• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
broady1214

Smart Search

11 posts in this topic

I have tried running ad-aware, Cws, spyboy s&d etc. and nothing removes it.

 

It keeps setting my homepage to Smart Search

 

This is my hijack this log

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:18:37, on 14/06/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\netdde.exe

C:\WINNT\System32\cisvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\faxsvc.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\cidaemon.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINNT\system32\ntvdm.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ben\Desktop\HijackThis.exe

 

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

O1 - Hosts: 213.159.117.235 auto.search.msn.com

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKLM\..\RunOnce: [brandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS

O4 - Startup: Resume Windows Update Installation.lnk = C:\WINNT\Windows Update Setup Files\ie6setup.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.235/buka.chm::/x.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8112.2365856481

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214

O17 - HKLM\System\CS2\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

 

 

Please could someone help

 

Ben

Share this post


Link to post
Share on other sites

Hi,

 

I am not a professional helper, but I got infected once (I am still infected) and I thing U have a couple of O16 that mustn't stay there....

 

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.235/buka.chm::/x.exe

O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab

 

 

also have a look to the main page of spyware, Mike said nothing good can came from the 016, 017 logs and another's.

 

good luck

Share this post


Link to post
Share on other sites

Broady1214

 

Do you have the latest version of CWShredder (1.59)? If not, get it and run it in Safe Mode, with no other programs running. Click Fix and let it finish.

 

If still CWS.Smartsearch reoccuring, download dllfix and unzip it to a folder (the download is a selfunzipper).

Run Start.bat by doubleclicking it.

Choose option 1 (Find All). It will produce a textfile. Post the textfile here (same topic).

_______

Wiskonst

Share this post


Link to post
Share on other sites

Wiskonst

 

I did hev the latest version of CWShredder, i ran it in safe mode ten restarted my pc but smart search kept coming up, so i ran ddlfix - here is the textfile

 

 

--==***@@@ FIND-ALL' VERSION MODIFIED -6/14 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Wed 16/06/2004

14:28

 

System Info:

 

Microsoft Windows 2000 [Version 5.00.2195]

C: "" (B499:9903) - FS:NTFS clusters:4k

Total: 9 500 164 096 [8.8G] - Free: 5 547 548 672 [5.2G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.0.2140.1 C:\WINNT\system32\notepad.exe

5.0.2140.1 C:\WINNT\notepad.exe

*Media Player version :

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q832894;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

If not file is listed than Dllfix may not Help.

in this case please post the contents of Windows.txt to the appinit

entry can be checked. You will find it in the dllfix folder after findall completes.

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

 

 

Scanning for main Hijacker:

 

 

Dllfix must have the Hijackerfiles in system32 to fix properly.

If there are no protocal keys text/html and text/plain

then dllfix may not work. This fix targets this type Hijack Entry.

that keeps reoccuring with different filenames.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

*Security settings for 'Windows' key:

 

If error than registry may need to be restored from option 4.

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

 

 

Thanks

 

Broady1214

Share this post


Link to post
Share on other sites

Broady1214

 

Run Start.bat once more.

Choose option 2 (Run Fix).

Then choose option 1 (Enter DLL name manually).

You will see the sentence: 'Enter full name and hit Enter C:\WinNT\System32\'

At the end of the sentence at the red cursor type 'KBDFNMH.DLL' (without quotes and no spaces in front of it) and hit the Enter key.

You will see a message 'Restart in 14 seconds'. Let the reboot go on.

During reboot you will see a DOS window. Folder C:\WinNT\System32 is scanned in two passes.

 

When the boot has completed please post a new Find_All (Start.bat option 1) and the log.txt you will find in the dllfix folder.

_______

Wiskonst

Share this post


Link to post
Share on other sites

Winkonst i got this far:

 

Run Start.bat once more.

Choose option 2 (Run Fix).

Then choose option 1 (Enter DLL name manually).

You will see the sentence: 'Enter full name and hit Enter C:\WinNT\System32\'

At the end of the sentence at the red cursor type 'KBDFNMH.DLL' (without quotes and no spaces in front of it) and hit the Enter key.

 

But when i hit enter it started but kept coming up with

"The system was unable to find the specified registry key or value"

 

So i ran option 1 (find all) again and this is my text file: (i dont know if that helps at all)

 

 

--==***@@@ FIND-ALL' VERSION MODIFIED -6/14 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Fri 18/06/2004

10:23

 

System Info:

 

Microsoft Windows 2000 [Version 5.00.2195]

C: "" (B499:9903) - FS:NTFS clusters:4k

Total: 9 500 164 096 [8.8G] - Free: 5 493 481 472 [5.1G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.0.2140.1 C:\WINNT\system32\notepad.exe

5.0.2140.1 C:\WINNT\notepad.exe

*Media Player version :

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q832894;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

If not file is listed than Dllfix may not Help.

in this case please post the contents of Windows.txt to the appinit

entry can be checked. You will find it in the dllfix folder after findall completes.

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

 

 

Scanning for main Hijacker:

 

 

Dllfix must have the Hijackerfiles in system32 to fix properly.

If there are no protocal keys text/html and text/plain

then dllfix may not work. This fix targets this type Hijack Entry.

that keeps reoccuring with different filenames.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

If error than registry may need to be restored from option 4.

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

 

2 - The system cannot find the file specified.

 

 

Thanks

 

Broady1214

Share this post


Link to post
Share on other sites

Broady1214

 

Can you try to find in the folder of dllfix the file manual.txt ?

If there is any text in it please post that here.

 

Could you give me the full path (drive and chain of folders) to the folder where you put dllfix?

We will continue the fix from a further point.

_______

Wiskonst

Share this post


Link to post
Share on other sites

Winskonst

 

the only text in the file manual.txt is:

 

C:\WINNT\system32\KBDFNMH.DLL

 

 

The file path to the folder is:

 

C:\Documents and Settings\Ben\Desktop\dllfix

 

Broady1214

Share this post


Link to post
Share on other sites

Broady1214

 

Download second.reg and place it in the dllfix folder.

Close all browser windows and activate second.reg by doubleclicking it.

Confirm the merge in the registry.

Then reboot.

 

During reboot you will see a DOS window and the scanning of folder C:\WinNT\System32. Report please whether you actually saw the DOS window.

 

When the boot has completed please post a new Find_All (Start.bat option 1) and the log.txt you will find in the dllfix folder.

_______

Wiskonst

Share this post


Link to post
Share on other sites

Winkonst

 

I rebooted but never actually saw the dos window.

 

i then find all and this is my log:

 

--==***@@@ FIND-ALL' VERSION MODIFIED -6/14 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Fri 18/06/2004

17:27

 

System Info:

 

Microsoft Windows 2000 [Version 5.00.2195]

C: "" (B499:9903) - FS:NTFS clusters:4k

Total: 9 500 164 096 [8.8G] - Free: 5 483 339 776 [5.1G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.0.2140.1 C:\WINNT\system32\notepad.exe

5.0.2140.1 C:\WINNT\notepad.exe

*Media Player version :

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q832894;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

If not file is listed than Dllfix may not Help.

in this case please post the contents of Windows.txt to the appinit

entry can be checked. You will find it in the dllfix folder after findall completes.

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

\\?\C:\WINNT\System32\KBDFNMH.DLL +++ File read error

 

 

Scanning for main Hijacker:

 

 

Dllfix must have the Hijackerfiles in system32 to fix properly.

If there are no protocal keys text/html and text/plain

then dllfix may not work. This fix targets this type Hijack Entry.

that keeps reoccuring with different filenames.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

If error than registry may need to be restored from option 4.

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

 

2 - The system cannot find the file specified.

 

 

This is the text in logs.txt

 

CWSDLL/Searchx Appinit Fix By Shadowwar

Version 3.02 061404

Please Do not mirror Without Permission!

I can be contacted at spywaresubmit at aol.com

Fri 18/06/2004

10:20

 

Backing up Registry Hive

 

 

Btw Thanks for your help so far

 

Broady1214

Share this post


Link to post
Share on other sites

Broady1214

 

The deletion of the file has not succeeded.

 

First fix in Hijack This:

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.235/buka.chm::/x.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

With all browser windows closed place a checkmark in front of the items and click the Fix button.

 

Download the Killbox and unzip it to a folder.

Run the Killbox.

In the box 'Paste full path of file to delete' copy and paste 'C:\WinNT\System32\KBDFNMH.DLL' (without quotes). In menu Action choose Delete on reboot. A panel called 'PendingFilerenameOperations' opens. Here in menu File choose Add File. The KBDFNMH.DLL file will be added. Now in menu Action choose 'Process and Reboot'.

When asked to reboot click OK.

 

And again please a Find_All result.

_______

Wiskonst

Edited by Wiskonst

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0