infection with hjt log

No, just the cwlsp.dll.

Regards Howard

heres the newest log

You forgot to attach the HJT log.

Regards Howard

i noticed and ive etied my post to include the log. it kept tellnig me it was attached but appretly it wasnt

Have HJT fix this entry.

O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cwlsp.dll' missing

Then go and delete this bold file(if there).

c:\winnt\system32\cwlsp.dll

Other than the above, your HJT log looks clean.

Regards Howard

ill do that as soon as the spy bot search is done

spybot is picking up some stuff, hopsuflly jsut the ramimans

Ok, no problem.

Please let me know how the system is running and whether or not the internet is working correctly.

Regards Howard

the intenet isnt working right

but im not sure if it ever did
this is a friedns comp that i got to fix and give back

its a laptop

there are like 3 programs that take extra time and that i have o hit end task in order for windows to shut down

hjt is saying that it cannot fix the entry and recomeds the tool that you told me to use

Maybe the laptop is in need of a complete format an reinstall.

Without being able to access the net properly, it`s difficult to update and run antivirus/spyware tools etc.

I don`t really know what else to suggest.

What are the programmes you have to end before you can shut down?

Regards Howard

This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

the computer has been a little bit faster and now the shutdown problem is gone

the only problem the is still here is the cwlsp.dll


edit: is there anywhere i can get the latest avg and adaware update because i still cnnt get on the net

im startig to think its the computers NIC and my routrer arnt comiuncating right


also the thing that sometimes popes up is
windowsformparkingwindow that takes about 1 minute for it to end so windows will shut down

Give this a try.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programmes in the control panel and uninstall anything to do with(if there).

Contentwatch

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

CwWLEvent
CwCpSvc20

Close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

cwsvc.exe
cwcptray.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\gui\cwcptray.exe

O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\cwlsp.dll' missing

O20 - Winlogon Notify: CwWLEvent - C:\Program Files\ContentWatch\Internet Protection\common\cwplc001.dll

O23 - Service: ContentProtect (CwCpSvc20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\ContentProtect\cwsvc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\ContentWatch

Reboot into normal mode and turn system restore back on.


Regards Howard

the only thing i can see is contentwatch2.1 in add and remove

That`s the one.

Uninstall it as per the instructions I gave in my last post.

Regards Howard

sorry it was a typo

its called ADPROTECT2.1 i dont know if this is part of the infection

but i did delete adwatch folder and fixed al the logs exept the 10 log whitch cannot be fixed

ill have a log in 5 imnutes

Addprotect is a completely different programme and should not be uninstalled.

Regards Howard

last log, its getting late here
what time is it by you

Could you not find contentwatch in add remove programmes?

I was going back through this thread and noticed you mentioned something about only having access to one account. Is this the system administrator account? I must have missed it the first time.

If not, there`s not a lot of point in carrying on, because administrator privileges are needed to install/uninstall certain things.

Regards Howard

it has never stoped me when uninstalled some other crap so i guss it is


its cleaner then it was

thanks so mcuh howards for all of your hours of help

No problem mate. It`s just a pity you didn`t have access to the admin account. It`s even more of a pity, I didn`t notice sooner.

It`s 7:55 am here and I`m getting very tired lol.

Regards Howard

well ill have the laptop back in a few weeks, when i giver it to them ill ask them to update all of the spyware and ainti virus apps so that theyll work more efictyl

thanks howards and ill post in this thered when the laptop comes back