Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need New Intell32 & PSGuard Help... [RESOLVED]


  • This topic is locked This topic is locked

#91
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
You got it :tazz:
  • 0

Advertisements


#92
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I'm back...well...I was "denied"...the first task.

It claimed concerning deletion of the original Wininet.dll...That I was deined access.

So I didn't even try the others.

Sorry to have responded so slow...the Intell32 is re-loading back into my computer...punishing me as usual...
  • 0

#93
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
noooooooooooo .... Ok give me a few
  • 0

#94
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
LOL!! Go for it...!:tazz:
  • 0

#95
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Copy everything in the box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt


Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
  • 0

#96
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Oh My GARSH!!!!!! My desktop turned red and is flashing "Danger Spayware" (Raze Spyware)

I also got an Error popup...says...

Error in C:\WINDOWS\SYSTEM\birdhuy32.DLL Missing Entry


What happened...!!!??

Here's the black box listing...Give me a minute to copy it to next post
  • 0

#97
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...here's what it says...in the black box...:

C:\WINDOWS\Desktop>dir \wininet.dll /a h /s > files.txt
Too many parameters - h

C:\WINDOWS\Desktop> start notepad files.txt

C:\WINDOWS\Desktop>
  • 0

#98
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Are you there...? Please...my desktop...how do I stop it...?
  • 0

#99
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK lets try this

Copy everything in the box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a /s > files.txt
start notepad files.txt


Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here
  • 0

#100
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Post a new hijack log too please :tazz:
  • 0

Advertisements


#101
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
run the smit.rem tool it should get your desktop back
  • 0

#102
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I'm back...during last task my computer froze and I had to reboot...give me a sec...let me run smitrem...here's the results of the "text" file that was created on my desktop:

Volume in drive C is HP_PAVILION
Volume Serial Number is 3B3A-11E7

Directory of C:\WINDOWS\Desktop

WININET DLL 583,680 08-20-05 8:30a WININET.DLL
1 file(s) 583,680 bytes

Directory of C:\WINDOWS\SYSTEM

WININET DLL 583,680 08-20-05 8:30a WININET.DLL
1 file(s) 583,680 bytes

Total files listed:
2 file(s) 1,167,360 bytes
0 dir(s) 177,049,600 bytes free
  • 0

#103
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
No...SmitRem Did not restore my desktop...and Now have other stuff corupting my computer I've never seen before...hold on for HJT log...
  • 0

#104
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:36:46 AM, on 9/4/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
  • 0

#105
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:36:46 AM, on 9/4/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP