Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

DKH8888

4 Posts

8907

October 24th, 2004 20:00

RUNDLL ERROR: error loading C:\PROGRA~1\INTERN~2\inetkw.dll

Hello, I have had a Rundll errror (error loading C:\PROGRA~1\INTERN~2\inetkw.dll)  for a while and need help to get rid of it.  I have done as you suggested below (ran both Adaware and Spybot after updating both) and the problem is still there so I have copied my logfile from HijackThis below.
Any help would be greatly appreciated.
Thanks.
 
Logfile of HijackThis v1.98.2
Scan saved at 5:01:33 PM, on 10/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\Program Files\System Soap Pro\hhhh.exe
C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DOUG HITE\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [80237978.exe] C:\WINDOWS\System32\80237978.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\NjqM9Y44.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [ie4uiniut.exe] C:\WINDOWS\System32\ie4uiniut.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [sQxbNxmL] C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe
O4 - HKLM\..\Run: [qekxfk] C:\WINDOWS\System32\qwpecauz.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [4KA6FLQ3XA9NMJ] C:\WINDOWS\System32\Grxe.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\hhhh.exe min
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20ef9bb11f6aeab3b421/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146
 

Midnight Star

4.8K Posts

October 24th, 2004 22:00

DKH8888,
 
First, i'd recommend moving HiJackThis to it's own folder. When backups are created, they might appear on your desktop.
 
 
First, It appears your pc has a peper infection. We need to go to this site, and follow the instructions provided. Be patient, it might take several attempts to completely fix this problem.
 
O4 - HKLM\..\Run: [4KA6FLQ3XA9NMJ] C:\WINDOWS\System32\Grxe.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\NjqM9Y44.exe
 
Just for reference, the entry(s) above, represent the peper infection.
 
 
Next, Go to www.trendmicro.com, then click " Free Online Scan".It'll take awhile to download, so be patient. After if done, select all available drive, then begin scanning.
 
 
Next, use " Add/Remove programs" to look for, and uninstall (remove) the following entry(s):
 
  • MyWebSearch
  • AdvSearch or AdvanceSearch
  • CommonSearch (VCatch...)
  • HelpExpress
Look for entry(s) with 'search' in the name. Be careful not to remove any system software or 'hot' fixes. If your not sure about any entry(s), just post them back.
 
 
Run HiJackThis, Click " Scan", the check (tick) the following entry(s), if present:
 

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
(This won't be here if you've previously uninstalled 'MyWebSearch'.)
 
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
(This won't be here if you've previously uninstalled 'AdvSearch'.)
 
C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe
C:\Program Files\System Soap Pro\hhhh.exe
 
C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE
(This won't be here if you've previously uninstalled 'CommonSearch' (Vcatch).)
 
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
(Orphaned entries)
 
O4 - HKLM\..\Run: [80237978.exe] C:\WINDOWS\System32\80237978.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\NjqM9Y44.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
(This won't be here if you've previously uninstalled 'HelpExpress'.)
 
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
(These won't be here if you've previously uninstalled 'MyWebSearch'.)
 
O4 - HKLM\..\Run: [ie4uiniut.exe] C:\WINDOWS\System32\ie4uiniut.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
(This won't be here if you've previously uninstalled 'AdvSearch'.)

O4 - HKLM\..\Run: [sQxbNxmL] C:\documents and settings\doug hite\local settings\temp\sQxbNxmL.exe
O4 - HKLM\..\Run: [qekxfk] C:\WINDOWS\System32\qwpecauz.exe
O4 - HKLM\..\Run: [4KA6FLQ3XA9NMJ] C:\WINDOWS\System32\Grxe.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\hhhh.exe min
O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCATCH.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20ef9bb11f6aeab3b421/netzip/RdxIE601.cab
(Netster)
 

Now, with all windows closed, except HiJackThis, click " Fix checked". Close the HiJackThis window.
Reboot your computer normally.
 
 
Next, locate and delete these item(s), if present. Be sure your able to view hidden and system files:
 
[folder] "C:\Program Files\ System Soap Pro" ( be sure to include the quotations, if your not using "Windows Explorer".)
 
 
When that's completed, post back a new log and we'll see if we've gotten everything.
 
Mike.

ChrisRLG

2 Intern

 • 

3.9K Posts

October 25th, 2004 11:00

Add these to the removal list - malware :-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

DKH8888

4 Posts

October 25th, 2004 18:00

Hello and thanks for the help but I am still experiencing this recurring Rundll error.  I have done as

you suggested but ran into some issues.  First, I found no pepper files, second, when trying to delete

the My Web Search popular screen savers file from  'Add/Remove'  programs I get this Rundll message: 

'error loading C:\Progra~1\myweb~1\bar\1.bin\nwsbar.dll.   I did find several unremovable virus's from

the Virus program (sorry, I did not copy the file but will if needed)..  I re-ran and fixed the specified files in my HijackThis log and have posted a new

logfile, however, I still show one that I checked to fix listed:  04 -hklm\..Run [inetmgr] C:\Progra~1\INTERN~2\inetmgr.exe.

Thanks again.

Logfile of HijackThis v1.98.2
Scan saved at 2:55:05 PM, on 10/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146

 

jamez kann

2 Intern

 • 

860 Posts

October 26th, 2004 16:00

Midnight Star

4.8K Posts

October 27th, 2004 02:00

DKH8888,
 
Ok, let's see if we can find these two. First, download, install and run " Process Explorer" from  SysInternals.
 
Expand the window to it's fullest view and click on the " Process" header to alphabetize the entries. How many " RunDll32" entry(s) do you have?
 
When you find them, double-click on each entry to bring up it's " Properties" window and look for the missing dll file name(s) in the command line. When you find them, look at " Parent", to see who 'spawned' this process (entry).
 
Post back the results.
 
Mike.
 

Midnight Star

4.8K Posts

October 27th, 2004 03:00

DKH8888,
 
I'd uninstall AdAware 6.0 and replace it with AdAware SE Personal. It allows for more, like finding ADS stuff,  and Add-On capabilities.
 
You also have a few more entry(s) to fix reguarding MyWebSearch:
 
Reboot into " Safe Mode".
 
 
Run HiJackThis, then check (tick) these entry(s), if present:
 
 
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
 
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
 
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
(I'm not sure if this is related to it as well, but if you don't use of need this, have HJT fix it.)
 
 
Now, with all windows closed (except HijackThis), click 'Fix checked'.
 
 
Look for and delete these entry(s), if present. Make sure you can view hidden and system files:
 
[folder]  C:\Program Files\ MyWebSearch
 
Flush your temporary folders, and temporary internet files (including offline content); use " Disk Cleanup", if you want.
 
 
Post a new log and i'll see if we've gotten it.
 
Mike.
 

DKH8888

4 Posts

October 29th, 2004 18:00

Thanks again.  I believe this fixed my problem.  I know longer have the recurring rundll errors.  It appears

the Adaware Personal SE edition fixed it.  I also removed the items listed and I am posting a new

logfile just in case there is something I missed but I have not seen any more errors.

Thanks.

 

Logfile of HijackThis v1.98.2
Scan saved at 3:06:07 PM, on 10/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146

 

Midnight Star

4.8K Posts

October 29th, 2004 23:00

DKH8888,
 
That's looking real good!, we just one entry left:
 
Reboot your computer into " Safe Mode".
 
 
Run HiJackThis, click " Scan", then check (tick) the following entry(s), if present:
 
 
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
 
 
Now, with all windows closed except HiJackThis, click " Fix checked".
 
 
Locate and delete the following item(s), if present. Make sure you can view hidden and system files.
 
C:\PROGRA~1\INTERN~2\inetmgr.exe
 
Reboot your computer normally.
 
 
Post back one more log.
 
Mike.
 

DKH8888

4 Posts

October 30th, 2004 19:00

I ran HijackThis again and fixed the 04 - HKLM\..\Run [intetmgr] C:\Progra~1\Intern~2.......entry.
I found no further files with C:\Progra~1\Intern~1....  I re-ran HijackThis and here is my logfile.
Thanks again.
 
Logfile of HijackThis v1.98.2
Scan saved at 4:18:56 PM, on 10/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0c\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\America Online 8.0c\aol.exe
C:\Program Files\America Online 8.0c\waol.exe
C:\Program Files\America Online 8.0c\aolwbspd.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\CCWasher\washidx.exe "DOUG HITE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\CCWasher\washidx.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C0A7BB-01D1-45FC-B74A-621B126F7A8C}: NameServer = 205.188.146.146
 
 

Midnight Star

4.8K Posts

October 30th, 2004 21:00

DHK8888,
 
That log look good to me. Good work!
 
You might also want to remove this entry. The file name is valid, however, the path isn't; I missed that one on the last pass.
 
 
Run HiJackThis, click " Scan", then check the following entry(s), if present:
 
 
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe

 
Now, with all windows closed, except HiJackThis, click " Fix checked".
 
 
If you have anymore problems, just post back. Otherwise, your good to go!
 
Mike.
 

Was this post helpful?

View All

0 events found

No Events found!

Top