Jump to content


Photo

cws.searchx (always return) plz help


  • Please log in to reply
7 replies to this topic

#1 needhelp99

needhelp99

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 June 2004 - 12:47 AM

I have used cwshredder and hijack this, to remove cws.searchx,
i have follow the guides lines provide in reading the other posting with similar problems.

i can (i think) get a clean machine, and it remain clean for a few restart of the computer , but after a few days it return with another name for the culprit dll
:scratchhead:

following is the hijack this log PLZ TELL ME IF ITS CLEAN OR HOW TO CLEAN IT

Logfile of HijackThis v1.97.7
Scan saved at 02:16:22, on 04-06-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\ASSTCOMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MIRC\MIRC32.EXE
C:\IE0SETUP\HIJACKTHIS.EXE
C:\IE0SETUP\CWSHREDDER.EXE
C:\WINDOWS\NOTEPAD.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\blackd.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: Search Using Copernic - Search Extension.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)



-------------------------------------

hijack this start up list

StartupList report, 04-06-01, 02:14:04
StartupList version: 1.52
Started from : C:\IE0SETUP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.00 (5.00.2614.3500)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\ASSTCOMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MIRC\MIRC32.EXE
C:\IE0SETUP\HIJACKTHIS.EXE
C:\IE0SETUP\CWSHREDDER.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
bpcpost.exe = C:\WINDOWS\SYSTEM\bpcpost.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TIPS = C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
POINTER = C:\PROGRA~1\MICROS~2\point32.exe
InstantAccess = C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
internat.exe = internat.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Motive SmartBridge = C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
ICSMGR = ICSMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
LoadBlackD = C:\Program Files\Network ICE\BlackICE\blackd.exe
NVSvc = C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/5/2004, 2:24:34)

[Rename]
C:\WINDOWS\SYSTEM\IMAGEHAwhllI=C:\WINDOWS\SYSTEM\SFC8201.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
keyb cf,,C:\WINDOWS\COMMAND\keybrd2.sys
SET PATH=C:\PROGRA~1\CCS\PCW;d:\PROGRA~1\BORLAND\CBUILD~1\BIN;d:\PROGRA~1\BORLAND\CBUILD~1\PROJECTS\BPL;C:\Program Files\Common Files\InstallShield\;d:\PROGRA~1\BORLAND\DELPHI5\BIN;d:\PROGRA~1\BORLAND\VBROKER\BIN;d:\PROGRA~1\BORLAND\VBROKER\JRE\BIN;d:\PROGRA~1\BORLAND\DELPHI5\PROJECTS\BPL
SET PCINCLUDE=C:\Program Files\CCS\PCW\Examples
set PATH=d:\Inprise\vbroker\bin;%PATH%
SET VBROKERDIR=d:\Inprise\vbroker
SET EnvironmentVariable=%EnvironmentVariable%;D:\Program Files\InstallShield\InstallShield Express 3.0\Redist\
SET CLASSPATH=d:\PROGRA~1\BORLAND\VBROKER\lib\vbcpp.jar

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 5367 bytes
Report generated in 0.046 seconds



:love:
Thanks in advance of any help you can provide, i really need, i dont know what to do next.
:weep:

#2 needhelp99

needhelp99

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 June 2004 - 02:04 AM

:weep:
the spy ware as return

Logfile of HijackThis v1.97.7
Scan saved at 03:51:30, on 04-06-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\ASSTCOMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\IE0SETUP\CWSHREDDER.EXE
C:\IE0SETUP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\DJNEMA.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {B93B0FE1-B379-11D8-B6DB-00502F1DD1F1} - C:\WINDOWS\SYSTEM\DJNEMA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\blackd.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: Search Using Copernic - Search Extension.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

------------------------------------

StartupList report, 04-06-01, 03:55:33
StartupList version: 1.52
Started from : C:\IE0SETUP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.00 (5.00.2614.3500)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\ASSTCOMMON\MOTIVEDIRECTORY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\IE0SETUP\CWSHREDDER.EXE
C:\IE0SETUP\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
bpcpost.exe = C:\WINDOWS\SYSTEM\bpcpost.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TIPS = C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
POINTER = C:\PROGRA~1\MICROS~2\point32.exe
InstantAccess = C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
internat.exe = internat.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Motive SmartBridge = C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
ICSMGR = ICSMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
LoadBlackD = C:\Program Files\Network ICE\BlackICE\blackd.exe
NVSvc = C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/5/2004, 2:24:34)

[Rename]
C:\WINDOWS\SYSTEM\IMAGEHAwhllI=C:\WINDOWS\SYSTEM\SFC8201.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
keyb cf,,C:\WINDOWS\COMMAND\keybrd2.sys
SET PATH=C:\PROGRA~1\CCS\PCW;d:\PROGRA~1\BORLAND\CBUILD~1\BIN;d:\PROGRA~1\BORLAND\CBUILD~1\PROJECTS\BPL;C:\Program Files\Common Files\InstallShield\;d:\PROGRA~1\BORLAND\DELPHI5\BIN;d:\PROGRA~1\BORLAND\VBROKER\BIN;d:\PROGRA~1\BORLAND\VBROKER\JRE\BIN;d:\PROGRA~1\BORLAND\DELPHI5\PROJECTS\BPL
SET PCINCLUDE=C:\Program Files\CCS\PCW\Examples
set PATH=d:\Inprise\vbroker\bin;%PATH%
SET VBROKERDIR=d:\Inprise\vbroker
SET EnvironmentVariable=%EnvironmentVariable%;D:\Program Files\InstallShield\InstallShield Express 3.0\Redist\
SET CLASSPATH=d:\PROGRA~1\BORLAND\VBROKER\lib\vbcpp.jar

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\SYSTEM\DJNEMA.DLL - {B93B0FE1-B379-11D8-B6DB-00502F1DD1F1}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 5489 bytes
Report generated in 0.051 seconds

#3 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 01 June 2004 - 06:49 AM

Hello

Lets see if we can sort this out for you :oops:

Download: "StartDreck", from here
Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)
Post the log in this thread.

{edit to amend the download location}

Edited by nellie2, 01 June 2004 - 06:55 AM.


#4 needhelp99

needhelp99

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 June 2004 - 02:35 PM

Hello Nellie2, thks for helping! :cool:

#1
Notes: Just some notes so you have a full picture of the problem
a) i just check using HijackThis, CWShredder,Ad-aware 6 and all seem clean
b) i cannot download from some sites (to download ad_aware i had to use netscape)
and about the time i tried to download ad_aware with internet explorer my fire
wall report that a computer with my computer name try to do a TCP port scan
c) i cannot use microsoft update: when its suppose to scan my computer for needed updates; it do nothing
d) i cannot install internet explorer 6, when i try to, it say some component cant install (even if all
i ask is minimum install)

#2
i tried to download startdreck.zip, the link is not working i am redirect to:
http://www.100free.com/404.html (so it seem i am in problem)

#3 then i copy link location, paste it in adress bar and can then download startdreck.zip from freeatlast


#4 unzip and run startdreck per your instructions and now paste log

StartDreck (build 2.1.5 public BETA) - 2004-06-01 @ 15:50:04
Platform: Windows 98 SE (Win 4.10.2222 A)

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*bpcpost.exe=C:\WINDOWS\SYSTEM\bpcpost.exe
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*TIPS=C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
*POINTER=C:\PROGRA~1\MICROS~2\point32.exe
*InstantAccess=C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
*RegisterDropHandler=C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
*mdac_runonce=C:\WINDOWS\SYSTEM\runonce.exe
*internat.exe=internat.exe
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*Motive SmartBridge=C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
*ICSMGR=ICSMGR.EXE
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*RegisterDropHandler=C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
*LoadBlackD=C:\Program Files\Network ICE\BlackICE\blackd.exe
*NVSvc=C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
舞unServicesOnce
**e=rundll32 C:\WINDOWS\SYSTEM\HLP.DLL,StreamingDeviceSetup
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
*FFEF370D=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF76D1=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF7FC5=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFF7B45=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFF6CA1=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFFD835=C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
*FFFE2649=C:\WINDOWS\SYSTEM\NVSVC.EXE
*FFFE6885=C:\WINDOWS\RUNDLL32.EXE
*FFFEBFB1=C:\WINDOWS\EXPLORER.EXE
*FFFD06E1=C:\WINDOWS\TASKMON.EXE
*FFFD5239=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFDABA1=C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
*FFFCCA99=C:\WINDOWS\SYSTEM\INTERNAT.EXE
*FFFBF78D=C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
*FFFC0249=C:\WINDOWS\SYSTEM\ICSMGR.EXE
*FFFDD3FD=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
*FFFDA015=C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
*FFFA7E51=C:\WINDOWS\SYSTEM\MSWHEEL.EXE
*FFFA7221=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFF925B9=C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
*FFFFE659=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*FFF89C0D=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFF81139=C:\WINDOWS\NOTEPAD.EXE
*FFFB1AD5=C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
*FFFBB255=C:\IE0SETUP\STARTDRECK\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#5 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 01 June 2004 - 04:02 PM

ok.. I'm afraid I need you to download another application. :cool:

Download: "Win98Fix.zip" from here:
http://www10.brinkst...last/pvtool.htm
Unzip to its own folder.
Open Folder and double click on RunFix.reg file.
Hit 'Yes' to merge it into your registry.
Restart your computer.
The bad file should now be visible so you can delete it.
Browse to HLP.DLL <----- bad file
Right click select 'Properties' and remove any 'Read only' protection.
Right click again and select 'Delete'.
(If you cannot find the file, run the 'Who.bat' file in the folder.
The file will be found and listed.)

This process will eliminate the bad dll that is re-infecting you, but you now need to run CWShredder and Adaware to clean up the rest of the hijack.

Post a fresh hijack log when done, after a reboot.

Edited by nellie2, 01 June 2004 - 04:04 PM.


#6 needhelp99

needhelp99

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 June 2004 - 08:44 PM

Hello Nellie2, thks for helping! :cool:


I have done per your instructions, found and deleted hlp.dll, run CWShredder and Adaware and reboot.


To see if i have improve my fonctionnality:
a) i have try again to clic on "here" to download "StartDreck", it dont work, but if i paste in adressbar the link, it work :hmmm:

b) i have try again to down load Ad-aware from CNET with internet explorer : Now it work ! :cool:

c) i tried to install internet explorer 6 from a cd,: Now it work ! I USE NOW INTERNET EXPLORER 6 :cool:

d) i tried to use microsoft update to find and install critical updates: still dont work
WHEN I CLICK SCAN FOR UPDATE NOTHING IS DONE :scratchhead:

:question: can you plz tell me how to restore my fonctionality of microsoft update (may be some configuration in internet explorer should be set or registry key?) it would be really helpfull. ;)


Note: before doing your instructions when i was starting in safe mode a file GLB1A2B.EXE (161 kb) was create in c:/windows/temp
it was an installation file. Now it is not generate anymore ! :cool:



Now the new log:

Logfile of HijackThis v1.97.7
Scan saved at 22:13:30, on 04-06-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\IE0SETUP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.sympatico.ca/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\blackd.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: Search Using Copernic - Search Extension.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB


-------------------------------

StartupList report, 04-06-01, 22:15:34
StartupList version: 1.52
Started from : C:\IE0SETUP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\IE0SETUP\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
bpcpost.exe = C:\WINDOWS\SYSTEM\bpcpost.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TIPS = C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
POINTER = C:\PROGRA~1\MICROS~2\point32.exe
InstantAccess = C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
internat.exe = internat.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Motive SmartBridge = C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
ICSMGR = ICSMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
LoadBlackD = C:\Program Files\Network ICE\BlackICE\blackd.exe
NVSvc = C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 1/6/2004, 21:17:8)

[Rename]
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SET1B1.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLA.DLL
C:\WINDOWS\SYSTEM\MSXMLR.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLR.DLL
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML.DLL
C:\WINDOWS\SYSTEM\MSXML3R.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3R.DLL
C:\WINDOWS\SYSTEM\MSXML3A.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3A.DLL
C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\JSCRIPT.DLL
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PLUGIN.OCX
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSHTMLED.DLL
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSHTML.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\SHDOCLC.DLL
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM391.TMP
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM392.TMP
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM393.TMP
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM394.TMP
C:\WINDOWS\SYSTEM\CRYPT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM0395.TMP
C:\WINDOWS\SYSTEM\WINTRUST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM3A1.TMP
C:\WINDOWS\SYSTEM\RSABASE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM3A3.TMP
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM03A4.TMP
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM3B0.TMP
C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM03B1.TMP
C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM03B2.TMP
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SET1085.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
keyb cf,,C:\WINDOWS\COMMAND\keybrd2.sys
SET PATH=C:\PROGRA~1\CCS\PCW;d:\PROGRA~1\BORLAND\CBUILD~1\BIN;d:\PROGRA~1\BORLAND\CBUILD~1\PROJECTS\BPL;C:\Program Files\Common Files\InstallShield\;d:\PROGRA~1\BORLAND\DELPHI5\BIN;d:\PROGRA~1\BORLAND\VBROKER\BIN;d:\PROGRA~1\BORLAND\VBROKER\JRE\BIN;d:\PROGRA~1\BORLAND\DELPHI5\PROJECTS\BPL
SET PCINCLUDE=C:\Program Files\CCS\PCW\Examples
set PATH=d:\Inprise\vbroker\bin;%PATH%
SET VBROKERDIR=d:\Inprise\vbroker
SET EnvironmentVariable=%EnvironmentVariable%;D:\Program Files\InstallShield\InstallShield Express 3.0\Redist\
SET CLASSPATH=d:\PROGRA~1\BORLAND\VBROKER\lib\vbcpp.jar

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DoomCln Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DOOMCLN.DLL
CODEBASE = http://www.microsoft...ols/DoomCln.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 8523 bytes
Report generated in 0.076 seconds

#7 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 02 June 2004 - 01:37 PM

Your logfile looks clean now!

don't worry about the problems you have when you click on the link I gave you, the same things happen to me when I click on it! :huh:

As far as your update problem is concerned, see if this Microsoft article is any help.

http://support.micro....com/?id=319585

#8 needhelp99

needhelp99

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 June 2004 - 09:46 PM

Hello Nellie2,

I offer you Nellie2 and to all helpers in this forum my warmest thanks :love: , i know that your all
doing it volontary. Its really nice to have a place like this forum to find help.

To bad i dont have the know how to participate in this forum to help others.


Now my computer is clean, and by reading the forum i know a little more how to prevent
that infection to appen again. :cool:



P.S. My window update "SCAN FOR UPDATE" still dont work , probably some missing file or registry. At some later time ill take time to make a clean window reinstall. In the mean time i can get updates with the download microsoft page and chose manually what i want.


Thanks again, i really apreciate the helping.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button