Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant do much [CLOSED]


  • This topic is locked This topic is locked

#1
True

True

    New Member

  • Member
  • Pip
  • 8 posts
When I start my computer I get an error message that says "explorer has caused an error in ctrldll.dll and explorer will close" then immediately after I get a next message that says "explorer has caused an error in ctl.dll and explorer will now close" these two messages keep cycling back and forth and I cant do anything unless I start in safe mode. Restarting doesnt help at all, Can someone PLEASE help me, I got mad school work to do.....
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
True

True

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the HIJACKTHIS.LOG

Logfile of HijackThis v1.97.7
Scan saved at 2:35:54 PM, on 08/03/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fcblhn.t.muxa.cc/s.php?aid=35 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nkvd.us/s.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fcblhn.t.muxa.cc/s.php?aid=35 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcblhn.t.muxa.cc/h.php?aid=35 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fcblhn.t.muxa.cc/s.php?aid=35 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fcblhn.t.muxa.cc/s.php?aid=35 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nkvd.us/s.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nkvd.us/s.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fcblhn.t.muxa.cc/s.php?aid=35 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://best.omega-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nkvd.us/s.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 5377608764 spywareinfo.com
O1 - Hosts: 5377608764 www.spywareinfo.com
O1 - Hosts: 5377608764 lavasoftsupport.com
O1 - Hosts: 5377608764 www.lavasoftsupport.com
O1 - Hosts: 5377608764 searchv.com
O1 - Hosts: 5377608764 www.searchv.com
O1 - Hosts: 5377608764 approvedlinks.com
O1 - Hosts: 5377608764 www.approvedlinks.com
O1 - Hosts: 5377608764 searching-the-net.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 ywebsearch.info
O1 - Hosts: 5377608764 www.ywebsearch.info
O1 - Hosts: 5377608764 ok-search.com
O1 - Hosts: 5377608764 www.ok-search.com
O1 - Hosts: 5377608764 ewebsearch.net
O1 - Hosts: 5377608764 www.ewebsearch.net
O1 - Hosts: 5377608764 www.008k.com
O1 - Hosts: 5377608764 autosearcher.com
O1 - Hosts: 5377608764 www.autosearcher.com
O1 - Hosts: 5377608764 www.smutserver.com
O1 - Hosts: 5377608764 www.smuthosts.com
O1 - Hosts: 5377608764 www.kinghost.com
O1 - Hosts: 5377608764 exit.xitcash.com
O1 - Hosts: 5377608764 www.exitforcash.com
O1 - Hosts: 5377608764 exit.sellyourexit.com
O1 - Hosts: 5377608764 sex-explorer.com
O1 - Hosts: 5377608764 www.sex-explorer.com
O1 - Hosts: 5377608764 www.online-dialer.com
O1 - Hosts: 5377608764 network.nocreditcard.com
O1 - Hosts: 5377608764 www.mtreexxx.net
O1 - Hosts: 5377608764 www.0190-dialer.com
O1 - Hosts: 5377608764 install.xxxtoolbar.com
O1 - Hosts: 5377608764 www.xxxtoolbar.com
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\PROGRA~1\TOOLBA~1\2020SE~1.DLL (file missing)
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\TASKMON.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O13 - DefaultPrefix: http://www.nkvd.us/1507/
O13 - WWW Prefix: http://www.nkvd.us/1507/
O13 - Home Prefix: http://www.nkvd.us/1507/
O13 - Mosaic Prefix: http://www.nkvd.us/1507/
O16 - DPF: {11111111-1111-1111-1100-000000000000} - mhtml:file:///C:\My%20Documents\My%20Music\Virtual%20Albums\video\video.asx!file:///ieupdate.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7874.9211342593
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial4/058729ca.exe
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Your computer has some spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

CLICK HERE to download CWShredder
CLICK HERE to download Spybot S&D
  • 0

#5
True

True

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.97.7
Scan saved at 8:47:38 PM, on 09/03/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\TASKMON.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/spa.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\PROGRA~1\TOOLBA~1\2020SE~1.DLL (file missing)
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\TASKMON.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7874.9211342593
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Looks really good, just some cleaning up to do. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/spa.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\PROGRA~1\TOOLBA~1\2020SE~1.DLL (file missing)
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin.cab

To avoid these "nasties" in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:
SpywareBlaster: http://www.javacools...areblaster.html
SpywareGuard: http://www.wildersse...ywareguard.html

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will several impair attempts to infect your system. It is free.

More info and download is available at:
IE/Spyad:
http://www.staff.uiu...es/resource.htm
  • 0

#7
True

True

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thank u so much for yor help so far I can do a little more, however I still get a ctl.dll error message. Also I run the spybot search and destroy and I do not know whether or not to delete a file called WINGAURDIAN in c:/windows/system/sys.exe. And I have problems shuting down also. Dont know what else to do...........
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
It looks like a Cool Web Shreder variant. Please try CWS Shreder again:
CLICK HERE to download CWShredder

Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.
  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP