Jump to content


Photo

hijackthis log


  • Please log in to reply
10 replies to this topic

#1 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 02:59 AM

Hi all,

As of yesterday evening my browser is hijacked. I've read and followed up on the faq but the problem stays. This is my HijackThis log. If you have any advice, please tell me.

Logfile of HijackThis v1.97.7
Scan saved at 7:57:29, on 16-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\ipej32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\WINDOWS\system32\msaz.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavw.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rqdrz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqdrz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rqdrz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rqdrz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {F4E130BF-0A02-9105-6005-91173CBE07AA} - C:\WINDOWS\system32\ntgt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [msaz.exe] C:\WINDOWS\system32\msaz.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...unknown
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.che...elloInstall.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.che...p/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3CF70-AF71-4354-82B6-D743E6511625}: NameServer = 192.168.2.1

TIA
Ronald

#2 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 16 June 2004 - 03:06 AM

Download this zip.

http://www.downloads...atam.org/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.


Notepad will open with a log in it. Please copy and paste the log into this post.

Regards
http://blog.emsisoft.com
www.Emsisoft.com

#3 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 03:08 AM

Here it is

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8380416 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
SSSensor.dll 10000000 86016 C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\SSSensor.dll 5. 0. 0. 0 ScreenSaver Sensor
netapi32.dll 71bb0000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet-extensies voor Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1152 (xpsp2.021217-1051) Crypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-extensies voor Win32
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
msi.dll 1ad0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
NETSHELL.dll 75c90000 1667072 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1181 (xpsp2.030305-0046) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
WS2_32.dll 71a30000 81920 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.1240 (xpsp2.030618-0119) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
iphlpapi.dll 76d20000 90112 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.1240 (xpsp2.030618-0119) IP-helper-API
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
serwvdrv.dll 5d1a0000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave-stuurprogramma
umdmxfrm.dll 5b4c0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
a2handler.dll 57800000 114688 C:\Program Files\a2\a2handler.dll
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
fxsst.dll 692d0000 573440 C:\WINDOWS\System32\fxsst.dll 5.2.1776.1023 Fax Service
FXSAPI.dll 694f0000 458752 C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.1023 Microsoft Fax API Support DLL
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
enganche.dll e20000 139264 C:\Program Files\Panda Software\Panda Antivirus Platinum\enganche.dll 3, 3, 1, 3 enganche
spywareguard.dll 22200000 126976 C:\Program Files\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73390000 1388544 C:\WINDOWS\System32\MSVBVM60.DLL 6.00.9237 Visual Basic Virtual Machine
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
AcroIEHelper.dll f90000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
ZSHExt.dll 1270000 118784 C:\Program Files\Common Files\Zinio\ZSHExt.dll
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows™ TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
MSGINA.dll 75910000 995328 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 2a40000 204800 C:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
sti.dll 73b10000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.1106 (xpsp1.020828-1920) Still Image Devices client DLL
sensapi.dll 72240000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft ® Windows Script Host
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~3\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76020000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library
wiashext.dll 5a910000 581632 C:\WINDOWS\System32\wiashext.dll 5.1.2600.0 (XPClient.010817-1148) Gebruikersinterface van de shellmap van de replicatieapparaten
gdiplus.dll 78190000 1708032 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll 5.1.3101.0 (xpsp1.020828-1920) Microsoft GDI+
NokiaPhoneBrowser.dll 2340000 454656 C:\Program Files\Nokia\Nokia PC Suite 5\NokiaPhoneBrowser.dll 5, 0, 2, 12 Nokia Phone Browser
OLEPRO32.DLL 5f230000 106496 C:\WINDOWS\System32\OLEPRO32.DLL 5.0.5014 Microsoft ® OLE Property Support DLL
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1164 (xpsp2.021217-1051) Gecomprimeerde mappen

#4 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 16 June 2004 - 03:38 AM

Hello ,

press ctrl, alt and del and end task

C:\WINDOWS\ipej32.exe
C:\WINDOWS\system32\msaz.exe

Now fix the following entries in HijackThis,

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rqdrz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqdrz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rqdrz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rqdrz.dll/sp.html#96676
O2 - BHO: (no name) - {F4E130BF-0A02-9105-6005-91173CBE07AA} - C:\WINDOWS\system32\ntgt.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

Reboot in SAFE MODE and Show Hidden Files/Folders and delete if found,

C:\WINDOWS\ipej32.exe
C:\WINDOWS\system32\msaz.exe
C:\WINDOWS\rqdrz.dll
C:\WINDOWS\system32\ntgt.dll

Reboot in normal mode and post a fresh log

Regards
http://blog.emsisoft.com
www.Emsisoft.com

#5 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 03:57 AM

Thanx Subratam,

After rebooting I immediately got a BHO warning from Spywareguard of something called ieay.dll being added. I chose 'remove' but the pop up keeps coming back after a minute or two.
Here is the next log:

Logfile of HijackThis v1.97.7
Scan saved at 10:56:17, on 16-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\sysph32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\WINDOWS\system32\msaz.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [msaz.exe] C:\WINDOWS\system32\msaz.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.che...elloInstall.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.che...p/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3CF70-AF71-4354-82B6-D743E6511625}: NameServer = 192.168.2.1

#6 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 04:16 AM

I deleted the file but the homepage has changed again. So the 'engine' is still out there.

Here's the next log:

Logfile of HijackThis v1.97.7
Scan saved at 11:15:10, on 16-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\sysph32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\WINDOWS\system32\msaz.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://plehr.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://plehr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\plehr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://plehr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\plehr.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {711A9B30-7E7F-8A69-144B-125A175F6EC7} - C:\WINDOWS\system32\ieay.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [msaz.exe] C:\WINDOWS\system32\msaz.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.che...elloInstall.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.che...p/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3CF70-AF71-4354-82B6-D743E6511625}: NameServer = 192.168.2.1

#7 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 16 June 2004 - 04:22 AM

Now fix the following entries in HijackThis,

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://plehr.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://plehr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\plehr.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://plehr.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\plehr.dll/sp.html#96676
O2 - BHO: (no name) - {711A9B30-7E7F-8A69-144B-125A175F6EC7} - C:\WINDOWS\system32\ieay.dll

Reboot in SAFE MODE and Show Hidden Files/Folders and delete if found,

C:\WINDOWS\system32\plehr.dll
C:\WINDOWS\system32\ieay.dll

Reboot in normal mode and post a fresh hijackthis and pv log

Regards
http://blog.emsisoft.com
www.Emsisoft.com

#8 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 04:39 AM

Ok here we go: first Hijack and then PV log:

Logfile of HijackThis v1.97.7
Scan saved at 11:37:32, on 16-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\sysph32.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\WINDOWS\system32\ieay.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HijackThis.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {711A9B30-7E7F-8A69-144B-125A175F6EC7} - C:\WINDOWS\system32\ieay.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [msaz.exe] C:\WINDOWS\system32\msaz.exe
O4 - HKLM\..\Run: [ieay.exe] C:\WINDOWS\system32\ieay.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.che...elloInstall.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.che...p/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3CF70-AF71-4354-82B6-D743E6511625}: NameServer = 192.168.2.1




Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8380416 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
actxprxy.dll 71cd0000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
netapi32.dll 71bb0000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet-extensies voor Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1152 (xpsp2.021217-1051) Crypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-extensies voor Win32
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
NETSHELL.dll 75c90000 1667072 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1181 (xpsp2.030305-0046) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
WS2_32.dll 71a30000 81920 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.1240 (xpsp2.030618-0119) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
iphlpapi.dll 76d20000 90112 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.1240 (xpsp2.030618-0119) IP-helper-API
msi.dll 2270000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
serwvdrv.dll 5d1a0000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave-stuurprogramma
umdmxfrm.dll 5b4c0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
SSSensor.dll 10000000 86016 C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\SSSensor.dll 5. 0. 0. 0 ScreenSaver Sensor
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper
a2handler.dll 57800000 114688 C:\Program Files\a2\a2handler.dll
enganche.dll 1c60000 139264 C:\Program Files\Panda Software\Panda Antivirus Platinum\enganche.dll 3, 3, 1, 3 enganche
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
fxsst.dll 692d0000 573440 C:\WINDOWS\System32\fxsst.dll 5.2.1776.1023 Fax Service
FXSAPI.dll 694f0000 458752 C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.1023 Microsoft Fax API Support DLL
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
spywareguard.dll 22200000 126976 C:\Program Files\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73390000 1388544 C:\WINDOWS\System32\MSVBVM60.DLL 6.00.9237 Visual Basic Virtual Machine
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft ® Windows Script Host
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~3\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76020000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
AcroIEHelper.dll cf0000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows™ TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
MSGINA.dll 75910000 995328 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 2fc0000 204800 C:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
wiashext.dll 5a910000 581632 C:\WINDOWS\System32\wiashext.dll 5.1.2600.0 (XPClient.010817-1148) Gebruikersinterface van de shellmap van de replicatieapparaten
gdiplus.dll 78190000 1708032 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll 5.1.3101.0 (xpsp1.020828-1920) Microsoft GDI+
sti.dll 73b10000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.1106 (xpsp1.020828-1920) Still Image Devices client DLL
NokiaPhoneBrowser.dll 3300000 454656 C:\Program Files\Nokia\Nokia PC Suite 5\NokiaPhoneBrowser.dll 5, 0, 2, 12 Nokia Phone Browser
OLEPRO32.DLL 5f230000 106496 C:\WINDOWS\System32\OLEPRO32.DLL 5.0.5014 Microsoft ® OLE Property Support DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
btneighborhood.dll 3400000 831488 C:\WINDOWS\System32\btneighborhood.dll 1.4.1 Build 6 BTNeighborhood DLL
wbtapi.dll 34d0000 491520 C:\WINDOWS\System32\wbtapi.dll 1.4.1 Build 6 WBTApi DLL
MFC42.DLL 73d40000 991232 C:\WINDOWS\System32\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version
btwpimif.dll 2fa0000 77824 C:\WINDOWS\System32\btwpimif.dll 1.4.1 Build 6 BTWPIMIF DLL
btosif.dll 3550000 401408 C:\WINDOWS\System32\btosif.dll 1.4.1 Build 6 BTOSIF DLL
MFC42LOC.DLL 61e00000 57344 C:\WINDOWS\System32\MFC42LOC.DLL 6.00.8665.0 Taalspecifieke bronnen voor MFC
btrez.dll 35c0000 2813952 C:\WINDOWS\System32\btrez.dll 1.4.1 Build 6 btrez DLL
CSH.dll 2ec0000 65536 C:\WINDOWS\System32\CSH.dll 2.00.039 User RunTime Communication DLL
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1164 (xpsp2.021217-1051) Gecomprimeerde mappen
ZSHExt.dll 32c0000 118784 C:\Program Files\Common Files\Zinio\ZSHExt.dll

#9 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 16 June 2004 - 05:10 AM

Hello ,

press ctrl, alt and del and end task

C:\WINDOWS\sysph32.exe
C:\WINDOWS\system32\ieay.exe

Now fix the following entries in HijackThis,

O2 - BHO: (no name) - {711A9B30-7E7F-8A69-144B-125A175F6EC7} - C:\WINDOWS\system32\ieay.dll
O4 - HKLM\..\Run: [msaz.exe] C:\WINDOWS\system32\msaz.exe
O4 - HKLM\..\Run: [ieay.exe] C:\WINDOWS\system32\ieay.exe

Reboot in SAFE MODE and Show Hidden Files/Folders and delete if found,

C:\WINDOWS\sysph32.exe
C:\WINDOWS\system32\ieay.exe
C:\WINDOWS\system32\msaz.exe

Reboot in normal mode

Please download TheKillbox from here: http://www.downloads...org/KillBox.zip

Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\system32\ieay.dll

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

Reboot in normal mode and post a fresh log

Regards

Edited by Subratam, 16 June 2004 - 05:12 AM.

http://blog.emsisoft.com
www.Emsisoft.com

#10 godnrc

godnrc

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 05:26 AM

That all went well Subratam, thanks. This is the HijackThis log (I included the PV log to be sure):

Logfile of HijackThis v1.97.7
Scan saved at 12:25:15, on 16-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\HijackThis.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoflt07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.che...elloInstall.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.che...p/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3CF70-AF71-4354-82B6-D743E6511625}: NameServer = 192.168.2.1



and the PV log:


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8380416 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
actxprxy.dll 71cd0000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
netapi32.dll 71bb0000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet-extensies voor Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1152 (xpsp2.021217-1051) Crypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-extensies voor Win32
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
NETSHELL.dll 75c90000 1667072 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1181 (xpsp2.030305-0046) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
WS2_32.dll 71a30000 81920 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.1240 (xpsp2.030618-0119) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
iphlpapi.dll 76d20000 90112 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.1240 (xpsp2.030618-0119) IP-helper-API
msi.dll 2230000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
SSSensor.dll 10000000 86016 C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\SSSensor.dll 5. 0. 0. 0 ScreenSaver Sensor
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
serwvdrv.dll 5d1a0000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave-stuurprogramma
umdmxfrm.dll 5b4c0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper
spywareguard.dll 22200000 126976 C:\Program Files\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73390000 1388544 C:\WINDOWS\System32\MSVBVM60.DLL 6.00.9237 Visual Basic Virtual Machine
enganche.dll 21f0000 139264 C:\Program Files\Panda Software\Panda Antivirus Platinum\enganche.dll 3, 3, 1, 3 enganche
a2handler.dll 57800000 114688 C:\Program Files\a2\a2handler.dll
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
fxsst.dll 692d0000 573440 C:\WINDOWS\System32\fxsst.dll 5.2.1776.1023 Fax Service
FXSAPI.dll 694f0000 458752 C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.1023 Microsoft Fax API Support DLL
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft ® Windows Script Host
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~3\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76020000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
AcroIEHelper.dll cf0000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows™ TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
MSGINA.dll 75910000 995328 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 3010000 204800 C:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
wiashext.dll 5a910000 581632 C:\WINDOWS\System32\wiashext.dll 5.1.2600.0 (XPClient.010817-1148) Gebruikersinterface van de shellmap van de replicatieapparaten
gdiplus.dll 78190000 1708032 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll 5.1.3101.0 (xpsp1.020828-1920) Microsoft GDI+
sti.dll 73b10000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.1106 (xpsp1.020828-1920) Still Image Devices client DLL
NokiaPhoneBrowser.dll 3350000 454656 C:\Program Files\Nokia\Nokia PC Suite 5\NokiaPhoneBrowser.dll 5, 0, 2, 12 Nokia Phone Browser
OLEPRO32.DLL 5f230000 106496 C:\WINDOWS\System32\OLEPRO32.DLL 5.0.5014 Microsoft ® OLE Property Support DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
btneighborhood.dll 3400000 831488 C:\WINDOWS\System32\btneighborhood.dll 1.4.1 Build 6 BTNeighborhood DLL
wbtapi.dll 34d0000 491520 C:\WINDOWS\System32\wbtapi.dll 1.4.1 Build 6 WBTApi DLL
MFC42.DLL 73d40000 991232 C:\WINDOWS\System32\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version
btwpimif.dll 2f60000 77824 C:\WINDOWS\System32\btwpimif.dll 1.4.1 Build 6 BTWPIMIF DLL
btosif.dll 3550000 401408 C:\WINDOWS\System32\btosif.dll 1.4.1 Build 6 BTOSIF DLL
MFC42LOC.DLL 61e00000 57344 C:\WINDOWS\System32\MFC42LOC.DLL 6.00.8665.0 Taalspecifieke bronnen voor MFC
btrez.dll 35c0000 2813952 C:\WINDOWS\System32\btrez.dll 1.4.1 Build 6 btrez DLL
CSH.dll 2ed0000 65536 C:\WINDOWS\System32\CSH.dll 2.00.039 User RunTime Communication DLL
ZSHExt.dll 38b0000 118784 C:\Program Files\Common Files\Zinio\ZSHExt.dll
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1164 (xpsp2.021217-1051) Gecomprimeerde mappen


Thanks
Ronald

#11 Subratam

Subratam

    Silent Assasinator

  • Retired Staff
  • PipPipPipPip
  • 284 posts

Posted 16 June 2004 - 05:52 AM

Good News :)..

The log looks clean. Read here -> http://forums.subrat...p?showtopic=519 for future preventions.

Regards
http://blog.emsisoft.com
www.Emsisoft.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button