MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Keep Creating DLL file/ Change my Homepage
December 05, 2019, 05:49:15 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 05, 2019, 05:49:15 PM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Keep Creating DLL file/ Change my Homepage  (Read 5287 times)
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« on: April 11, 2004, 02:57:08 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP W/ SP1
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


Hi, I got 2 problem.

1. Since last week, my IE homepage automatically changed to "about:blank" with a search page and also the registry is changed. I found there's an unknown dll created in my system32 folder. I tried to changed the value in registry and removed the dll file, it works fine, but after one day there's another unknown dll created and the search page appear again.

2. It just happen once, but just want to know anybody know what it is. I clicked on a link in MSN Canada, but it linked to "link.cc/index.php", how could this happen?

Below is the logfile from HijackThis, any help will really appreciate, thanks a lot.

William

(If there's any unknown character, they probably are chinese characters)
Logfile of HijackThis v1.97.7
Scan saved at 10:45:41 PM, on 4/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
C:\Progra~1\WinMX\WinMX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Network Associates\PGPNT\PGPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\1. Daddy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {654726AF-8994-47EF-A331-BABEECA3D4EB} - C:\WINDOWS\System32\nobojo.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (disabled by BHODemon)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: April 11, 2004, 10:41:38 PM »

Try and follow these instruction: You have a difficult variant of the
CWS variant: This info is from March 24/2004

We are working on a fix for this one and drawing near to an automated solution. This is by far the most sophisticated CWS variant seen to date, and it will take some time before CWShredder will be able to remove it.

The following *updated* manual fix should work:

    Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip unzip it to the desktop.
    Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.
    Notepad will open with a log in it Look for a line with this file, size and beginning to it. The filename will always be different:
    winajbm.dll 61c00000 61440 c:\windows\system32\winajbm.dll

    This part indicates the bad file:
    61c00000 61440
    It will always start with that header.
    Write down the filename behind it.

    Now download KillBox:
    http://download.broadbandmedic.com/VbStuff/KillBox.zip
    Unzip and run it.
    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot".
    On the next screen, click on the File menu and choose "Add File". The file you copied earlier should now show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.
    After rebooting, make sure the file is gone.
« Last Edit: April 11, 2004, 11:17:37 PM by benditup » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #2 on: April 12, 2004, 03:24:28 PM »

Hi again, wchan---Did you download Killbox?....
Since this is a difficult CWS Variant
Let's try a different route first and come back to this way
Download CWShredder(it has been updated today) but make sure you are using version 1.56.2 or newer

http://www.spywareinfo.com/%7Emerijn/files/CWShredder.exe

With CWShredder open and ALL other windows closed let CW Fix all problems and then RESTART your computer

You must put hijackthis in it's own Permanent folder
EG.... Open MyDocuments----right click an empty spot and select NEW----Folder-----name that new folder HJT
Anything removed with Hijackthis will make backups to that new folder......
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #3 on: April 12, 2004, 04:39:52 PM »

Hi benditup,

Thanks for your advice. I used the run.dat to generate a log file, and I found this line.
wdmf.dll        61c00000    61440 c:\windows\system32\wdmf.dll
However, I couldn't find this file in any folder, what does this mean?

Thanks.

William
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: April 13, 2004, 09:56:04 AM »

Could you post a Fresh hijackthis log,

You should uninstall Spykiller, it's an inferior ripoff
These two programs work better
Spybot
Adaware

They both are free----I can supply you with links and instructions if you
want
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #5 on: April 13, 2004, 03:09:30 PM »

Hi benditup,

I tried the CWShredder, the IE seems working fine now, at least for one day already, hopefully it won't happen again today, thanks a lot.

William
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #6 on: April 15, 2004, 02:02:56 AM »

This is my new log file:

Logfile of HijackThis v1.97.7
Scan saved at 10:02:38 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Progra~1\WinMX\WinMX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\1. Daddy\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {654726AF-8994-47EF-A331-BABEECA3D4EB} - C:\WINDOWS\System32\nobojo.dll (disabled by BHODemon)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (disabled by BHODemon)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Software\Popup Blocker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: April 15, 2004, 03:13:48 AM »

Let's try another route
You still haven't make a Permanent folder for Hijackthis
Would you do that now please
Copy and paste from last post

You must put hijackthis in it's own Permanent folder
EG.... Open MyDocuments----right click an empty spot and select NEW----Folder-----name that new folder HJT
Anything removed with Hijackthis will make backups to that new folder......If we have to replace anything, it does no good if your
temp files are deleted
Download Adaware 6---- free version

You'll find it under Adaware on the left hand side of this link
http://www.lavasoftusa.com/
Install it and we'll come back to this


Do another scan with Hijackthis and put a Check next to these entries
and then Fix Checked

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {654726AF-8994-47EF-A331-BABEECA3D4EB} - C:\WINDOWS\System32\nobojo.dll (disabled by BHODemon)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (disabled by BHODemon)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21ca3c84eb4ecec57317/netzip/RdxIE601.cab

I don't know what this one is, could you fix it also, if you don't know what it is!
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
Let's see if it returns

Run CWShredder one more time-----check for updates before you run it!

Restart your computer, preferrably in safe mode and do a Disk Cleanup
Also Right click the IE icon on desktop and left click properties
Under the Programs tab----Reset Web Settings
Under the General tab---Delete Cookies and Files
Also set your home page if required

Restart back in Normal Mode
Do not open a browser
Open Adaware and check for Updates
after downloading updates set these options in Adaware

 Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
After scan is finished
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
« Last Edit: April 15, 2004, 03:50:57 AM by benditup » Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #8 on: April 16, 2004, 02:22:53 AM »

Hi,

I've follow your instruction, and here's my new log file:

Logfile of HijackThis v1.97.7
Scan saved at 10:20:32 PM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Progra~1\WinMX\WinMX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\1. Daddy\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item:
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #9 on: April 16, 2004, 02:30:59 AM »

Hi,

Sorry, I forgot 2 things,

1. O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe is the file from my card reader drive.

2. I created the HJT folder, but it seems creating the temp folder, how can I fix it?

Thanks.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: April 16, 2004, 03:56:26 AM »

Since you know what this is don't fix it
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe

Make a folder for Hijackthis(Be sure to do this)

EG.... Open MyDocuments----right click an empty spot and select NEW----Folder-----name that new folder HJT
Anything removed with Hijackthis will make backups to that new folder
Save this to that new folder or Navigate to your temp folder and copy and paste hijackthis.exe to that new folder, instructions to show hidden files and folders and directory below.
http://www.spywareinfo.com/%7Emerijn/files/HijackThis.exe

Do a scan with hijackthis and put a check next to these entries
and then Fix Checked

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
Since BHODemon disabled this and now there is no file fix this one

To save on system resources and startup time you can optionally fix
these entries, programs are still useable, they just aren't required
on startup
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m

You can also disable this in Winmx itself, if I remember right there
is an option to do so or have hijackthis fix it
Do you really need it running on startup
The same goes with these entries

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

Set Windows to show hidden files and folders
# Click Start.
# Open My Computer.
# Select the Tools menu and click Folder Options.
# Select the View Tab.
# Under the Hidden files and folders heading select Show hidden files and folders.
Click OK.

Navigate to this folder and delete the CONTENTS of the temp
folder..
C:\Documents and Settings\1. Daddy\Local Settings\Temp
and other users on your computer Temp folder
You may want to copy and paste the backups made by Hijackthis
previously to the temp folder and put them in the new folder you made for Hijackthis
Also delete cookies and temporary internet files in Internet Explorer
and ensure your homepage is set properly

Here's some info on ISTbar
http://www.doxdesk.com/parasite/ISTbar.html

Lots of variants, I didn't see Ncase or Rapid blaster in your log
but you can never be to careful.... I only usually recommend using
RBKiller when I have notice Rapidblaster... I've scanned my system
with RBKiller, I have to play with the tools I recommend, usually Smiley

Do some reading on it and some searching on your computer.
You look clean so after a Restart let me know how everything is
going...
You may also want to look into a program that I use called
Spywareblaster..Adds entries to your Restricted Sites and
blocks unwanted cookies and bad activex controls

http://www.javacoolsoftware.com/spywareblaster.html

If you are still having problems please supply a Hijackthis log, thanx
These things have a way of reoccuring, have to nip them in the buttt
Smiley
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #11 on: April 17, 2004, 04:00:21 AM »

Hi,

I deleted all the files in temp folder, except one, Perflib_Perfdata_b1c.dat (Can't delete, even killbox). Do you know this file? Here's my latest log file from HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 11:55:56 PM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Progra~1\WinMX\WinMX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\1. Daddy\My Documents\HJT\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item:
Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #12 on: April 17, 2004, 04:39:27 PM »

Hi,

It happened again this morning, I checked last night with Ad-Aware & CWShredder, everything is ok, but when I start IE this morning, the search page appear again. It seems something is running behind and will recreate the dll every certain period of time, what can I do to get rid of it?

Logfile of HijackThis v1.97.7
Scan saved at 12:28:23 PM, on 4/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Progra~1\WinMX\WinMX.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\1. Daddy\My Documents\HJT\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GNRICXPK] C:\PROGRA~1\FLASHC~1\GNRICXPK.exe
O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item:
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: April 17, 2004, 07:04:37 PM »

Your log looks clean wchan Huh?

Could you do me a favor and run that utility I got you to download
earlier PV.bat

With 1 internet explorer window open, click the "runme" and post the log here,  could you also do a scan with Adaware in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&ExpandSection=4&Src=sec_doc_nam#_Section4

and an updated Virus Scan
and then last------CWShredder
Could you also navigate to this folder and delete the CONTENTS of ths
folder---it will be regenerated as programs are being opened
C:\WINDOWS\Prefetch----- just delete the entire contents of the Prefetch folder.....
What search bar are you seeing and homepage? The same one
Perflib_Perfdata---sounds like Performance monitor---generated on startup. Not to worry
Do a disk cleanup in safe mode also and Clean up IE's temp files and
cookies also.......

P.S. There is New security fixes for Windows XP, could you also ensure
that you visit Windows Update and get all the latest Critical Updates
« Last Edit: April 17, 2004, 07:14:16 PM by benditup » Logged

 
wchan1101
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 14


Bookmark and Share

View Profile
« Reply #14 on: April 18, 2004, 04:57:25 AM »

Here's the log file from PV run.bat:


  Module information for  'iexplore.exe'
  MODULE          BASE     SIZE     PATH
iexplore.exe      400000   102400 C:\Program Files\Internet Explorer\iexplore.exe
ntdll.dll       77f50000   684032 C:\WINDOWS\System32\ntdll.dll
kernel32.dll    77e60000   942080 C:\WINDOWS\system32\kernel32.dll
msvcrt.dll      77c10000   339968 C:\WINDOWS\system32\msvcrt.dll
USER32.dll      77d40000   573440 C:\WINDOWS\system32\USER32.dll
GDI32.dll       7e090000   266240 C:\WINDOWS\system32\GDI32.dll
ADVAPI32.dll    77dd0000   577536 C:\WINDOWS\system32\ADVAPI32.dll
RPCRT4.dll      78000000   552960 C:\WINDOWS\system32\RPCRT4.dll
SHLWAPI.dll     70a70000   413696 C:\WINDOWS\system32\SHLWAPI.dll
SHDOCVW.dll     71700000  1347584 C:\WINDOWS\System32\SHDOCVW.dll
IMM32.DLL       76390000   114688 C:\WINDOWS\System32\IMM32.DLL
LPK.DLL         629c0000    32768 C:\WINDOWS\System32\LPK.DLL
USP10.dll       72fa0000   368640 C:\WINDOWS\System32\USP10.dll
wdmf.dll        61c00000    61440 c:\windows\system32\wdmf.dll
comctl32.dll    71950000   933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
SHELL32.dll     773d0000  8331264 C:\WINDOWS\system32\SHELL32.dll
comctl32.dll    77340000   569344 C:\WINDOWS\system32\comctl32.dll
ole32.dll       771b0000  1196032 C:\WINDOWS\system32\ole32.dll
uxtheme.dll     5ad70000   212992 C:\WINDOWS\System32\uxtheme.dll
MSCTF.dll       74720000   278528 C:\WINDOWS\System32\MSCTF.dll
BROWSEUI.dll    71500000  1036288 C:\WINDOWS\System32\BROWSEUI.dll
browselc.dll    72430000    73728 C:\WINDOWS\System32\browselc.dll
appHelp.dll     75f40000   126976 C:\WINDOWS\system32\appHelp.dll
CLBCATQ.DLL     7c890000   528384 C:\WINDOWS\System32\CLBCATQ.DLL
OLEAUT32.dll    77120000   569344 C:\WINDOWS\system32\OLEAUT32.dll
COMRes.dll      77050000   806912 C:\WINDOWS\System32\COMRes.dll
VERSION.dll     77c00000    28672 C:\WINDOWS\system32\VERSION.dll
msctfime.ime      a60000   176128 C:\WINDOWS\System32\msctfime.ime
Msimtf.dll      746f0000   155648 C:\WINDOWS\System32\Msimtf.dll
ctagent.dll     10000000    69632 C:\WINDOWS\System32\ctagent.dll
DSOUND.dll      73f10000   348160 C:\WINDOWS\System32\DSOUND.dll
WINMM.dll       76b40000   180224 C:\WINDOWS\System32\WINMM.dll
WININET.dll     63000000   614400 C:\WINDOWS\system32\WININET.dll
CRYPT32.dll     762c0000   557056 C:\WINDOWS\system32\CRYPT32.dll
MSASN1.dll      762a0000    65536 C:\WINDOWS\system32\MSASN1.dll
Secur32.dll     76f90000    65536 C:\WINDOWS\System32\Secur32.dll
cscui.dll       76620000   319488 C:\WINDOWS\System32\cscui.dll
CSCDLL.dll      76600000   110592 C:\WINDOWS\System32\CSCDLL.dll
SETUPAPI.dll    76670000   946176 C:\WINDOWS\System32\SETUPAPI.dll
NavShExt.dll     1d80000    98304 C:\Program Files\Norton AntiVirus\NavShExt.dll
ATL.DLL         76b20000    86016 C:\WINDOWS\System32\ATL.DLL
MSVCP70.dll     7c080000   487424 C:\WINDOWS\System32\MSVCP70.dll
MSVCR70.dll     7c000000   344064 C:\WINDOWS\System32\MSVCR70.dll
ycomp5_3_12_0.dll 68000000   315392 C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
WSOCK32.dll     71ad0000    32768 C:\WINDOWS\System32\WSOCK32.dll
WS2_32.dll      71ab0000    81920 C:\WINDOWS\System32\WS2_32.dll
WS2HELP.dll     71aa0000    32768 C:\WINDOWS\System32\WS2HELP.dll
AcroIEHelper.dll  1df0000    49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
urlmon.dll      1a400000   499712 C:\WINDOWS\system32\urlmon.dll
SXS.DLL         75e90000   684032 C:\WINDOWS\System32\SXS.DLL
shdoclc.dll     76170000   557056 C:\WINDOWS\System32\shdoclc.dll
mlang.dll       74770000   585728 C:\WINDOWS\System32\mlang.dll
RASAPI32.dll    76ee0000   225280 C:\WINDOWS\System32\RASAPI32.dll
rasman.dll      76e90000    69632 C:\WINDOWS\System32\rasman.dll
NETAPI32.dll    71c20000   319488 C:\WINDOWS\System32\NETAPI32.dll
TAPI32.dll      76eb0000   176128 C:\WINDOWS\System32\TAPI32.dll
rtutils.dll     76e80000    53248 C:\WINDOWS\System32\rtutils.dll
sensapi.dll     722b0000    20480 C:\WINDOWS\System32\sensapi.dll
mswsock.dll     71a50000   241664 C:\WINDOWS\system32\mswsock.dll
wshtcpip.dll    71a90000    32768 C:\WINDOWS\System32\wshtcpip.dll
USERENV.dll     75a70000   675840 C:\WINDOWS\system32\USERENV.dll
msi.dll          24b0000  2101248 C:\WINDOWS\System32\msi.dll
LGMOUSHK.dll     26c0000    24576 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
DNSAPI.dll      76f20000   151552 C:\WINDOWS\System32\DNSAPI.dll
winrnr.dll      76fb0000    28672 C:\WINDOWS\System32\winrnr.dll
WLDAP32.dll     76f60000   180224 C:\WINDOWS\system32\WLDAP32.dll
rasadhlp.dll    76fc0000    20480 C:\WINDOWS\System32\rasadhlp.dll
iphlpapi.dll    76d60000    90112 C:\WINDOWS\System32\iphlpapi.dll
mshtml.dll      63580000  2818048 C:\WINDOWS\System32\mshtml.dll
msohev.dll      32520000    73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
scrauth.dll      2d90000   122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
ScrBlock.dll     2dc0000   131072 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
wintrust.dll    76c30000   176128 C:\WINDOWS\System32\wintrust.dll
IMAGEHLP.dll    76c90000   139264 C:\WINDOWS\system32\IMAGEHLP.dll
rsaenh.dll       ffd0000   143360 C:\WINDOWS\System32\rsaenh.dll
jscript.dll     6b700000   589824 c:\windows\system32\jscript.dll
MSLS31.DLL      746c0000   159744 C:\WINDOWS\System32\MSLS31.DLL
iepeers.dll     66e50000   241664 C:\WINDOWS\System32\iepeers.dll
WINSPOOL.DRV    73000000   143360 C:\WINDOWS\System32\WINSPOOL.DRV
wdmaud.drv      72d20000    36864 C:\WINDOWS\System32\wdmaud.drv
msacm32.drv     72d10000    32768 C:\WINDOWS\System32\msacm32.drv
MSACM32.dll     77be0000    81920 C:\WINDOWS\System32\MSACM32.dll
midimap.dll     77bd0000    28672 C:\WINDOWS\System32\midimap.dll
c_g18030.dll    6fd80000   233472 C:\WINDOWS\System32\c_g18030.dll
mshtmled.dll    74cb0000   454656 C:\WINDOWS\System32\mshtmled.dll
MSRATING.DLL    5ff20000   143360 C:\WINDOWS\System32\MSRATING.DLL
msratelc.dll    5ff50000    69632 C:\WINDOWS\System32\msratelc.dll
ACTXPRXY.DLL    71d40000   110592 C:\WINDOWS\System32\ACTXPRXY.DLL
QuickTimeWebHelper.qtx 66de0000   217088 C:\WINDOWS\System32\QuickTime\QuickTimeWebHelper.qtx
QuickTime.qts   66800000  5373952 C:\WINDOWS\System32\QuickTime.qts
OLEPRO32.DLL    5edd0000   106496 C:\WINDOWS\System32\OLEPRO32.DLL
comdlg32.dll    763b0000   282624 C:\WINDOWS\system32\comdlg32.dll
KsUser.dll      73ee0000    16384 C:\WINDOWS\System32\KsUser.dll
ddraw.dll       73760000   278528 C:\WINDOWS\System32\ddraw.dll
DCIMAN32.dll    73bc0000    24576 C:\WINDOWS\System32\DCIMAN32.dll
QuickTime3GPP.qtx 676d0000   593920 C:\WINDOWS\system32\QuickTime\QuickTime3GPP.qtx
QuickTimeAuthoring.qtx 66fe0000  1642496 C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx
QuickTimeCapture.qtx 67180000   299008 C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx
QuickTimeEffects.qtx 671d0000   516096 C:\WINDOWS\system32\QuickTime\QuickTimeEffects.qtx
QuickTimeEssentials.qtx 67430000   512000 C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx
QuickTimeImage.qtx 67260000   540672 C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx
QuickTimeInternetExtras.qtx 66f00000   880640 C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx
QuickTimeMPEG.qtx 673c0000   434176 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx
QuickTimeMPEG4.qtx 674b0000   471040 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx
QuickTimeMPEG4Authoring.qtx 67530000  1339392 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4Authoring.qtx
QuickTimeMusic.qtx 672f0000   536576 C:\WINDOWS\system32\QuickTime\QuickTimeMusic.qtx
QuickTimeStreaming.qtx 66d20000   757760 C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx
QuickTimeStreamingAuthoring.qtx 67800000   311296 C:\WINDOWS\system32\QuickTime\QuickTimeStreamingAuthoring.qtx
QuickTimeStreamingExtras.qtx 67850000   126976 C:\WINDOWS\system32\QuickTime\QuickTimeStreamingExtras.qtx
QuickTimeVR.qtx  d3b0000   393216 C:\WINDOWS\system32\QuickTimeVR.qtx
vbscript.dll    6b600000   462848 c:\windows\system32\vbscript.dll
Flash.ocx        d9c0000  1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx
ddrawex.dll     6d430000    36864 C:\WINDOWS\System32\ddrawex.dll
HLINK.DLL       76820000    77824 C:\WINDOWS\System32\HLINK.DLL
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 28, 2018, 09:54:58 AM