Genius need to help find and delete DLL file on C: drive

[NegStar]

I hope someone can help me with this persistant problem.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll

This CWS file is visible in the HJT log, but it cannot be located on disk at all to be deleted.
Of course I used the usual methods to View all hidden files and folders in windows and also tried to delete it using these DOS commands:
attrib -r -s -h C:\WINDOWS\chp.dll
del C:\WINDOWS\chp.dll

It wasn't visible by using DIR command afterwards, but it obviously was not removed because the 018 entry still remains without the (file missing) attribute.

Also, tried, DelLater,  Killbox, and MoveonBoot but the file remains.
Tried unregisitering the DLL by using this command:
regsvr32 -u chp.dll
and this:
regsvr32 -u C:\windows\chp.dll

Also ran this registry script (without the space in Filter: - bug?)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chp.CallThrough\CLSID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chp.CallThrough.1\CLSID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6585E5B4-4D2A-4A1D-A219-4102C64BA999}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="-

The only chp.dll registry entry by using RegSrch.vbs is this:
[HKEY_USERS\S-1-5-21-3660946461-4168701361-813958858-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="chp.dll "

A CLSID search using RegSrch.vbs utility reveals zero registry entries.

TDS-3 finds nothing.

My question is  this:
Are there any commands I can use to search the disk to make absolutely certain the file is not present, because the HJT 018 cannot be removed in normal or Safe mode?

Any other helpful hints would be appreciated

[Refalm]

I believe the problem is this:

"Windows XP SP2"

However, if you change this into "Linux", "Mac OS X", "FreeBSD" or "BeOS", it will fuction again.

Btw, read our rules.

[JanusChrist]

+1 for removing SP2. I don't know what else to tell you, seems like you've tried everything. I'd run AdAware, Spybot and Bazooka but I wouldn't doubt you've tried those too.

[M51DPS]

First, download Knoppix, and do whatever you need to fix up the system. In fact, make a few copies and give them to your friends. If you like what you see, try installing Linux. Post any questions or comments here.

[Aloone_Jonez]

Does Windows work ok?

Is it just MSIE being a dicklick?

If so you could just upgrade to Firefox: http://www.mozilla.org/

[MrX]

dicklick - that's a funny word.
Mr X

[Calum]

Does Windows work ok?

no, it's a cobbled together heap of trash that only gets used because it has a better marketing department than anybody else and it runs all those "legacy"* applications that the manufacturers can't be arsed to support on any other platform.

Is it just MSIE being a dicklick?

interesting question, and something i imagine a lot of people have asked themselves over the years...

If so you could just upgrade to Firefox: http://www.mozilla.org/

good advice, i advise upgrading to linux too: http://linuxiso.org/






* old and useless, but familiar

[Calum]

My question is  this:
Are there any commands I can use to search the disk to make absolutely certain the file is not present, because the HJT 018 cannot be removed in normal or Safe mode?

no, not within windows. the best advice is to boot from a knoppix disk as advised above by somebody else, then use the "find" command (http://heirloom.sourceforge.net/man/find.1.html) to find it.

Any other helpful hints would be appreciated

see my last answer.

[Aloone_Jonez]

no, it's a cobbled together heap of trash that only gets used because it has a better marketing department than anybody else and it runs all those "legacy"* applications that the manufacturers can't be arsed to support on any other platform.

I had a bit of trouble at first but Windows XP actually runs pretty smoothly on my machine. I've had no viruses/malware, no blue screen of deaths, no spontanious reboots. It's only locked up on me once in a year - it just locked up, the mouse cursor wouldn't even move!

I admit it, XP is not the best OS and I would like to upgrade to Linux but it doesn't fully support my hardware. I would change my hardware but I use some Windows programs for which there is no good Liuux equivalent and they won't run under Wine either. I will keep trying though - Linux is constantly improving and one day the software I use might have a decent Linux version or at least run under Wine.

[Refalm]

I had a bit of trouble at first but Windows XP actually runs pretty smoothly on my machine. I've had no viruses/malware, no blue screen of deaths, no spontanious reboots. It's only locked up on me once in a year - it just locked up, the mouse cursor wouldn't even move!

I admit it, XP is not the best OS and I would like to upgrade to Linux but it doesn't fully support my hardware. I would change my hardware but I use some Windows programs for which there is no good Liuux equivalent and they won't run under Wine either. I will keep trying though - Linux is constantly improving and one day the software I use might have a decent Linux version or at least run under Wine.

What software are we talking about here?

[JanusChrist]

I had a bit of trouble at first but Windows XP actually runs pretty smoothly on my machine. I've had no viruses/malware, no blue screen of deaths, no spontanious reboots. It's only locked up on me once in a year - it just locked up, the mouse cursor wouldn't even move!

I admit it, XP is not the best OS and I would like to upgrade to Linux but it doesn't fully support my hardware. I would change my hardware but I use some Windows programs for which there is no good Liuux equivalent and they won't run under Wine either. I will keep trying though - Linux is constantly improving and one day the software I use might have a decent Linux version or at least run under Wine.

Did you consider putting both on and configuring your computer as a multiboot system?

[Annorax]

Did you consider putting both on and configuring your computer as a multiboot system?

I was just going to suggest a block of C-4, but dualbooting Win2k and a Linux distro works too.

[Aloone_Jonez]

What software are we talking about here?

Well the odd game I suppose but mostly electronic circuit simulation software:
Tina
Electronic Worbench Pro
Crocadile Clips

Did you consider putting both on and configuring your computer as a multiboot system?

I currently dual boot Vector Linux and Windows XP and guess which I use the most?

Windows XP.

Why?

Convenience I suppose, I often write  technical documents and import schematics and results from the simulation software to OpenOffice Writer and Calc, I can also brow the Internet for datasheets too. It would be silly to keep rebooting to use my computer for different things.

I only use Linux for things I can't do in Windows like learning to program in C (and that's not very often) and I know you can pay lots of money to do this with Windows but why bother - it's free in Linux. I did consider using Linux to connect to the Internet (because it's more secure) but this would require a new modem and it would be inconvenient too as I need to be connected when I'm doing my work.

[NegStar]

Thanks guys.  I appreciate your suggestions. I'll check out the knoppix program. Already copied the link.  Must be like booting to RC.  I happened to get rid of the DLL file, so that's good.  I don't know which method was successful tho, but HJT now says the file is missing in the 018 entry, so I'm glad about that.   I personally use Mozilla, but the hijack. was on another system with IE.  Anybody ever use Agent Ransack?  I hear it's a good way of searching for files?

[JanusChrist]

I did consider using Linux to connect to the Internet (because it's more secure) but this would require a new modem and it would be inconvenient too as I need to be connected when I'm doing my work.

I doubt you would need a new modem, just new drivers for it.