Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need New Intell32 & PSGuard Help... [RESOLVED]


  • This topic is locked This topic is locked

#106
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Please...I've GOT to get back my desktop...I have never had this happen before...I'm like big time worried here...please big time priority...thanks a bunch!
  • 0

Advertisements


#107
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I had to run the AdAwareSE...it found a LOT more crap that must have loaded on my computer after that last task that I performed...I got rid of it in hopes of fixing my desktop...it hasn't yet...anyways...

I totally at a loss here...I'm going to try a reboot...and see what returns...the Intell32 will for sure...when I get back online...that I know...but I'm getting totally scared here now...also

I have to run to the store for coffee...I'll be right back...please...please...stay and help...if anything...the desktop...I'll be more than grateful...I will be back...give me a few minutes...thanks a bunch:)

Totenkopff
  • 0

#108
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok lets do this and try to get your desktop back

Dont be worried this is not as bad as it seems
I would advise not being on the internet much untill we get this cleaned up

Do you currently have a firewall if not get one. here is a good free one Sygate


download smitfraud.reg Save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


[/b]Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\svcnt32.exe
C:\WINDOWS\SYSTEM\birdihuy32.dll

Run the smit.rem tool


Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click [b]YES
. Wait for the "merged successfully" prompt

Reboot and tell me how it went

Post a new Hijack log
  • 0

#109
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I'm back...sorry I took so long...my computer is still re-fighting the Intell32 and now something called "svcnt32"...my desktop screwed! Anyways...I'll perform the tasks right now...thanks again...
  • 0

#110
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...I got the Smitfraud...I'll now do the tasks...I just have to wait for the Intell32/PSGuard to finish loading...or...it will continue after I try to get back online...it will be just a second...I'll be back...thanks for the help...please stay with me...:tazz:
  • 0

#111
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...hope you're still here...well...I did everything...and my desktop is still messed up...no change...here's my new log...

Please..if anything...can this be restored...? I hope so...thanks:)

Logfile of HijackThis v1.99.1
Scan saved at 3:02:20 AM, on 9/4/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
  • 0

#112
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Well...I guess you called it a night...anyways...I sincerely hope you'll continue to help me at a later time. I've really appreciated it so far. The "desktop incident" is still messed up but hopefully you can help me to repair that later on. Please
post back whenever you can...I'll be checking back very often...as I can do nothing else.

At least with my desktop back I can be a little reassured, hopefully that will be soon :tazz: ...thanks

Totenkopff
  • 0

#113
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Sorry had to go to bed

See if you can drag that current desktop off the screen. In otherwods point your cursor to the top right corner left click and hold it down then drag it down and close it


do this:
Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Check off the 2 boxes next to the Box that says "Generate StartupList log"
Click on the button "Generate StartupList log"
Copy and past the StartupList from the notebook onto your post

also post a hijack log

Edited by loophole, 04 September 2005 - 07:10 PM.

  • 0

#114
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
please do this also

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#115
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Greetings loophole, just barely got home. My effen AC is out...not good for Arizona. Luckily we just had rain yesterday so it's "a little" cooler outside tonight. And what I mean by "a little cooler" I mean...maybe 85 degrees outside tonight.
I got my fans going and everything! So I was at my girlfriends the entire evening cooling off. Anyways...

Last night, I stayed up for awhile with the help of Excedrins and/or coffee. I re-downloaded the latest version of "SpyBot S&D"...that seemed to find and eliminate what seemed to be cacking up my desktop. All appears quiet on the western front concerning that mess. I'll let you know if it returns...

I also cruised the internet trying to find out more about fixing "Wininet.dll". It seems everyone and their brother has this ridiculous infection. Some people seem to have no problem "fixing" by way of changing the name and replacing. Like what we tried to do. I'm sure it's because I have an older OS. Anyways...

I don't know if you're still on tonight at this time, so I'm leaving this post so you know I didn't split for good. I will be on and here at my pad till sun up. Then...I'm probably going to have to take off to my girlfriends pad to get some sleep. My AC won't be fixed probably till Tuesday! Because of the holiday and whatnot. So...

I'm going to try and do more research concerning Wininet.dll and if it's even remotely fixable. Though I'll wait until you get back with me for sure. Like I said, don't know if you'll see this tonight but I will be online.

I'll keep you posted on any new and/or further developments. Thanks:)

Sincerely,
Totenkopff

PS-If you still request that I complete the previous and most recent tasks, just let me know...I will immediately!
  • 0

Advertisements


#116
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi...I know you're not here, but I've still been plucking away on the internet trying to research various "Wininet.dll" fixes. There appear to many...thought NOT for Win98 (sucks!)

I DID find out though, if I had WinXP it would be easy as 1-2-3...! Figures...anyways...

I won't do anything without your consent, but I've still got to feel useful. This is why I'm still searching.

I did manage to find the following via Google...per this site: "TrendMicro"

It claims this...: (for Win98)

******Attention! NO ONE DO THE FOLLOWING!!!...It's just an example!*******

Restoring Deleted or Overwritten Files

Acquire a clean copy of the Windows file, WININET.DLL, from an installer or from a clean Windows system with the same version. Rename the copy as CLEAN.DLL and place it in the %System% folder.

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP.)

• On Windows 98 and ME

Copy and paste the following in a text editor:
[rename]
%System%\wininet.dll=%System%\clean.dll

Save the file as WININIT.INI.
Place it in the %System% folder.
---------------------------------------------------------------

Then...apparently after restart...TA-DA!!!!...it's supposed to "magically" replace the corrupted DLL...

Oh, by the way...I hope I'm not stepping on your toes here by posting this...I DO NOT think I know more than you...I'm just so freakin desperate and at my wits end...I'm really starting to think about just going ahead and purchasing some kick-[bleep] software that will fix this stuff for me. So we can all get on with our lives! LOL

The above task looks quite similar to what we tried before, though I can't be sure. Y'know, right before my Desktop exploded?! If I crossed the line by posting an example, please let me know. I'm just trying to help you, help me...help myself...I think.

Oh, I also viewed the properties concerning my "Wininet.dll". The corrupted one in the System folder. It apparently has quite a few dependencies. I tried to copy and paste them for you but it wouldn't let me. I WILL copy them by hand no problem if you request. If it ends up being relevant.

From the research I've done since last night, it appears a lot of people have really screwed up their internet conections by messing with this particular dll. One person with Win98 managed to somehow "update" their IE which enabled them to fix the Wininet.dll. Only thing is, they now had a host of whole new problems concerning their IE and how things were running elsewhere on their computer.

Also, it seems many have ended up simply deleting their Wininet.dll somehow through the course of "fixing" and then can't get it back. Save recovery via a Win98 disc, which I don't have.

I'm sure you know all this but the more I search, the more amazed I get at just how many people are struggling with this cursed dll!

Ok, sorry to ramble on. Just needed something to do until I can get some new tasks to perform. If I find anything of interest, I'll let you know. If I just need to shut up and let you work your magic, then let ME know:)

Thanks again, sincerely...

Totenkopff

PS- Oh yeah...I had an idea due to something I found out online. I noticed that WinXP has something called a "cache.dll" in it's system folder somewhere. Or something similar. Apparently, when one with WinXP uses "SmitRem"...it will fix the dll by using the cache folder. I believe this folder stores dll's and this is where SmitRem replaces them from. I saw a WinXP user's SmitRem log and it was fixed in this manner...seemingly automatically by SmitRem.

Couldn't we create one (cache.dll folder) for my system? And just put it in MY system folder? Or System32 folder? Would SmitRem recognize this...use it...and then fix it? Or is it just me and my wishful/desperate ideas?

Just thought I'd run this past you:)
  • 0

#117
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...back yet again with an update...

I found ANOTHER Wininet.dll fix for Win98...

These particular postings were very thorough and quite concise. And apparently they worked perfectly. The Wininet.dll WAS effectively replaced with a clean one no problem. They claimed to have simply downloaded a clean version from:

http://www.dll-files.com/

Here are my findings: (*for loophole ONLY*)

****ATTENTION!!! THIS IS ONLY AN EXAMPLE...DO NOT PERFORM!!!****


Post from 8-28-05 Via- forum.grisoft.cz (AVG)
----------------------------------------

First... rename the file you downloaded to WININET.NEW... now copy that file to C:\WINDOWS\SYSTEM folder. Now instead of restarting your computer in Safe Mode... select instead Command Prompt... and do the following.

CD\WINDOWS\SYSTEM [ENTER]
REN WININET.DLL *.BCK [ENTER]
REN WININET.NEW *.DLL [ENTER]

Now Restart.

> and this line -> REN WININET.DLL *.BCK
> there must be a space between the L and the * ,
> right?

Yes... there is a space there.
----------------------------------------

Ok, hope I didn't tick you off yet again with my "researching on my own" stuff. It's just that I'm taking off from here soon and won't have internet access until much later tonight or tomorrow morning more likely. In any event, I won't perform these or ANYTHING else until you have authorized me to do so.

If you would rather have the exact addresses as to where I got this info...let me know. I will post them at your request. Looking forward to hearing from you again:)

Thanks Sincerely, as always...

Totenkopff

PS- Just so you know, I'm not recieving help via any other site or technician. I'm just cruising "Google" and finding what I find.
  • 0

#118
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Nope sure didn't tick me off.....lol actually I was working on similar instructons for you. We need to make sure everything else is off the computer before we do this though Go ahead and do this (I know intell will punish you) but it needs to be done

Can you please Private message me that link also

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#119
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok, thanks a bunch! I downloaded what you asked and will perform the tasks when I go offline. I will then return and post the logs per your request.

I also sent off the links you requested...if they don't work...let me know and I'll resend them pronto!

Thanks again...!
  • 0

#120
totenkopff

totenkopff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Ok...got the logs. Here they are. The task didn't seem to effect the PSGuard or Intell32 stuff that I can see. So I was able to get back online ok. Thanks again, I will await further instructions...:tazz:
-------------------------------------------


Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:


************

Registry entries found:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 4:38:30 AM, on 9/6/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP