| reply to weeirdo
Re: cant get rid of CWS.Searchx Is ctll.dll the problem in each case?
I have the same issue with searchx as you guys discussed, need to solve it too.
When I run a file search it doesn't some up. |
|
 ZupePremium,MVM
join:2001-11-29
New York, NY | The file differs each time, please follow the instructions I gave above and post the result log from running Find All.bat together with a Hijack This log in a new thread.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? |
|
|
|
| I did what you said...ran the find all program and here is my output.txt file...... I have the same problem...cannot get read of the searchx problem
here it is...
--==***@@@ FIND-ALL' VERSION 5.2 -5/18 @@@***==--
Thu May 20 11:32:02 2004 -- Results:
*System Info:
Microsoft Windows XP [Version 5.1.2600]
C: "" (18E8:F26C) - FS:NTFS clusters:4k
Total: 39 974 858 752 [37G] - Free: 1 380 417 536 [1.3G]
*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q328970;Q324929;Q810847;Q813951;Q818529;Q822925;Q330994;Q828750;Q82 4145;Q832894;Q837009;Q831167;
*Google Toolbar version and Attributes:
Defaults: "A" ;"R"
Path not found - C:\Program Files\google
Path not found - C:\Program Files\google
*UserAgent:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
*Wmplayer version:
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe
6.4.9.1125 C:\Program Files\Windows Media Player\mplayer2.exe
*M$Java version:
5.0.3810.0 C:\WINDOWS\System32\msjava.dll
*PC uptime:
11:32am up 0 days, 3:23
*Locked or 'Suspect' file(s) found...
\\?\C:\WINDOWS\System32\WINLFCE.DLL +++ File read error
\\?\C:\WINDOWS\System32\WINLFCE.DLL +++ File read error
*List of top level windows:
HWND PID PRIO TITLE
30136 424 norm TF_FloatingLangBar_WndTitle
200f0 424 norm CiceroUIWndFrame
1203a2 436 norm SysFader
300b8 436 norm Start Menu
1b014e 436 norm _Shell_TrayWnd
140300 436 norm SysFader
1c028a 2732 norm SysFader
e0158 3816 norm SysFader
a009c 3588 norm SysFader
290294 2512 norm SysFader
300e2 960 norm P2P Networking Update
10028 612 high NetDDE Agent
1201e0 2732 norm broadband » Forums » Security » cant get rid of CWS.Searchx - Microsoft Interne
b0352 3368 norm C:\WINDOWS\System32\cmd.exe
18035e 436 norm Find-All
d0362 436 norm DDE Server Window
602d8 436 norm finall
1f01f4 436 norm Timer
18016c 3816 norm Google - Microsoft Internet Explorer
d00d4 3588 norm Merijn.org - Microsoft Internet Explorer
d018e 2512 norm Merijn.org - Microsoft Internet Explorer
903e0 436 norm DDE Server Window
c03c4 2732 norm MCI command handling window
b0172 3816 norm CompanionIEThreadWindow
a03f0 2732 norm CompanionIEThreadWindow
a032c 2512 norm CompanionIEThreadWindow
c01a4 3588 norm CompanionIEThreadWindow
d03f6 2732 norm DDE Server Window
1301bc 3816 norm DDE Server Window
19015a 3588 norm DDE Server Window
700a6 436 norm MCI command handling window
40044 436 norm MS_WebcheckMonitor
200a0 436 norm Connections Tray
20098 436 norm Power Meter
e03d4 2512 norm MCI command handling window
60322 2512 norm DDE Server Window
100106 3588 norm MCI command handling window
1e0220 3588 norm DDE Server Window
10023e 3596 norm EchoPortManagerWnd
7041a 3596 norm MSNMSGRPassportLogin
f048c 3596 norm MSBLNetConn
d049e 3596 norm DDE Server Window
302ae 3472 norm MSBLNetConn
20276 3472 norm ActiveMovie Window
20272 3472 norm ActiveMovie Window
20262 3472 norm MSP PNP Notification Window
2027c 3472 norm CRTCClient
20256 3472 norm CRTCIMService
2022c 3472 norm DDE Server Window
40066 960 norm P2PNet008
20138 224 norm d0
100f8 224 norm QTPlayer Tray Icon
100ec 228 norm Notification Wnd for RNAdmin
100f4 240 norm Symantec AntiVirus Corporate Edition
100e8 388 norm ACMonitor_X84-X85
30050 1672 norm DEVLDR
10080 1528 norm VPIPCLINK
10084 1528 norm ACTION
10088 1528 norm Scan
1007a 1272 norm LEXLMPM
10078 1600 norm NVSVCPMMWindowClass
6004e 436 norm Program Manager
170118 436 norm M
220120 436 norm Default IME
1a01fe 3596 norm M
17014c 3596 norm Default IME
10168 960 norm M
20154 960 norm Default IME
150250 2732 norm M
1901e8 2732 norm Default IME
1012e 424 norm Default IME
1b0308 436 norm M
a031c 436 norm Default IME
50314 436 norm M
702d2 436 norm Default IME
1b01dc 3816 norm M
190290 3816 norm Default IME
1c0162 3588 norm M
1201ae 3588 norm Default IME
1901b4 2512 norm M
70186 2512 norm Default IME
31039e 2732 norm Default IME
1b01fc 3816 norm Default IME
100382 2732 norm Default IME
803be 2512 norm Default IME
e0252 3588 norm Default IME
190230 3588 norm M
f0232 3588 norm Default IME
a00d0 436 norm Default IME
20094 436 norm Default IME
d03d8 2512 norm Default IME
2b0242 3588 norm Default IME
2026c 3472 norm Default IME
20278 3472 norm Default IME
4020e 3472 norm Default IME
100fc 224 norm Default IME
100ee 228 norm Default IME
100f6 240 norm Default IME
100ea 388 norm Default IME
4004c 1672 norm Default IME
10082 1528 norm Default IME
10086 1528 norm Default IME
1008a 1528 norm Default IME
1007c 1272 norm Default IME
1007e 1600 norm Default IME
4003a 436 norm M
40132 436 norm Default IME
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
*Security settings for 'Windows' key:
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
� |
|
