unable to run CWshredder and HJT

Discussion in 'adware, spyware & hijack cleaning' started by unsure user, Feb 28, 2004.

Thread Status:
Not open for further replies.
  1. unsure user

    unsure user Guest

    Hello,

    I'm hoping someone can help me with a problem. I have an old desktop computer (Windows 9:cool: that's about 3 years old and horribly slow. Never use it anymore. I thought I'd try to clean it up and go from there.

    I've run adaware, and the program found 460 things to remove. A LOT of junk. But when I try to run Hijackthis or CWshredder this error message pops up:

    A required .DLL file, MSVBVM60.DLL, was not found.

    Does anyone know where I can get the .DLL file? Or how to fix this?

    Thanks
     
    unsure user, Feb 28, 2004
    #1
  2. claire

    claire Guest

    http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98Me/EN-US/vbrun60sp5.exe

    HTH
     
    claire, Feb 28, 2004
    #2
  3. unsure user

    unsure user Guest

    Thanks Claire. That was the file I needed. I've run HJT, but it won't let me save the file as it appears on the log. This is the best I can do:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:23:40 AM, on 1/1/99
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\PTSNOOP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\COREL\OFFICE7\DAD7\QUICK.EXE
    C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNETFOLDER.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE
    C:\WINDOWS\WINHLP32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&pnce=&sid=12FF32C0A11711D2810F0050BAB758E6&hp=http://www.msn.com/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&sid=4E7DFFC0A3C911D280050050BAB758E6&pnce=&hp=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (obfuscated)
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 216.65.3.76 auto.search.msn.com
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSB225.TMP /R /A
    O4 - HKLM\..\Run: [Instant XXX Access] c:\Program Files\DiallerProgram\055590.exe -r
    O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - HKCU\..\Run: [li-speed00131] c:\program files\Webdialer\li-speed00131.exe -m
    O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
    O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
    O4 - Startup: Windows Startup.lnk = C:\WINDOWS\winstartup.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {7DBA2EB7-D000-8F95-11D4-56C4AF1429E2} - http://216.65.123.146/key/key.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} - http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
    O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab
     
    unsure user, Feb 28, 2004
    #3
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&pnce=&sid=12FF32C0A11711D2810F0050BAB758E6&hp=http://www.msn.com/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&sid=4E7DFFC0A3C911D280050050BAB758E6&pnce=&hp=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (obfuscated)

    O1 - Hosts: 216.65.3.76 auto.search.msn.com

    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSB225.TMP /R /A
    O4 - HKLM\..\Run: [Instant XXX Access] c:\Program Files\DiallerProgram\055590.exe -r
    O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab

    O4 - HKCU\..\Run: [li-speed00131] c:\program files\Webdialer\li-speed00131.exe -m

    O4 - Startup: Windows Startup.lnk = C:\WINDOWS\winstartup.exe
    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {7DBA2EB7-D000-8F95-11D4-56C4AF1429E2} - http://216.65.123.146/key/key.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} - http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe

    O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
    O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab

    Then reboot and delete:
    c:\Program Files\DiallerProgram <= entire folder
    C:\WINDOWS\BDE <= entire folder
    c:\program files\Webdialer <= entire folder
    C:\WINDOWS\winstartup.exe

    I could not make sure if you had already run CWShredder.
    If not, you should use the Fix button and follow the instructions provided by the program.

    Regards,

    Pieter
     
    Pieter_Arntz, Feb 28, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...