• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Silka

CWS.Searchx

7 posts in this topic

I have run CWS shredder Adware and spybot s&d also del the mirosoft virtual machine..

 

this is my log file from hijack this

 

Logfile of HijackThis v1.97.7

Scan saved at 10:16:22 AM, on 18/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

D:\WINDOWS\system32\crypserv.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\mysql\bin\mysqld-nt.exe

D:\WINDOWS\system32\netdde.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\D-Tools\daemon.exe

D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

D:\Program Files\GetRight\getright.exe

D:\Program Files\GetRight\getright.exe

D:\PROGRA~1\ICQ\ICQ.exe

D:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE

D:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,

O1 - Hosts: °¡\Ïq?Â

O1 - Hosts: 1

O1 - Hosts: 2

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.0586111111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE1D0A23-6D25-45B1-BB92-AC6E2BF3AF75}: NameServer = 203.49.70.92 139.134.2.190

 

:ph34r:

Share this post


Link to post
Share on other sites

Hi Silka,

 

You have a few things going on here. :) Don't be discouraged if your home page changes back to that about:blank after this step. It's a multi-step process to fix this parasite.

 

Run hijackthis again, click Scan. Check the boxes next to these entries. Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

 

R3 - Default URLSearchHook is missing

 

O1 - Hosts: °¡\Ïq?Â

 

O1 - Hosts: 1

 

O1 - Hosts: 2

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

Next, go here and install ALL critical updates:

http://windowsupdate.microsoft.com

 

After a reboot, create a folder on your desktop called PV. Then download this zip.

http://tools.zerosrealm.com/pv.zip

 

Please unzip it to that PV folder on your desktop. It will not work if you run it from inside the zip.

 

After unzipped open the pv folder, make sure you have an Internet Explorer window open or minimized and double click on runme.bat.

 

A DOS window will open. Please select option 2 for Internet Explorer dll's by typing 2 and then pressing enter.

 

Notepad will open with a log in it. Save that log.

 

Next, copy and paste this line into the address bar of Internet Explorer:

java script:navigator.userAgent

 

Please copy and paste the results of the pv.zip (or runme.bat) log, the "java script:navigator.userAgent" results AND a fresh hijackthis log.

Share this post


Link to post
Share on other sites

Kwel..

Ok.. here it goes.. im just d/l the critial updates for windows is that ok? it will take me awhile as i have dial up :( .

 

java script:navigator.userAgent returned

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)

 

Logfile of HijackThis v1.97.7

Scan saved at 2:16:06 PM, on 18/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

D:\WINDOWS\system32\crypserv.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\mysql\bin\mysqld-nt.exe

D:\Program Files\D-Tools\daemon.exe

D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

D:\PROGRA~1\ICQ\ICQ.exe

D:\WINDOWS\system32\netdde.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\System32\wuauclt.exe

D:\WINDOWS\System32\cmd.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.0586111111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE1D0A23-6D25-45B1-BB92-AC6E2BF3AF75}: NameServer = 203.49.70.92 139.134.2.190

 

 

pv log file.. mmm its pretty big :p sry

 

 

Module information for 'iexplore.exe'

MODULE BASE SIZE PATH

iexplore.exe 400000 102400 D:\Program Files\Internet Explorer\iexplore.exe 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer

ntdll.dll 77f50000 692224 D:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL

kernel32.dll 77e60000 937984 D:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL

msvcrt.dll 77c10000 339968 D:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL

USER32.dll 77d40000 577536 D:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL

GDI32.dll 77c70000 253952 D:\WINDOWS\system32\GDI32.dll 5.1.2600.132 (xpclnt_qfe.021108-2107) GDI Client DLL

ADVAPI32.dll 77dd0000 569344 D:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API

RPCRT4.dll 78000000 450560 D:\WINDOWS\system32\RPCRT4.dll 5.1.2600.109 (xpclnt_qfe.021108-2107) Remote Procedure Call Runtime

SHLWAPI.dll 772d0000 405504 D:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library

SHDOCVW.dll 769c0000 1347584 D:\WINDOWS\system32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library

IMM32.DLL 76390000 106496 D:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL

LPK.DLL 629c0000 32768 D:\WINDOWS\system32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack

USP10.dll 72fa0000 368640 D:\WINDOWS\system32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor

comctl32.dll 71950000 933888 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library

SHELL32.dll 773d0000 8339456 D:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll

comctl32.dll 77340000 569344 D:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library

ole32.dll 771b0000 1114112 D:\WINDOWS\system32\ole32.dll 5.1.2600.115 (xpclnt_qfe.021108-2107) Microsoft OLE for Windows

uxtheme.dll 5ad70000 212992 D:\WINDOWS\system32\uxtheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library

MSCTF.dll 74720000 307200 D:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL

BROWSEUI.dll 75f80000 1032192 D:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

browselc.dll 72430000 73728 D:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

appHelp.dll 75f40000 118784 D:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library

CLBCATQ.DLL 76fd0000 491520 D:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42

OLEAUT32.dll 77120000 569344 D:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

COMRes.dll 77050000 806912 D:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77c00000 28672 D:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

WININET.dll 76200000 618496 D:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32

CRYPT32.dll 762c0000 565248 D:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32

MSASN1.dll 762a0000 65536 D:\WINDOWS\system32\MSASN1.dll 5.1.2600.137 (xpclnt_qfe.021108-2107) ASN.1 Runtime APIs

Secur32.dll 76f90000 65536 D:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface

SETUPAPI.dll 76670000 933888 D:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API

USERENV.dll 75a70000 667648 D:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv

AcroIEHelper.dll 10000000 45056 D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX

msi.dll 76400000 2076672 D:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer

SXS.DLL 75e90000 659456 D:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5

urlmon.dll 760f0000 491520 D:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32

shdoclc.dll 76170000 557056 D:\WINDOWS\system32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library

mlang.dll 74770000 585728 D:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL

wsock32.dll 71ad0000 32768 D:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL

WS2_32.dll 71ab0000 86016 D:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 D:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT

mswsock.dll 71a50000 241664 D:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider

wshtcpip.dll 71a90000 32768 D:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL

RASAPI32.DLL 76ee0000 225280 D:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.0 (xpclient.010817-1148) Remote Access API

rasman.dll 76e90000 69632 D:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager

NETAPI32.dll 71c20000 315392 D:\WINDOWS\System32\NETAPI32.dll 5.1.2600.122 (xpclnt_qfe.021108-2107) Net Win32 API DLL

TAPI32.dll 76eb0000 172032 D:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows Telephony API Client DLL

rtutils.dll 76e80000 53248 D:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

WINMM.dll 76b40000 180224 D:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL

serwvdrv.dll 5cd70000 28672 D:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver

umdmxfrm.dll 5b0a0000 28672 D:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module

mslbui.dll 605d0000 61440 D:\WINDOWS\System32\mslbui.dll 5.1.2600.0 (xpclient.010817-1148) LangageBar Add In

DNSAPI.dll 76f20000 151552 D:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL

winrnr.dll 76fb0000 28672 D:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL

WLDAP32.dll 76f60000 180224 D:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL

rasadhlp.dll 76fc0000 20480 D:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper

wintrust.dll 76c30000 176128 D:\WINDOWS\System32\wintrust.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs

IMAGEHLP.dll 76c90000 139264 D:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper

schannel.dll 767f0000 147456 D:\WINDOWS\System32\schannel.dll 5.1.2600.136 (xpclnt_qfe.021108-2107) TLS / SSL Security Provider

rsaenh.dll ffd0000 139264 D:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider

dssenh.dll ffa0000 135168 D:\WINDOWS\System32\dssenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider

mshtml.dll 74810000 2805760 D:\WINDOWS\System32\mshtml.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft ® HTML Viewer

c_g18030.dll 6fd80000 233472 D:\WINDOWS\System32\c_g18030.dll 5.1.2600.0 (xpclient.010817-1148) GB18030 DBCS-Unicode Conversion DLL

c_is2022.dll 6fd70000 20480 D:\WINDOWS\System32\c_is2022.dll 5.1.2600.0 (xpclient.010817-1148) ISO-2022 Code Page Translation DLL

msimtf.dll 746f0000 167936 D:\WINDOWS\System32\msimtf.dll 5.1.2600.0 (xpclient.010817-1148) Active IMM Server DLL

msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component

jscript.dll 75c50000 593920 d:\windows\system32\jscript.dll 5.6.0.6626 Microsoft ® JScript

MSLS31.DLL 746c0000 159744 D:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file

XX2GR.DLL 2dc0000 270336 D:\Program Files\GetRight\XX2GR.DLL 5.0.1 IE/NS Click Monitoring for GetRight. www.getright.com

comdlg32.dll 763b0000 282624 D:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL

WINSPOOL.DRV 73000000 143360 D:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver

vbscript.dll 73300000 479232 d:\windows\system32\vbscript.dll 5.6.0.6626 Microsoft ® VBScript

mshtmled.dll 74cb0000 454656 D:\WINDOWS\System32\mshtmled.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft ® HTML Editing Component

imgutil.dll 66880000 40960 D:\WINDOWS\System32\imgutil.dll 6.00.2600.0000 (xpclient.010817-1148) IE plugin image decoder support DLL

actxprxy.dll 71d40000 110592 D:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library

plugin.ocx 72b20000 98304 D:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX

ntshrui.dll 76990000 147456 D:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing

ATL.DLL 76b20000 86016 D:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)

LINKINFO.dll 76980000 28672 D:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

NETSHELL.dll 75cf0000 1638400 D:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell

credui.dll 76c00000 184320 D:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface

iphlpapi.dll 76d60000 86016 D:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API

netman.dll 76de0000 155648 D:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager

MPRAPI.dll 76d40000 90112 D:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL

ACTIVEDS.dll 76e40000 192512 D:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL

adsldpc.dll 76e10000 147456 D:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL

SAMLIB.dll 71bf0000 69632 D:\WINDOWS\system32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL

WZCSvc.DLL 76da0000 196608 D:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service

WMI.dll 76d30000 16384 D:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality

DHCPCSVC.DLL 76d80000 106496 D:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service

WTSAPI32.dll 76f50000 32768 D:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs

WINSTA.dll 76360000 61440 D:\WINDOWS\system32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library

wdmaud.drv 72d20000 36864 D:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72d10000 32768 D:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 81920 D:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 D:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper

Share this post


Link to post
Share on other sites

Hi Silka,

 

Run runme.bat again and this time, choose option #1 for explorer dll's. Post that log, along with an updated hijackthis log back into this thread.

Share this post


Link to post
Share on other sites

Hi OSC,

 

Just got up.. :huh:

 

So far CWS searchx hasnt come back after the last step..

 

Hijackthis log

 

Logfile of HijackThis v1.97.7

Scan saved at 8:58:23 AM, on 19/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

D:\WINDOWS\system32\crypserv.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\mysql\bin\mysqld-nt.exe

D:\WINDOWS\system32\netdde.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\D-Tools\daemon.exe

D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

D:\Program Files\GetRight\getright.exe

D:\Program Files\GetRight\getright.exe

D:\PROGRA~1\ICQ\ICQ.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\System32\cmd.exe

D:\WINDOWS\system32\notepad.exe

C:\hijackthis\HijackThis.exe

 

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.0586111111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE1D0A23-6D25-45B1-BB92-AC6E2BF3AF75}: NameServer = 203.49.70.92 139.134.2.190

 

 

Heres my log for pv..

 

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 1000000 1011712 D:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer

ntdll.dll 77f50000 692224 D:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL

kernel32.dll 77e60000 937984 D:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL

msvcrt.dll 77c10000 339968 D:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL

ADVAPI32.dll 77dd0000 569344 D:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API

RPCRT4.dll 78000000 450560 D:\WINDOWS\system32\RPCRT4.dll 5.1.2600.109 (xpclnt_qfe.021108-2107) Remote Procedure Call Runtime

GDI32.dll 77c70000 253952 D:\WINDOWS\system32\GDI32.dll 5.1.2600.132 (xpclnt_qfe.021108-2107) GDI Client DLL

USER32.dll 77d40000 577536 D:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL

SHLWAPI.dll 772d0000 405504 D:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library

SHELL32.dll 773d0000 8339456 D:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll

ole32.dll 771b0000 1114112 D:\WINDOWS\system32\ole32.dll 5.1.2600.115 (xpclnt_qfe.021108-2107) Microsoft OLE for Windows

OLEAUT32.dll 77120000 569344 D:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 75f80000 1032192 D:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

SHDOCVW.dll 769c0000 1347584 D:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library

UxTheme.dll 5ad70000 212992 D:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library

IMM32.DLL 76390000 106496 D:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL

LPK.DLL 629c0000 32768 D:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack

USP10.dll 72fa0000 368640 D:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor

comctl32.dll 71950000 933888 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library

comctl32.dll 77340000 569344 D:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library

appHelp.dll 75f40000 118784 D:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library

CLBCATQ.DLL 76fd0000 491520 D:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42

COMRes.dll 77050000 806912 D:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77c00000 28672 D:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 76620000 319488 D:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI

CSCDLL.dll 76600000 110592 D:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent

themeui.dll 5b630000 458752 D:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API

Secur32.dll 76f90000 65536 D:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface

MSIMG32.dll 76380000 20480 D:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL

USERENV.dll 75a70000 667648 D:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv

actxprxy.dll 71d40000 110592 D:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library

wmpband.dll 7610000 94208 D:\PROGRA~1\WINDOW~3\wmpband.dll 9.00.00.2980 Windows Media Player

MPR.dll 71b20000 69632 D:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL

msutb.dll 5fc10000 221184 D:\WINDOWS\System32\msutb.dll 5.1.2600.0 (xpclient.010817-1148) MSUTB Server DLL

MSCTF.dll 74720000 307200 D:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL

netapi32.dll 71c20000 315392 D:\WINDOWS\System32\netapi32.dll 5.1.2600.122 (xpclnt_qfe.021108-2107) Net Win32 API DLL

ntshrui.dll 76990000 147456 D:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing

ATL.DLL 76b20000 86016 D:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)

SETUPAPI.dll 76670000 933888 D:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API

LINKINFO.dll 76980000 28672 D:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

mslbui.dll 605d0000 61440 D:\WINDOWS\System32\mslbui.dll 5.1.2600.0 (xpclient.010817-1148) LangageBar Add In

WINSTA.dll 76360000 61440 D:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library

webcheck.dll 74b30000 266240 D:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor

stobject.dll 74b00000 131072 D:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object

BatMeter.dll 74af0000 36864 D:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL

POWRPROF.dll 74ad0000 28672 D:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

WTSAPI32.dll 76f50000 32768 D:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs

WINMM.dll 76b40000 180224 D:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL

serwvdrv.dll 5cd70000 28672 D:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver

umdmxfrm.dll 5b0a0000 28672 D:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module

wdmaud.drv 72d20000 36864 D:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72d10000 32768 D:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 81920 D:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 D:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper

NETSHELL.dll 75cf0000 1638400 D:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell

credui.dll 76c00000 184320 D:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface

WS2_32.dll 71ab0000 86016 D:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 D:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT

iphlpapi.dll 76d60000 86016 D:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API

netman.dll 76de0000 155648 D:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager

MPRAPI.dll 76d40000 90112 D:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL

ACTIVEDS.dll 76e40000 192512 D:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL

adsldpc.dll 76e10000 147456 D:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL

WLDAP32.dll 76f60000 180224 D:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL

rtutils.dll 76e80000 53248 D:\WINDOWS\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

SAMLIB.dll 71bf0000 69632 D:\WINDOWS\system32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL

RASAPI32.dll 76ee0000 225280 D:\WINDOWS\system32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access API

rasman.dll 76e90000 69632 D:\WINDOWS\system32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager

TAPI32.dll 76eb0000 172032 D:\WINDOWS\system32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows Telephony API Client DLL

WZCSvc.DLL 76da0000 196608 D:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service

WMI.dll 76d30000 16384 D:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality

DHCPCSVC.DLL 76d80000 106496 D:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service

DNSAPI.dll 76f20000 151552 D:\WINDOWS\system32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL

CRYPT32.dll 762c0000 565248 D:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32

MSASN1.dll 762a0000 65536 D:\WINDOWS\system32\MSASN1.dll 5.1.2600.137 (xpclnt_qfe.021108-2107) ASN.1 Runtime APIs

msi.dll 76400000 2076672 D:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer

WININET.dll 76200000 618496 D:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32

printui.dll 74b80000 532480 D:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL

WINSPOOL.DRV 73000000 143360 D:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver

CFGMGR32.dll 74ae0000 28672 D:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

RASDLG.dll 75550000 647168 D:\WINDOWS\System32\RASDLG.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Common Dialog API

rsaenh.dll ffd0000 139264 D:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider

netcfgx.dll 755f0000 593920 D:\WINDOWS\System32\netcfgx.dll 5.1.2600.0 (xpclient.010817-1148) Network Configuration Objects

CLUSAPI.dll 74fc0000 65536 D:\WINDOWS\System32\CLUSAPI.dll 5.1.2600.0 (xpclient.010817-1148) Cluster API Library

drprov.dll 75f60000 24576 D:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71c10000 53248 D:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager

NETUI0.dll 71cd0000 90112 D:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes

NETUI1.dll 71c90000 245760 D:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c80000 24576 D:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

davclnt.dll 75f70000 36864 D:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL

SXS.DLL 75e90000 659456 D:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5

shdoclc.dll 76170000 557056 D:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library

browselc.dll 72430000 73728 D:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

AcroIEHelper.dll 10000000 45056 D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX

urlmon.dll 760f0000 491520 D:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32

DUSER.dll 6c1b0000 274432 D:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine

msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component

WINTRUST.dll 76c30000 176128 D:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs

IMAGEHLP.dll 76c90000 139264 D:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper

asfsipc.dll 70eb0000 28672 D:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object

MSISIP.DLL 605f0000 53248 D:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider

wshext.dll 74ea0000 65536 D:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host

comdlg32.dll 763b0000 282624 D:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL

MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub

MSVCP60.DLL 76080000 397312 D:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

Share this post


Link to post
Share on other sites

Hi Silka,

 

That's good to hear. Your log is clean. Keep a close eye on things though and post back in this thread if things start acting up again.

 

Don't forget those windows updates!! They are important. Here's some light reading for prevention.

 

Protection - download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

Make sure you have the latest critical updates and make sure you check back often for new updates. This will help prevent some of this stuff from getting on your PC.

http://v4.windowsupdate.microsoft.com/en/default.asp

 

And also see So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Hi OSC,

 

Thanx for all ur help.. It is appreciated :D.. i will ensure that this doesnt happen again..

 

Thanx again

 

Sol

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0