Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack log & I cannot get rid of worldanitspy.exe


  • Please log in to reply
8 replies to this topic

#1 runnergirl

runnergirl

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 16 August 2005 - 02:11 PM

I accidently (stupidly) clicked on something I shouldn't have and I got Worldanitspy downloaded onto my pc. It also implanted a non removeable icon from my system tray. Right clicking on it does nothing, it only brings up the site. I've deleted it from my registry but it comes back. I ran Spybot S and D and Adaware and Crapcleaner, but it comes back. I cannot delete the actual folder from my C: drive because I get a pop up saying the file is in use. I do not know what to do. The only good thing that came out of this I guess is that this is on my work computer...hehe...but I need to get rid of this because it's slowing down my pc big time. Hope someone can help, thanks so much. Here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 3:06:31 PM, on 8/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\mm1.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINNT\system32\mstsc.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gallantk\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eraven.fpc.edu
F3 - REG:win.ini: run=C:\WINNT\inet20081\services.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RFX_auto_upgrade] rundll32.exe C:\PROGRA~1\RichFX\Player\npvpg004.dll,auto_upg_check
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20081\services.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://eraven.fpc.edu
O15 - Trusted Zone: http://eraven.fpc.edu
O15 - Trusted Zone: http://prudence.fpc.edu
O15 - Trusted Zone: http://webct.fpc.edu
O15 - Trusted Zone: http://eraven.fpc.edu (HKLM)
O15 - Trusted Zone: http://prudence.fpc.edu (HKLM)
O15 - Trusted Zone: http://webct.fpc.edu (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} (WGPlayer Class) - http://download.richfx.com/player/release/...date=01_17_2001
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {C025FBB4-8327-4AA7-ABCE-1106EECF3CB6} (ShareClient Class) - http://desktop.ilearning.com/launcher/irsshcl.dll
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fpc.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fpc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fpc.edu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - Soeperman Enterprises Ltd. - C:\Documents and Settings\gallantk\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Kerry

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:09 PM

Posted 20 August 2005 - 04:26 AM

Hi :thumbsup:

I don't trust this program: WorldAntiSpy
Please try to uninstall it from Add/Remove Programs.

When choosing anti-spyware protection, you should rely on products with deserved reputations and proven track records:


Install Ad-Aware - Download and install Ad-Aware.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


You are running HijackThis from your Desktop. You will need to move hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups when you fix items. You do not want them accidentally deleted or spread all over your Desktop.

First create a new folder:
A. Click My Computer icon on your desktop
B. Click C: drive
C. Click the File menu --> New --> Folder, a folder "New folder" will be created.
D. Rename it HJT

Move\Unzip hijackthis.exe to the c:\HJT folder.

Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a checkmark next to all these:

F3 - REG:win.ini: run=C:\WINNT\inet20081\services.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20081\services.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -


Close all other windows and browsers, and press the Fix Checked button.

Delete these folders, if present:
C:\WINNT\inet20081\ <-- this folder
C:\Program Files\WorldAntiSpy\ <-- this folder

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

Perform a full scan here: Trendmicro, check AutoClean and let him remove anything he finds.

Perform a full scan here: Panda Online, follow the instructions on the screed, make sure these are checked:
- Disinfect automatically
- Scan compressed files
- Scan e-mail files
- Neutralize Trojans
and let him remove anything he finds.

Reboot your machine, run HijackThis! again and post a new log please.

Edited by Daisuke, 20 August 2005 - 04:28 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 runnergirl

runnergirl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 22 August 2005 - 08:33 AM

Hi,
Thank you for the info. Just one thing, I did not install Worldantispy on my own, it installed by itself when I clicked on a bad link, I had no idea it was installing until it was too late. I used add/remove programs to remove it, however, it is not physically removed from my pc even though it says it is from the add/remove programs. I have an icon in my system tray that I cannot get rid of and I also cannot get rid of the folder in C:\Program Files\Worldantispy. When I click on it to delete, a message comes up and says: Cannot delete Skinuxbase40.dll: File may be in use". I've tried to get it off my services by using the task manager and services.msc, but it will not budge, saying it's in use and I cannot stop it.

I already have adaware and spybot s& d, so I used those and the other online scans you recommended. I also performed the other tasks you recommended and I still have that darn icon on my system tray. It is taking up alot of CPU Usage (46920) and it's driving me nuts because I get balloon tips popping up from it as well. Here is my new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:17 AM, on 8/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\WINNT\system32\mstsc.exe
C:\Program Files\Jenzabar QCS\FRS\frs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eraven.fpc.edu
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RFX_auto_upgrade] rundll32.exe C:\PROGRA~1\RichFX\Player\npvpg004.dll,auto_upg_check
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Panda_cleaner_46965] C:\WINNT\system32\ActiveScan\pavdr.exe 46965
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://eraven.fpc.edu
O15 - Trusted Zone: http://eraven.fpc.edu
O15 - Trusted Zone: http://prudence.fpc.edu
O15 - Trusted Zone: http://webct.fpc.edu
O15 - Trusted Zone: http://eraven.fpc.edu (HKLM)
O15 - Trusted Zone: http://prudence.fpc.edu (HKLM)
O15 - Trusted Zone: http://webct.fpc.edu (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} (WGPlayer Class) - http://download.richfx.com/player/release/...date=01_17_2001
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C025FBB4-8327-4AA7-ABCE-1106EECF3CB6} (ShareClient Class) - http://desktop.ilearning.com/launcher/irsshcl.dll
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fpc.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fpc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fpc.edu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Hope you can help me out...thank you so much for your time.

Kerry
(runnergirl)

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:09 PM

Posted 22 August 2005 - 12:50 PM

Hope you can help me out...thank you so much for your time

Yes, we will get rid of it :thumbsup:.

Download this zip file.

http://www.downloads.subratam.org/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.


Notepad will open with a log in it. Please copy and paste the log into this post.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 runnergirl

runnergirl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 22 August 2005 - 01:01 PM

Here it is:

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3700.6690 Windows Explorer
ntdll.dll 77f80000 507904 C:\WINNT\system32\ntdll.dll 5.00.2195.7006 NT Layer DLL
ADVAPI32.DLL 7c2d0000 413696 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.7038 Advanced Windows 32 Base API
KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll 5.00.2195.7006 Windows NT BASE API Client DLL
RPCRT4.dll 77d30000 491520 C:\WINNT\system32\RPCRT4.dll 5.00.2195.7020 Remote Procedure Call Runtime
GDI32.DLL 77f40000 258048 C:\WINNT\system32\GDI32.DLL 5.00.2195.7011 GDI Client DLL
USER32.dll 77e10000 430080 C:\WINNT\system32\USER32.dll 5.00.2195.7032 Windows 2000 USER API Client DLL
SHLWAPI.DLL 70a70000 417792 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1612 (xpsp2.041207-1145) Shell Light-weight Utility Library
msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft ® C Runtime Library
COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.6717 Shim Engine DLL
AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.6717 Windows 2000 Shim Accessory DLL
SHELL32.dll 7cf30000 2449408 C:\WINNT\system32\SHELL32.dll 5.00.3900.7032 Windows Shell Common Dll
OLE32.DLL 7ce20000 1052672 C:\WINNT\system32\OLE32.DLL 5.00.2195.7034 Microsoft OLE for Windows
CLBCATQ.DLL 7c950000 589824 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3511.0
OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522
cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI
CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent
MSI.DLL 745e0000 2908160 C:\WINNT\system32\MSI.DLL 3.1.4000.2435 Windows Installer
SHDOCVW.DLL e00000 1351680 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1658 (xpsp2.050427-1138) Shell Doc Object and Control Library
browseui.dll 71500000 1032192 C:\WINNT\system32\browseui.dll 6.00.2800.1622 (xpsp2.050218-1437) Shell Browser UI Library
USERENV.DLL 7c0f0000 409600 C:\WINNT\system32\USERENV.DLL 5.00.2195.7002 Userenv
URLMON.DLL 1a400000 512000 C:\WINNT\system32\URLMON.DLL 6.00.2800.1485 OLE32 Extensions for Win32
VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries
LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL
mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
mshtml.dll 63580000 2744320 C:\WINNT\system32\mshtml.dll 6.00.2800.1505 Microsoft ® HTML Viewer
mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3502.6601 My Documents Folder UI
ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
NETAPI32.DLL 7cdc0000 339968 C:\WINNT\system32\NETAPI32.DLL 5.00.2195.7038 Net Win32 API DLL
DNSAPI.dll 77980000 147456 C:\WINNT\system32\DNSAPI.dll 5.00.2195.7003 DNS Client API DLL
WSOCK32.dll 75050000 32768 C:\WINNT\system32\WSOCK32.dll 5.00.2195.6603 Windows Socket 32-Bit DLL
WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL 5.00.2195.6601 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
NETRAP.dll 751c0000 24576 C:\WINNT\system32\NETRAP.dll 5.00.2134.1 Net Remote Admin Protocol DLL
NTDSAPI.dll 77bf0000 69632 C:\WINNT\system32\NTDSAPI.dll 5.00.2195.6666 NT5DS
WLDAP32.DLL 77950000 176128 C:\WINNT\system32\WLDAP32.DLL 5.00.2195.7017 Win32 LDAP API DLL
SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL 5.00.2195.6695 Security Support Provider Interface
SAMLIB.dll 75150000 65536 C:\WINNT\system32\SAMLIB.dll 5.00.2195.6944 SAM Library DLL
MPR.DLL 76620000 69632 C:\WINNT\system32\MPR.DLL 5.00.2195.6824 Multiple Provider Router DLL
shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
NETSHELL.dll 76f20000 487424 C:\WINNT\system32\NETSHELL.dll 5.00.2195.6604 Network Connections Shell
webcheck.dll 70340000 266240 C:\WINNT\system32\webcheck.dll 6.00.2800.1106 Web Site Monitor
msimtf.dll 60280000 176128 C:\WINNT\system32\msimtf.dll 1.00.2409.7 built by: Lab06_N Active IMM Server DLL
MSCTF.dll 60000000 282624 C:\WINNT\system32\MSCTF.dll 1.00.2409.7 built by: Lab06_N MSUIM Server DLL
stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.6601 Systray shell service object
BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.6601 Battery Meter Helper DLL
SETUPAPI.DLL 77880000 581632 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.6622 Windows Setup API
POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.6601 Power Profile Helper DLL
WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL
MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.6655 Windows 2000 IMM32 API Client DLL
wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv 5.00.2195.6673 WDM Audio driver mapper
msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
shellextension.dll 2380000 110592 C:\Program Files\Microsoft AntiSpyware\shellextension.dll 1.0.0614.10 Microsoft AntiSpyware Shell Extension
browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
ZSHExt.dll 10000000 118784 C:\Program Files\Common Files\Zinio\ZSHExt.dll 1,2,1,319 Zinio Shell Extension Module
ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.6824 Microsoft® Lan Manager
NETUI0.dll 75210000 86016 C:\WINNT\System32\NETUI0.dll 5.00.2195.6601 NT LM UI Common Code - GUI Classes
NETUI1.dll 751d0000 229376 C:\WINNT\System32\NETUI1.dll 5.00.2134.1 NT LM UI Common Code - Networking classes
CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2195.6612 Microsoft Video for Windows DLL
AVIFIL32.DLL 2c70000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2195.6612 Microsoft AVI File support library
faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
PDFShell.dll 30a0000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension
LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2195.7009 Windows Volume Tracking
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
actxprxy.dll 703d0000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2800.1106 ActiveX Interface Marshaling Library
WINTRUST.dll 76930000 176128 C:\WINNT\system32\WINTRUST.dll 5.131.2195.6824 Microsoft Trust Verification APIs
CRYPT32.dll 7c740000 573440 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6926 Crypto API32
MSASN1.dll 77430000 69632 C:\WINNT\system32\MSASN1.dll 5.00.2195.6905 ASN.1 Runtime APIs
IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll 5.00.2195.6613 Windows NT Image Helper
INPUT.CPL 3820000 122880 C:\WINNT\system32\INPUT.CPL 1.00.2409.7 built by: Lab06_N Text Input DLL
powercfg.cpl 65050000 110592 C:\WINNT\system32\powercfg.cpl 5.00.3502.6601 Power Management Configuration Control Panel Applet
vpshell2.dll 3bf0000 40960 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll 9.0.0.338 Symantec AntiVirus
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component


I think I may gotten rid of the worldantispy, but I cannot open internet explorer or adaware or spybot. I keep getting a weird message saying I'm missing .dll when I try to use Mozilla, and absolutely nothing happens when I open internet explorer. The GO button near the address bar doesn't even work.

Thanks,
Kerry

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:09 PM

Posted 22 August 2005 - 01:10 PM

Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 2 for internet explorer dll's by typing 2 and then pressing enter.

Notepad will open with a log in it. Please copy and paste the log into this post.


Please do not try to do something else.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 runnergirl

runnergirl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 22 August 2005 - 01:30 PM

Here it is:

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3700.6690 Windows Explorer
ntdll.dll 77f80000 507904 C:\WINNT\system32\ntdll.dll 5.00.2195.7006 NT Layer DLL
ADVAPI32.DLL 7c2d0000 413696 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.7038 Advanced Windows 32 Base API
KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll 5.00.2195.7006 Windows NT BASE API Client DLL
RPCRT4.dll 77d30000 491520 C:\WINNT\system32\RPCRT4.dll 5.00.2195.7020 Remote Procedure Call Runtime
GDI32.DLL 77f40000 258048 C:\WINNT\system32\GDI32.DLL 5.00.2195.7011 GDI Client DLL
USER32.dll 77e10000 430080 C:\WINNT\system32\USER32.dll 5.00.2195.7032 Windows 2000 USER API Client DLL
SHLWAPI.DLL 70a70000 417792 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1612 (xpsp2.041207-1145) Shell Light-weight Utility Library
msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft ® C Runtime Library
COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.6717 Shim Engine DLL
AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.6717 Windows 2000 Shim Accessory DLL
SHELL32.dll 7cf30000 2449408 C:\WINNT\system32\SHELL32.dll 5.00.3900.7032 Windows Shell Common Dll
OLE32.DLL 7ce20000 1052672 C:\WINNT\system32\OLE32.DLL 5.00.2195.7034 Microsoft OLE for Windows
CLBCATQ.DLL 7c950000 589824 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3511.0
OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522
cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI
CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent
MSI.DLL 745e0000 2908160 C:\WINNT\system32\MSI.DLL 3.1.4000.2435 Windows Installer
SHDOCVW.DLL e00000 1351680 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1658 (xpsp2.050427-1138) Shell Doc Object and Control Library
browseui.dll 71500000 1032192 C:\WINNT\system32\browseui.dll 6.00.2800.1622 (xpsp2.050218-1437) Shell Browser UI Library
USERENV.DLL 7c0f0000 409600 C:\WINNT\system32\USERENV.DLL 5.00.2195.7002 Userenv
URLMON.DLL 1a400000 512000 C:\WINNT\system32\URLMON.DLL 6.00.2800.1485 OLE32 Extensions for Win32
VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries
LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL
mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
mshtml.dll 63580000 2744320 C:\WINNT\system32\mshtml.dll 6.00.2800.1505 Microsoft ® HTML Viewer
mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3502.6601 My Documents Folder UI
ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
NETAPI32.DLL 7cdc0000 339968 C:\WINNT\system32\NETAPI32.DLL 5.00.2195.7038 Net Win32 API DLL
DNSAPI.dll 77980000 147456 C:\WINNT\system32\DNSAPI.dll 5.00.2195.7003 DNS Client API DLL
WSOCK32.dll 75050000 32768 C:\WINNT\system32\WSOCK32.dll 5.00.2195.6603 Windows Socket 32-Bit DLL
WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL 5.00.2195.6601 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
NETRAP.dll 751c0000 24576 C:\WINNT\system32\NETRAP.dll 5.00.2134.1 Net Remote Admin Protocol DLL
NTDSAPI.dll 77bf0000 69632 C:\WINNT\system32\NTDSAPI.dll 5.00.2195.6666 NT5DS
WLDAP32.DLL 77950000 176128 C:\WINNT\system32\WLDAP32.DLL 5.00.2195.7017 Win32 LDAP API DLL
SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL 5.00.2195.6695 Security Support Provider Interface
SAMLIB.dll 75150000 65536 C:\WINNT\system32\SAMLIB.dll 5.00.2195.6944 SAM Library DLL
MPR.DLL 76620000 69632 C:\WINNT\system32\MPR.DLL 5.00.2195.6824 Multiple Provider Router DLL
shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
NETSHELL.dll 76f20000 487424 C:\WINNT\system32\NETSHELL.dll 5.00.2195.6604 Network Connections Shell
webcheck.dll 70340000 266240 C:\WINNT\system32\webcheck.dll 6.00.2800.1106 Web Site Monitor
msimtf.dll 60280000 176128 C:\WINNT\system32\msimtf.dll 1.00.2409.7 built by: Lab06_N Active IMM Server DLL
MSCTF.dll 60000000 282624 C:\WINNT\system32\MSCTF.dll 1.00.2409.7 built by: Lab06_N MSUIM Server DLL
stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.6601 Systray shell service object
BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.6601 Battery Meter Helper DLL
SETUPAPI.DLL 77880000 581632 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.6622 Windows Setup API
POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.6601 Power Profile Helper DLL
WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL
MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.6655 Windows 2000 IMM32 API Client DLL
wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv 5.00.2195.6673 WDM Audio driver mapper
msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
shellextension.dll 2380000 110592 C:\Program Files\Microsoft AntiSpyware\shellextension.dll 1.0.0614.10 Microsoft AntiSpyware Shell Extension
browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
ZSHExt.dll 10000000 118784 C:\Program Files\Common Files\Zinio\ZSHExt.dll 1,2,1,319 Zinio Shell Extension Module
ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.6824 Microsoft® Lan Manager
NETUI0.dll 75210000 86016 C:\WINNT\System32\NETUI0.dll 5.00.2195.6601 NT LM UI Common Code - GUI Classes
NETUI1.dll 751d0000 229376 C:\WINNT\System32\NETUI1.dll 5.00.2134.1 NT LM UI Common Code - Networking classes
CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2195.6612 Microsoft Video for Windows DLL
AVIFIL32.DLL 2c70000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2195.6612 Microsoft AVI File support library
faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
PDFShell.dll 30a0000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension
LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2195.7009 Windows Volume Tracking
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
actxprxy.dll 703d0000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2800.1106 ActiveX Interface Marshaling Library
WINTRUST.dll 76930000 176128 C:\WINNT\system32\WINTRUST.dll 5.131.2195.6824 Microsoft Trust Verification APIs
CRYPT32.dll 7c740000 573440 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6926 Crypto API32
MSASN1.dll 77430000 69632 C:\WINNT\system32\MSASN1.dll 5.00.2195.6905 ASN.1 Runtime APIs
IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll 5.00.2195.6613 Windows NT Image Helper
INPUT.CPL 3820000 122880 C:\WINNT\system32\INPUT.CPL 1.00.2409.7 built by: Lab06_N Text Input DLL
powercfg.cpl 65050000 110592 C:\WINNT\system32\powercfg.cpl 5.00.3502.6601 Power Management Configuration Control Panel Applet
vpshell2.dll 3bf0000 40960 C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll 9.0.0.338 Symantec AntiVirus
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component


I think I may gotten rid of the worldantispy, but I cannot open internet explorer or adaware or spybot. I keep getting a weird message saying I'm missing .dll when I try to use Mozilla, and absolutely nothing happens when I open internet explorer. The GO button near the address bar doesn't even work.

Thanks,
Kerry

#8 runnergirl

runnergirl
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 22 August 2005 - 01:31 PM

Sorry, I posted the same thing twice. Here is the file after hitting #2:

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 Internet Explorer
ntdll.dll 77f80000 507904 C:\WINNT\system32\ntdll.dll 5.00.2195.7006 NT Layer DLL
msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft ® C Runtime Library
KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll 5.00.2195.7006 Windows NT BASE API Client DLL
USER32.dll 77e10000 430080 C:\WINNT\system32\USER32.dll 5.00.2195.7032 Windows 2000 USER API Client DLL
GDI32.dll 77f40000 258048 C:\WINNT\system32\GDI32.dll 5.00.2195.7011 GDI Client DLL
SHLWAPI.dll 70a70000 417792 C:\WINNT\system32\SHLWAPI.dll 6.00.2800.1612 (xpsp2.041207-1145) Shell Light-weight Utility Library
ADVAPI32.dll 7c2d0000 413696 C:\WINNT\system32\ADVAPI32.dll 5.00.2195.7038 Advanced Windows 32 Base API
RPCRT4.dll 77d30000 491520 C:\WINNT\system32\RPCRT4.dll 5.00.2195.7020 Remote Procedure Call Runtime
SHDOCVW.dll 71700000 1351680 C:\WINNT\system32\SHDOCVW.dll 6.00.2800.1658 (xpsp2.050427-1138) Shell Doc Object and Control Library
comctl32.dll 7a0000 540672 C:\WINNT\system32\comctl32.dll 5.81 Common Controls Library
SHELL32.dll 7cf30000 2449408 C:\WINNT\system32\SHELL32.dll 5.00.3900.7032 Windows Shell Common Dll
ole32.dll 7ce20000 1052672 C:\WINNT\system32\ole32.dll 5.00.2195.7034 Microsoft OLE for Windows
BROWSEUI.dll 71500000 1032192 C:\WINNT\system32\BROWSEUI.dll 6.00.2800.1622 (xpsp2.050218-1437) Shell Browser UI Library
browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
CLBCATQ.DLL 7c950000 589824 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3511.0
OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522
cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI
CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent
urlmon.dll 1a400000 512000 C:\WINNT\system32\urlmon.dll 6.00.2800.1485 OLE32 Extensions for Win32
VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries
LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL
shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
msi.dll 745e0000 2908160 C:\WINNT\system32\msi.dll 3.1.4000.2435 Windows Installer
mshtml.dll 63580000 2744320 C:\WINNT\system32\mshtml.dll 6.00.2800.1505 Microsoft ® HTML Viewer
msimtf.dll 60280000 176128 C:\WINNT\system32\msimtf.dll 1.00.2409.7 built by: Lab06_N Active IMM Server DLL
MSCTF.dll 60000000 282624 C:\WINNT\system32\MSCTF.dll 1.00.2409.7 built by: Lab06_N MSUIM Server DLL
IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.6655 Windows 2000 IMM32 API Client DLL
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
jscript.dll 6b700000 589824 C:\WINNT\System32\jscript.dll 5.6.0.8513 Microsoft ® JScript
MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file

#9 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:09 PM

Posted 22 August 2005 - 01:43 PM

Is this the complete log ?

If yes please select option 4 and post the log.


Download the latest version of “Silent Runners.vbs” and run it: http://www.silentrunners.org/ --> right click --> save it on your desktop --> click to run it.

If you have a script blocking program you will get a warning asking if you want to allow Silent Runners.vbs to run. Allow the script to run.

Post the log please and a new hijackthis log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users