CoolWeb Shredder NOT working! Hre is my log! Please help me!

Discussion in 'adware, spyware & hijack cleaning' started by tk421, May 30, 2004.

Thread Status:
Not open for further replies.
  1. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    I have been infected by the ******* Cool web Search trojan. I downloaded CWshredder, but nothing happenned. I ran hijack this, and this is my log. Please help me fix this problem! Thanks in advance!


    Logfile of HijackThis v1.97.7
    Scan saved at 00:21:36, on 2004-05-30
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\PROGRA~1\INTERN~2\INTERN~1\Intern~1.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\DS Clock\dsclock.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\WinMX\WinMX.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system32\wintime.exe
    C:\WINDOWS\seksdialer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Karl\Local Settings\Temporary Internet Files\Content.IE5\ALX6VA10\hjtlog[1].exe
    c:\hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [Internet Timer 3] C:\PROGRA~1\INTERN~2\INTERN~1\Intern~1.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
    O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\mstasks2.exe /u
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - HKCU\..\Run: [kbdjpn] C:\WINDOWS\System32\kbdjpn.exe
    O4 - HKCU\..\Run: [wpktv] C:\RECYCLER\NPROTECT\wpktv.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
    O9 - Extra button: Recherche (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0903d3b02614ec166c18/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38026.4816550926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9936854-14DC-4BD5-BAC6-10333850F5EA}: NameServer = 206.47.244.79 206.47.244.12
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    first download http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.zip unzip it and then click on search for hosts
    when any hosts file is found, it will be listed in the bottom window, click on it and press the reset default button.
    that will replace any bad entries with the standard windows entries
    NOTE: if you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder or get scattered all over the desktop and we need to empty the temp folders to remove the hijackers

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\mstasks2.exe /u
    O4 - HKCU\..\Run: [kbdjpn] C:\WINDOWS\System32\kbdjpn.exe
    O4 - HKCU\..\Run: [wpktv] C:\RECYCLER\NPROTECT\wpktv.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0903d3b...ip/RdxIE601.cab


    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files
    C:\WINDOWS\System32\kbdjpn.exe
    C:\RECYCLER\NPROTECT\wpktv.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\seksdialer.exe

    then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it

    as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this
    while in the temp folder, select view and select details.
    then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page.
    select all the files/folders except the today ones and delete them all.

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot normally &

    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    download CWshredder from http://www.thespykiller.co.uk then Run it
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.


    Reboot After running cwshredder and as soon as possible follow this advice:
    Now as CWS Hijacks are normally installed via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    Spybot - Search & Destroy from http://security.kolla.de
    AdAware 6 from http://www.lavasoft.de/support/download


    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least 01R310 23.05.2004 or a higher number/later date
    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  3. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Hi again!


    First of all, let me thank you for your time.


    Unfortunately, the first link that you wrote simply doesn't work. What is the program that you want me to download? Is there any other place where I can get it?


    Oh! I forgot to tell you that when I got infected, Norton antivirus said that it had detected Backdoor.jeem, but was unable to remove it. Is this why CWS doesn<t work? Do I really have something else? Thanks in advance for your time!
     
    Last edited: May 30, 2004
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  5. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    I already downloaded CWShredder. It,s the following link that down<t work.

    http://members.shaw.ca/techcd/VB_Pr...sFileReader.zip

    (Okay, this is not HTML, but the HTML link in your post works, but doesn<t lead to any donload.)


    Is that link to download CW shredder? Seems to me that it is for something else... because I just can't figure out how to follow all those files instructions from your post with CWshredder... seems like they don't apply. Lookslike I have to download some other program first...


    Thanks again for your time.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Could you try and be a bit more specific?
    I am trying to figure out what it is that won't work for you.

    What instructions don't fit what you are expecting?

    Regards,

    Pieter
     
  7. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    --------------------------------------------------------------------------------

    first download http://members.shaw.ca/techcd/VB_Pr...sFileReader.zip unzip it and then click on search for hosts
    when any hosts file is found, it will be listed in the bottom window, click on it and press the reset default button.
    that will replace any bad entries with the standard windows entries
    NOTE: if you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them







    Hi again!



    What I am trying to say is that the link up there doesn<t work. So I have nothing to run. I have downloaded CWshredder from the merjin website though, but the only buttons to presse are "scan only", "check for update", and "fix". So I am wondering if the link you gave me was for downloading CWS shredder. Or maybe I have an older version? Anyway, I will try again...
     
  8. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    I ran CWS shredder again. It said that my computer was completely clean. It didn't detect anything. What should I do? I am always being redirected to porn site coolsearch.biz. What virus do I have? Norton detected a certain backdoor.jeem. Perhaps I have another virus? Please help!
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  10. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Pieter,


    This link is still not working. Just what it is that you trying to get me to download? Maybe I can get it from another place? Is this CWshredder? What is the name of that program?


    Thanks again for the time!
     
  11. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  12. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    I did everything! Still not working! CWS still on my computer!

    This is my new log after following the instructions.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:02:10, on 2004-06-01
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\wintime.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\DS Clock\dsclock.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\Program Files\Highjackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
    O9 - Extra button: Recherche (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38026.4816550926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    That crap is still there! The only thing that I didn't do in the instructions is to delete the kbdjpn.exe file, simply because it doesn't exist on my computer. I could find a kbdjpn.dll file, but no exe file. Also, isn't this file for the japanese keyboard layout? I always type stuff in japanese on my computer. Will I have to reinstal it again?


    I spent the last 3 days trying to fix this. mayeb I don't ahev CWS ? I was told by Norton that I have Backdoor.jeem. What is this? Am I doing the right thing? Is this a new version of CWS? Should I delete the kbdjpn.dll file?


    Thanks in advance.
     
  13. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: I did everything! Still not working! CWS still on my computer!

    kbdjpn.dll is the japanese keyboard layout
    the kbdjpn.exe is very likely to be a baddie, but if you can't find it then it might not actually exist
    I am suspicious of this entry
    O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe

    there are genuine files with that name that are timers to tell you how long you have been connected, but I don't know whether yours is a genuine or a baddie pretendoing to be a good file

    I suspect it to be a baddie, but to check please copy C:\WINDOWS\system32\wintime.exe and send it to submit@thespykiller.co./uk so we can check it and see if it is a baddie or not and whether it's the cause of your trouble
     
  14. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    dvk01,


    I just sent you the file through hotmail. The hotmail server made a warning that the file may be infected. Perhaps you were right. I will be waiting for your instructions on how to remove it. Thanks again a MILLION times!
     
  15. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    wintime is definitely a baddie

    Kapersky says

    wintime.exe - infected by TrojanDropper.Win32.Small.hh

    to fix it

    boot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe


    Delete these files

    C:\WINDOWS\system32\wintime.exe

    then
    Reboot normally & seewhat happens

    I'm not guaranteeing that it will completely cure the problem but it might

    if not I've a few other ideas to track dow the problem, Some of the CWS hijackers are really evil and hide deeply
     
  16. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Derek,


    I am redoing the whole thing now, after erasing the wintime.exe file. While running Adaware, Norton detected a virus called trojan.bytefly. It said that it erased it. I will soon know if it works. Now I am still running adaware.


    Thanks again for your time and patience. I am beginning to lose mine.
     
  17. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    STILL INFECTED!!!


    I erased wintime, and ran all the cleaning softawares again, but I am sill ****ed! This is my new log. What do I do next? PLEASE HELP ME!





    Logfile of HijackThis v1.97.7
    Scan saved at 16:17:08, on 2004-06-01
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\DS Clock\dsclock.exe
    C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Highjackthis\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/index.php
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - Global Startup: Timex Data Link USB Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
    O9 - Extra button: Recherche (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38026.4816550926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9936854-14DC-4BD5-BAC6-10333850F5EA}: NameServer = 206.47.244.139 206.47.244.107
     
  18. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    right, let's see if we can find any hidden dll's that usually caiuse this problem

    download
    http://tools.zerosrealm.com/pv.zip

    unzip it & double click on runme.bat
    select option 1 press return & post it's log
    then option 2 press return and post it's log

    then option 6 & post that log

    I hope one of those will find the baddie, but we are having problems finding the initiator for quite a few of the latest CWS hijackers
     
  19. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Now as CWS Hijacks are normally installed via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.




    I didn<t do that, simply because I don't have an adiministratot account on my own computer!!! I don't remember ever writing down a password for the administrator account, and it asks me for one when I want to download. Is this critical in removing the spyware?


    If it is critical, then I am ****ed, because I don't know my own password!!! What should I do then? Do I have to erase my harddrive and start over from scratch?


    If I could find the person who wrote this ****, I would send him to removed. little piece of ****.


    Thanks again for your time.
     
    Last edited by a moderator: Jun 1, 2004
  20. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    if you don't have an administrator account in XP, you can't install or remove any programs or anything

    your normal account should have administrator priviledges otherwise you wouldn't have been able to use programs like adaware or hijackthis etc which write to the registry, access to the registry is only available to an administrator account
     
  21. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Derek,


    I intall all my programs from my user account. I don't have the password for the admin account. I don't remember ever entering one either. Is there any way to login as an administrator? How do I do it?

    Anyway, should I just erase the whole harddrive and reinstall windows? It seems like I am completely ****ed now. Do I have to download the windows updates to remove this thing? Is there a fix? Now I think that I will just have to rinstall everything. PLEASE help me out of this mes!
     
  22. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    if you don't remember the administarator account then try using a blank password

    XP by default uses a blank password when you didn't make a password, that isd just press return to log in to the admin account
     
  23. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Okay, I am now able to make the windows updates. The problem is that because of the spyware, there is some problem with som activex thing that i don't know about. Anyway, I just clicked yes at a box, and then I could download everything. I am doing that just now.


    Anyway, just how can I get rid of this thing? I swear I'll even come and clean your hedgehogs litter if you can really help me with this thing! (Okay, forget the litter. How about a contribution instead? ;) )
     
  24. tk421

    tk421 Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    21
    Okay, here are the logs for the last program you recommended:


    Log 1:



    Module information for 'explorer.exe'
    MODULE BASE SIZE PATH
    explorer.exe 1000000 1019904 C:\WINDOWS\explorer.exe 6.00.2800.1106 (xpsp1.020828-1920) Explorateur Windows
    ntdll.dll 77f40000 712704 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL Couche NT
    kernel32.dll 77e40000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL du client API BASE Windows NT
    msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
    ADVAPI32.dll 77da0000 647168 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) API avancées Windows 32
    RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
    GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
    USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL client de l'API Utilisateur de Windows XP
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Bibliothèque d'utilitaires légers du Shell
    SHELL32.dll 77390000 8388608 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) DLL commune du shell Windows
    ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE pour Windows
    OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Bibliothèque de l'interface utilisateur du navigateur
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Bibliothèque d'objets et de contrôles de documents de l'environnement
    UxTheme.dll 5b090000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliothèque de thèmes Ux Microsoft
    IMM32.DLL 76320000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
    LPK.DLL 62dc0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-114:cool: Language Pack
    USP10.dll 72ef0000 368640 C:\WINDOWS\System32\USP10.dll 1.0409.2600.1106 (xpsp1.020828-1920) Uniscribe Unicode script processor
    comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
    comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
    MSCTF.dll 74690000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL de MSCTF Server
    ophook32.dll 10000000 176128 C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll 11.0 OCR Aware Hook (32-bit)
    VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-114:cool: Version Checking and File Installation Libraries
    msctfime.ime 8c0000 176128 C:\WINDOWS\System32\msctfime.ime 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Text Frame Work Service IME
    appHelp.dll 75ed0000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
    CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
    COMRes.dll 77000000 868352 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
    cscui.dll 765b0000 331776 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) IU de cache côté client
    CSCDLL.dll 76590000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-114:cool: Agent réseau hors connexion
    themeui.dll 5b950000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) API Windows Theme
    Secur32.dll 76f40000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
    MSIMG32.dll 76310000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
    Msimtf.dll 74660000 155648 C:\WINDOWS\System32\Msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
    USERENV.dll 75a00000 684032 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
    ACTXPRXY.DLL 71ca0000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-114:cool: ActiveX Interface Marshaling Library
    msutb.dll 5ffb0000 196608 C:\WINDOWS\System32\msutb.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL MSUTB Server
    netapi32.dll 71b80000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
    SAMLIB.dll 71b50000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
    msi.dll 1440000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
    SXS.DLL 75e20000 688128 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
    ntshrui.dll 76930000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Extensions de l'interpréteur de commandes pour le partage
    ATL.DLL 76ac0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    SETUPAPI.dll 76610000 966656 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Installation de L'API Windows
    NETSHELL.dll 75c80000 1658880 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Noyau des Connexions réseau
    credui.dll 76bb0000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Interface utilisateur du gestionnaire d'informations d'identification
    WS2_32.dll 719f0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 719e0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-114:cool: Application d'assistance de Windows Socket 2.0 pour Windows NT
    iphlpapi.dll 76d10000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) API de l'application d'assistance IP
    WINSTA.dll 762f0000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
    webcheck.dll 74aa0000 274432 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Contrôleur de site Web
    stobject.dll 74a70000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Objet du service d'environnement Systray
    BatMeter.dll 74a60000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-114:cool: DLL d'application d'assistance de Jauge de batterie
    POWRPROF.dll 74a40000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-114:cool: Power Profile Helper DLL
    WTSAPI32.dll 76f00000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
    system32.dll 1890000 32768 C:\WINDOWS\system32\system32.dll
    comdlg32.dll 76340000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL commune de boîtes de dialogues
    WINMM.dll 76ae0000 188416 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL API MCI
    serwvdrv.dll 5d0a0000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-114:cool: Pilote son série Unimodem
    umdmxfrm.dll 5b3c0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-114:cool: Unimodem Tranform Module
    wdmaud.drv 72c70000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-114:cool: WDM Audio driver mapper
    msacm32.drv 72c60000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-114:cool: Mappeur de sons Microsoft
    MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-114:cool: Filtre audio ACM Microsoft
    midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-114:cool: Mappeur MIDI Microsoft
    browselc.dll 723a0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliothèque de l'interface utilisateur du navigateur Shell
    WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Extensions Internet pour Win32
    CRYPT32.dll 76250000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
    MSASN1.dll 76230000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1274 (xpsp2.030825-2117) ASN.1 Runtime APIs
    AcroIEHelper.dll 23f0000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
    SDHelper.dll 2440000 765952 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 1, 3, 0, 12 Bad download blocker
    olepro32.dll 5f140000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft (R) OLE Property Support DLL
    NavShExt.dll 2610000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll 9.05.15 Norton AntiVirusNAVShellExt Module
    ccTrust.dll 2630000 106496 C:\WINDOWS\System32\ccTrust.dll 1.01.08 Common Client ccTrust
    MSVCP60.dll 76010000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
    urlmon.dll 1a400000 499712 C:\WINDOWS\System32\urlmon.dll 6.00.2800.1400 Extensions OLE32 pour Win32
    DUSER.dll 6c650000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
    LINKINFO.dll 76920000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Volume Tracking
    msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
    MPR.dll 71a60000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-114:cool: DLL de routeur de fournisseurs multiples
    drprov.dll 75ef0000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Terminal Server Network Provider
    ntlanman.dll 71b70000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Gestionnaire de réseau local Microsoft®
    NETUI0.dll 71c30000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-114:cool: Code commun NT LM UI - Classes GUI
    NETUI1.dll 71bf0000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-114:cool: NT LM UI Common Code - Networking classes
    NETRAP.dll 71be0000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-114:cool: Net Remote Admin Protocol DLL
    davclnt.dll 75f00000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-114:cool: Fichier DLL du client DAV pour le Web
    MSGINA.dll 75900000 995328 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 (xpsp1.020828-1920) Ouverture de session Windows NT GINA DLL
    ODBC32.dll 2cc0000 204800 C:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager
    odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - Ressources ODBC
    RASAPI32.dll 76e90000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) API d'Accès réseau à distance
    rasman.dll 76e40000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
    TAPI32.dll 76e60000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL Client de l'API Microsoft® Windows(TM) Téléphonie
    rtutils.dll 76e30000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-114:cool: Routing Utilities
    printui.dll 74af0000 548864 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL de l'IU d'impression
    WINSPOOL.DRV 72f50000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Pilote de spouleur Windows
    ACTIVEDS.dll 76df0000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-114:cool: DLL de la couche de routage AD
    adsldpc.dll 76dc0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL C du fournisseur LDAP AD
    WLDAP32.dll 76f10000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL API LDAP Win32
    CFGMGR32.dll 74a50000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-114:cool: Configuration Manager Forwarder DLL
    WINTRUST.dll 76be0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-114:cool: API Microsoft de vérification de la confiance
    IMAGEHLP.dll 76c40000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
    asfsipc.dll 70ee0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
    MSISIP.DLL 60990000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
    wshext.dll 74e10000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
    wshFR.DLL 59000000 57344 C:\WINDOWS\System32\wshFR.DLL 5.6.0.6626 Ressources internationales de Microsoft (r) Windows Script Host
    ScrTrust.dll 1320000 53248 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrTrust.dll 1, 1, 0, 126 ScriptBlocking Trust Verifier
    MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub





    Log 2:


    Module information for 'iexplore.exe'
    MODULE BASE SIZE PATH
    iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
    ntdll.dll 77f40000 712704 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL Couche NT
    kernel32.dll 77e40000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL du client API BASE Windows NT
    msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
    USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL client de l'API Utilisateur de Windows XP
    GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
    ADVAPI32.dll 77da0000 647168 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) API avancées Windows 32
    RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Bibliothèque d'utilitaires légers du Shell
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Bibliothèque d'objets et de contrôles de documents de l'environnement
    IMM32.DLL 76320000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
    LPK.DLL 62dc0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-114:cool: Language Pack
    USP10.dll 72ef0000 368640 C:\WINDOWS\System32\USP10.dll 1.0409.2600.1106 (xpsp1.020828-1920) Uniscribe Unicode script processor
    comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
    SHELL32.dll 77390000 8388608 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) DLL commune du shell Windows
    comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
    ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE pour Windows
    uxtheme.dll 5b090000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliothèque de thèmes Ux Microsoft
    MSCTF.dll 74690000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL de MSCTF Server
    ophook32.dll 10000000 176128 C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll 11.0 OCR Aware Hook (32-bit)
    OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
    VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-114:cool: Version Checking and File Installation Libraries
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Bibliothèque de l'interface utilisateur du navigateur
    browselc.dll 723a0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliothèque de l'interface utilisateur du navigateur Shell
    appHelp.dll 75ed0000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
    CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
    COMRes.dll 77000000 868352 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
    msctfime.ime b20000 176128 C:\WINDOWS\System32\msctfime.ime 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Text Frame Work Service IME
    Msimtf.dll 74660000 155648 C:\WINDOWS\System32\Msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
    WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Extensions Internet pour Win32
    CRYPT32.dll 76250000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
    MSASN1.dll 76230000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1274 (xpsp2.030825-2117) ASN.1 Runtime APIs
    Secur32.dll 76f40000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
    SETUPAPI.dll 76610000 966656 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Installation de L'API Windows
    NavShExt.dll 1590000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll 9.05.15 Norton AntiVirusNAVShellExt Module
    ccTrust.dll 15b0000 106496 C:\WINDOWS\System32\ccTrust.dll 1.01.08 Common Client ccTrust
    MSVCP60.dll 76010000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
    ATL.DLL 76ac0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    AcroIEHelper.dll 1610000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
    SDHelper.dll 1620000 765952 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 1, 3, 0, 12 Bad download blocker
    olepro32.dll 5f140000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft (R) OLE Property Support DLL
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 Extensions OLE32 pour Win32
    SXS.DLL 75e20000 688128 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
    shdoclc.dll 76100000 581632 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-114:cool: Bibliothèque d'objets et de contrôles de documents de l'environnement
    mlang.dll 746e0000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-114:cool: Multi Language Support DLL
    wsock32.dll 71a10000 36864 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-114:cool: DLL Socket 32-bits Windows
    WS2_32.dll 719f0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 719e0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-114:cool: Application d'assistance de Windows Socket 2.0 pour Windows NT
    mswsock.dll 71990000 245760 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-114:cool: Fournisseur de service Sockets 2.0 de Microsoft Windows
    wshtcpip.dll 719d0000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Sockets Helper DLL
    RASAPI32.DLL 76e90000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) API d'Accès réseau à distance
    rasman.dll 76e40000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
    NETAPI32.dll 71b80000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
    TAPI32.dll 76e60000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL Client de l'API Microsoft® Windows(TM) Téléphonie
    rtutils.dll 76e30000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-114:cool: Routing Utilities
    WINMM.dll 76ae0000 188416 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL API MCI
    serwvdrv.dll 5d0a0000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-114:cool: Pilote son série Unimodem
    umdmxfrm.dll 5b3c0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-114:cool: Unimodem Tranform Module
    msi.dll 1e90000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
    USERENV.dll 75a00000 684032 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Visionneuse HTML Microsoft (R)
    MSLS31.DLL 74630000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
    msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
    wdmaud.drv 72c70000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-114:cool: WDM Audio driver mapper
    msacm32.drv 72c60000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-114:cool: Mappeur de sons Microsoft
    MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-114:cool: Filtre audio ACM Microsoft
    midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-114:cool: Mappeur MIDI Microsoft
    DNSAPI.dll 76ed0000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
    winrnr.dll 76f60000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-114:cool: LDAP RnR Provider DLL
    WLDAP32.dll 76f10000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL API LDAP Win32
    rasadhlp.dll 76f70000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-114:cool: Remote Access AutoDial Helper
    scrauth.dll 2840000 110592 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 0, 126 ScriptBlocking Authenticator
    ScrBlock.dll 2870000 122880 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 0, 126 ScriptBlocking
    wintrust.dll 76be0000 176128 C:\WINDOWS\System32\wintrust.dll 5.131.2600.0 (xpclient.010817-114:cool: API Microsoft de vérification de la confiance
    IMAGEHLP.dll 76c40000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
    cryptnet.dll 73ca0000 65536 C:\WINDOWS\System32\cryptnet.dll 5.131.2600.0 (xpclient.010817-114:cool: Crypto Network Related API
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
    mshtmled.dll 74c20000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Composant d'édition HTML Microsoft (R)
    ACTXPRXY.DLL 71ca0000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-114:cool: ActiveX Interface Marshaling Library
    vbscript.dll 73250000 479232 c:\windows\system32\vbscript.dll 5.6.0.7426 Microsoft (r) VBScript
    imgutil.dll 66cc0000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2800.1106 (xpsp1.020828-1920) IE plugin image decoder support DLL
    plugin.ocx 72a70000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-114:cool: Plugin
    comdlg32.dll 76340000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL commune de boîtes de dialogues
    ntshrui.dll 76930000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Extensions de l'interpréteur de commandes pour le partage




    LOg 6:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710




    Thanks again a million times for the help! I hope that your hedgehogs are doing well now!
     
  25. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    nothing showing in any of the logs

    I'm baffled, let's see if anyone else has any ideas
     
Thread Status:
Not open for further replies.