unable to run CWshredder and HJT

Discussion in 'adware, spyware & hijack cleaning' started by unsure user, Feb 28, 2004.

Thread Status:
Not open for further replies.
  1. unsure user

    unsure user Guest

    Hello,

    I'm hoping someone can help me with a problem. I have an old desktop computer (Windows 9:cool: that's about 3 years old and horribly slow. Never use it anymore. I thought I'd try to clean it up and go from there.

    I've run adaware, and the program found 460 things to remove. A LOT of junk. But when I try to run Hijackthis or CWshredder this error message pops up:

    A required .DLL file, MSVBVM60.DLL, was not found.

    Does anyone know where I can get the .DLL file? Or how to fix this?

    Thanks
     
  2. claire

    claire Guest

    http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98Me/EN-US/vbrun60sp5.exe

    HTH
     
  3. unsure user

    unsure user Guest

    Thanks Claire. That was the file I needed. I've run HJT, but it won't let me save the file as it appears on the log. This is the best I can do:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:23:40 AM, on 1/1/99
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\PTSNOOP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\COREL\OFFICE7\DAD7\QUICK.EXE
    C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNETFOLDER.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE
    C:\WINDOWS\WINHLP32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&pnce=&sid=12FF32C0A11711D2810F0050BAB758E6&hp=http://www.msn.com/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&sid=4E7DFFC0A3C911D280050050BAB758E6&pnce=&hp=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (obfuscated)
    F1 - win.ini: load=ptsnoop.exe
    O1 - Hosts: 216.65.3.76 auto.search.msn.com
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSB225.TMP /R /A
    O4 - HKLM\..\Run: [Instant XXX Access] c:\Program Files\DiallerProgram\055590.exe -r
    O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - HKCU\..\Run: [li-speed00131] c:\program files\Webdialer\li-speed00131.exe -m
    O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
    O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
    O4 - Startup: Windows Startup.lnk = C:\WINDOWS\winstartup.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {7DBA2EB7-D000-8F95-11D4-56C4AF1429E2} - http://216.65.123.146/key/key.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} - http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
    O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&pnce=&sid=12FF32C0A11711D2810F0050BAB758E6&hp=http://www.msn.com/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gohip.com/browser/?pid=AAAAAAAAAAAAFA&ence=&sid=4E7DFFC0A3C911D280050050BAB758E6&pnce=&hp=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (obfuscated)

    O1 - Hosts: 216.65.3.76 auto.search.msn.com

    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSB225.TMP /R /A
    O4 - HKLM\..\Run: [Instant XXX Access] c:\Program Files\DiallerProgram\055590.exe -r
    O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab

    O4 - HKCU\..\Run: [li-speed00131] c:\program files\Webdialer\li-speed00131.exe -m

    O4 - Startup: Windows Startup.lnk = C:\WINDOWS\winstartup.exe
    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {7DBA2EB7-D000-8F95-11D4-56C4AF1429E2} - http://216.65.123.146/key/key.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} - http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe

    O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://new.tnc4u.com/MCInst.cab
    O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab

    Then reboot and delete:
    c:\Program Files\DiallerProgram <= entire folder
    C:\WINDOWS\BDE <= entire folder
    c:\program files\Webdialer <= entire folder
    C:\WINDOWS\winstartup.exe

    I could not make sure if you had already run CWShredder.
    If not, you should use the Fix button and follow the instructions provided by the program.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.