 'some programs are using it'. Could you let me know how I can delete these suspicious dlls? I attach two logs from pv and dllfix for your info.

 

[PV log]

 

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer

ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL

kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL

msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL

ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API

RPCRT4.dll 78000000 450560 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.109 (xpclnt_qfe.021108-2107) Remote Procedure Call Runtime

GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL

USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL

SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library

SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll

ole32.dll 771b0000 1114112 C:\WINDOWS\system32\ole32.dll 5.1.2600.118 (xpclnt_qfe.021108-2107) Microsoft OLE for Windows

OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

SHDOCVW.dll 71700000 1343488 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2723.100 Shell Doc Object and Control Library

UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library

IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL

LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack

USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor

comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library

comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library

appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library

CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42

COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI

CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent

themeui.dll 5b630000 458752 C:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API

Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface

MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL

USERENV.dll 52880000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.15 (xpclnt_qfe.010827-1803) Userenv

NETAPI32.dll 71c20000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL

SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL

LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing

ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)

msi.dll 76400000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer

SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API

NETSHELL.dll 75cf0000 1638400 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell

credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface

WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT

iphlpapi.dll 76d60000 86016 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API

netman.dll 76de0000 155648 C:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager

MPRAPI.dll 76d40000 90112 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL

ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL

adsldpc.dll 76e10000 147456 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL

WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL

rtutils.dll 76e80000 53248 C:\WINDOWS\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

RASAPI32.dll 76ee0000 225280 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access API

rasman.dll 76e90000 69632 C:\WINDOWS\system32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager

TAPI32.dll 76eb0000 172032 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows Telephony API Client DLL

WINMM.dll 76b40000 180224 C:\WINDOWS\system32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL

WZCSvc.DLL 76da0000 196608 C:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service

WMI.dll 76d30000 16384 C:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality

DHCPCSVC.DLL 76d80000 106496 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service

DNSAPI.dll 76f20000 151552 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL

CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32

MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs

WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs

WINSTA.dll 76360000 61440 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library

webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor

stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object

BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL

POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL

wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper

printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL

WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver

CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL

SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5

comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL

drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager

NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes

NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL

WININET.dll 63000000 606208 C:\WINDOWS\system32\WININET.dll 6.00.2718.400 Internet Extensions for Win32

MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT Logon GINA DLL

ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager

odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources

 

 

[dllfix log]

 

--===**'FIND-ALL' VERSION 3, 5/11**===--

 

 

Wed May 19 00:54:01 2004 -- Results:

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (48C2:6974) - FS:NTFS clusters:4k

Total: 25 169 321 984 [23G] - Free: 15 719 923 712 [15G]

 

 

Locked or 'Suspect' file(s) found...

\\?\C:\WINDOWS\System32\AITIVEDS.DLL +++ File read error

\\?\C:\WINDOWS\System32\AITIVEDS.DLL +++ File read error

 

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"AppInit_DLLs"=""

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

I really hope you (or other nice folks) can save me from this disaster.

 

Thanks tons in advance.

 

wisevlad

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0