hijackThis.log Please Help !

never mind. I was able to locate iexplore.exe.txt on the FAR manager. Here is the log:


Module: iexplore.exe
Full path: C:\Program Files\Internet Explorer\iexplore.exe
File version: 6.00.2800.1106 (xpsp1.020828-1920)
Description: Internet Explorer
PID: 2724
Parent PID: 1784 (Explorer.EXE)
Priority: 8
Threads: 13
Owner: KASH-YQTCFEG5FR\Owner (S-1-5-21-1390067357-507921405-1957994488-1003)
Session: 0

Started at: 9:41:20 PM
Uptime: 00:09:20

GDI Objects: 343
USER Objects: 149

Processor Time: 00:00:13.133 0%
Privileged Time: 00:00:06.063 0%
User Time: 00:00:06.069 0%
Handle Count: 1759
Page File Bytes: 9875456
Page File Bytes Peak: 10616832
Working Set: 25837568
Working Set Peak: 26480640
Pool Nonpaged Bytes: 12496
Pool Paged Bytes: 94864
Private Bytes: 9875456
Page Faults: 9371 0/sec
Virtual Bytes: 100687872
Virtual Bytes Peak: 107094016
IO Data Bytes: 501374 0/sec
IO Read Bytes: 238589 0/sec
IO Write Bytes: 262785 0/sec
IO Other Bytes: 22833816 0/sec
IO Data Operations: 479 0/sec
IO Read Operations: 292 0/sec
IO Write Operations: 187 0/sec
IO Other Operations: 5405 0/sec

Window title: Computer Cops ¯ Spyware - HijackThis ¯ real-yellow-page problem - Microsoft Internet Explorer
HWND: 00160206
Window style: 17CF0000 WS_VISIBLE WS_CLIPSIBLINGS WS_CLIPCHILDREN WS_MAXIMIZE WS_BORDER WS_DLGFRAME WS_SYSMENU WS_THICKFRAME WS_MINIMIZEBOX WS_MAXIMIZEBOX
Extended style: 00000100 WS_EX_CONTROLPARENT WS_EX_STATICEDGE WS_EX_APPWINDOW WS_EX_LAYERED WS_EX_LAYOUTRTL

Command Line:
"C:\Program Files\Internet Explorer\iexplore.exe"

Current Directory: C:\Documents and Settings\Owner\Desktop\

Environment:

=::=::\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KASH-YQTCFEG5FR
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KASH-YQTCFEG5FR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=KASH-YQTCFEG5FR
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

Modules:
Base Size Path (version info is not displayed)
00400000 19000 C:\Program Files\Internet Explorer\iexplore.exe
77F50000 A7000 C:\WINDOWS\System32\ntdll.dll
77E60000 E6000 C:\WINDOWS\system32\kernel32.dll
77C10000 53000 C:\WINDOWS\system32\msvcrt.dll
77D40000 8C000 C:\WINDOWS\system32\USER32.dll
7E090000 41000 C:\WINDOWS\system32\GDI32.dll
77DD0000 8D000 C:\WINDOWS\system32\ADVAPI32.dll
78000000 87000 C:\WINDOWS\system32\RPCRT4.dll
70A70000 65000 C:\WINDOWS\system32\SHLWAPI.dll
71700000 149000 C:\WINDOWS\System32\SHDOCVW.dll
71950000 E4000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
773D0000 7F2000 C:\WINDOWS\system32\SHELL32.dll
77340000 8B000 C:\WINDOWS\system32\comctl32.dll
771B0000 124000 C:\WINDOWS\system32\ole32.dll
5AD70000 34000 C:\WINDOWS\System32\uxtheme.dll
71500000 FD000 C:\WINDOWS\System32\BROWSEUI.dll
72430000 12000 C:\WINDOWS\System32\browselc.dll
75F40000 1F000 C:\WINDOWS\system32\appHelp.dll
7C890000 81000 C:\WINDOWS\System32\CLBCATQ.DLL
77120000 8B000 C:\WINDOWS\system32\OLEAUT32.dll
77050000 C5000 C:\WINDOWS\System32\COMRes.dll
77C00000 7000 C:\WINDOWS\system32\VERSION.dll
63000000 96000 C:\WINDOWS\system32\WININET.dll
762C0000 88000 C:\WINDOWS\system32\CRYPT32.dll
762A0000 10000 C:\WINDOWS\system32\MSASN1.dll
76F90000 10000 C:\WINDOWS\System32\Secur32.dll
76620000 4E000 C:\WINDOWS\System32\cscui.dll
76600000 1B000 C:\WINDOWS\System32\CSCDLL.dll
76670000 E7000 C:\WINDOWS\System32\SETUPAPI.dll
68000000 4D000 C:\Program Files\Yahoo!\Companion\Installs\cpn7\ycomp5_3_16_0.dll
71AD0000 8000 C:\WINDOWS\System32\WSOCK32.dll
71AB0000 14000 C:\WINDOWS\System32\WS2_32.dll
71AA0000 8000 C:\WINDOWS\System32\WS2HELP.dll
76B40000 2C000 C:\WINDOWS\System32\WINMM.dll
6BD00000 D000 C:\WINDOWS\System32\SYNCOR11.DLL
1A400000 7A000 C:\WINDOWS\system32\urlmon.dll
10000000 C000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
01650000 B3000 D:\spyware\SPYBOT~1\SDHelper.dll
5EDD0000 1A000 C:\WINDOWS\System32\olepro32.dll
75E90000 A7000 C:\WINDOWS\System32\SXS.DLL
76170000 88000 C:\WINDOWS\System32\shdoclc.dll
74770000 8F000 C:\WINDOWS\System32\mlang.dll
71A50000 3B000 C:\WINDOWS\system32\mswsock.dll
71A90000 8000 C:\WINDOWS\System32\wshtcpip.dll
76EE0000 37000 C:\WINDOWS\System32\RASAPI32.DLL
76E90000 11000 C:\WINDOWS\System32\rasman.dll
71C20000 4E000 C:\WINDOWS\System32\NETAPI32.dll
76EB0000 2B000 C:\WINDOWS\System32\TAPI32.dll
76E80000 D000 C:\WINDOWS\System32\rtutils.dll
722B0000 5000 C:\WINDOWS\System32\sensapi.dll
75A70000 A5000 C:\WINDOWS\system32\USERENV.dll
01F30000 201000 C:\WINDOWS\System32\msi.dll
76FC0000 5000 C:\WINDOWS\System32\rasadhlp.dll
76F20000 25000 C:\WINDOWS\System32\DNSAPI.dll
76FB0000 7000 C:\WINDOWS\System32\winrnr.dll
76F60000 2C000 C:\WINDOWS\system32\WLDAP32.dll
63580000 2B0000 C:\WINDOWS\System32\mshtml.dll
746F0000 26000 C:\WINDOWS\System32\msimtf.dll
74720000 44000 C:\WINDOWS\System32\MSCTF.dll
746C0000 27000 C:\WINDOWS\System32\MSLS31.DLL
76390000 1C000 C:\WINDOWS\System32\IMM32.DLL
66000000 F000 C:\Program Files\Yahoo!\Companion\Installs\cpn7\pubmod.dll
65000000 2B000 C:\Program Files\Yahoo!\Companion\Installs\cpn7\YPUBC.dll
74CB0000 6F000 C:\WINDOWS\System32\mshtmled.dll
72D20000 9000 C:\WINDOWS\System32\wdmaud.drv
72D10000 8000 C:\WINDOWS\System32\msacm32.drv
77BE0000 14000 C:\WINDOWS\System32\MSACM32.dll
77BD0000 7000 C:\WINDOWS\System32\midimap.dll
6B700000 90000 C:\WINDOWS\System32\jscript.dll
71B20000 11000 C:\WINDOWS\system32\MPR.dll
75F60000 6000 C:\WINDOWS\System32\drprov.dll
71C10000 D000 C:\WINDOWS\System32\ntlanman.dll
71CD0000 16000 C:\WINDOWS\System32\NETUI0.dll
71C90000 3C000 C:\WINDOWS\System32\NETUI1.dll
71C80000 6000 C:\WINDOWS\System32\NETRAP.dll
71BF0000 11000 C:\WINDOWS\System32\SAMLIB.dll
75F70000 9000 C:\WINDOWS\System32\davclnt.dll
75970000 F2000 C:\WINDOWS\System32\MSGINA.dll
76360000 F000 C:\WINDOWS\System32\WINSTA.dll
02A60000 32000 C:\WINDOWS\System32\ODBC32.dll
763B0000 45000 C:\WINDOWS\system32\comdlg32.dll
1F850000 16000 C:\WINDOWS\System32\odbcint.dll
73BA0000 12000 C:\WINDOWS\System32\sti.dll
74AE0000 7000 C:\WINDOWS\System32\CFGMGR32.dll
66E50000 3B000 C:\WINDOWS\System32\iepeers.dll
73000000 23000 C:\WINDOWS\System32\WINSPOOL.DRV
66880000 A000 C:\WINDOWS\System32\imgutil.dll
5E310000 B000 C:\WINDOWS\System32\pngfilt.dll

 

Pieter, Thank you for your help. I recognized that you must have overlooked my log since it was in the second page alreday. I posted the iexplore.exe.txt file yesterday, but you were not online at that time. I appreciate if you take a look at it now and tell me if anything is wrong.

Regards,
Kamran

 

Hi Kamran,

Actually, that is clean as far as I can tell.
Not sure if dvk01 had a look and found what he was looking for.

Is the hijack still returning after every boot?
Oh and are you using XP Home or XP Pro?

Regards,

Pieter

 

I am using Win XP Pro. Yes, unfortunately it comes back once in a while, but not after each reboot. Sometimes after the 3rd or the 4th reboot it comes back and hijacks my default IE address.

dvk01 asked me to download and run pv.zip and run runme.BAT and then post the log from the notepad. I installed and ran the program, but there was nothing written inside the notepad. It opened empty inside after running pv.zip. ( I had my IE open when running) He told me that there should be a log written inside that notepad and therefore, there must be a problem somewhere. Please refer to the couple of previous responses by dvk01 in this post. He asked you to take a look to see if we can solve where the problem might be in.


Thank you.
Kamran

 

Guys,

I think i have finally found the sollution.

Firts use HijackThis to get rid of the 6 lines referring to the autosearch.cc-pest.

Then go to c:\windows and locate the svchost.exe file that will probably be there. Try deleting it. If it says that it can't be deleted because it is present in the memory or something like that, try using spybot search&destroy to get rid of it. Reboot and spybot will clean it off before it gets loaded into your memory.

So far so good...

I also noticed my notepad.exe wouldn't work anymore... Very anoying. I tried viewing the source of a page and nothing worked. I tried looking in my register, couldn't find the cause... And then it hit me. The filesize of the notepad.exe that is located in c:\windows\system32 is exactly the same as the filesize of the c:\windows\svchost.exe that was causing the startpage to be changed in autosearch.cc.

So everytime i tried to open notepad, i ran an infected svchost.exe.

To finalise: Replace the c:\windows\system32\notepad.exe by the notepad.exe that you'll find in c:\windows\ and the problem is over. FINALLY!!

Lemme know if it worked. Greetz!

 

Hi seth_belgium,

1 The hijack you are describing should have been removed by CWShredder without problems. We already tried that.

2 the text file made by FAR also opens in notepad

3 Read https://www.wilderssecurity.com/showthread.php?t=26290

Regards,

Pieter

 

Hi seth_belgium,

I also mentioned that, it doesn't hit me each time I reboot. Sometimes 1 day, it is working flawlessly, and I think I am done with it, like your feeling; but then the next day, it hijacks my IE again.

My notepad also stopped working (I have no idea about the cause). I finally downloaded and replaced my notepad. Now it's working very well.

Regards,
Kamran

 

Hi kamran4149,

Please do keep us posted if that turns out to be the final breakthrough.

Regards,

Pieter

 

Hi Pieter and many thanks for your help. I think this should be the last post. I am realy sorry for all theses hassales. But, dvk01 asked me a couple of days ago to post a log produced by pv.zip (Runme.bat) so that he could check something. I couldn't get it run, I don't know why, but now it seems that it gives me something. I appreciate if you or dvk01 or other staff take a look at the log and if it looks fine, we call it a day !!

Many thanks to all of you and best Regards.
Kamran


Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Windows XP USER API Client DLL
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell Light-weight Utility Library
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Shell Doc Object and Control Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-114 Version Checking and File Installation Libraries
WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet Extensions for Win32
CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-114 Offline Network Agent
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
ycomp5_3_16_0.dll 68000000 315392 C:\Program Files\Yahoo!\Companion\Installs\cpn7\ycomp5_3_16_0.dll 2004, 2, 9, 1 Yahoo! Companion 5.3 for Internet Explorer
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-114 Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 81920 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.1240 (xpsp2.030618-0119) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-114 Windows Socket 2.0 Helper for Windows NT
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
SYNCOR11.DLL 6bd00000 53248 C:\WINDOWS\System32\SYNCOR11.DLL 1.2.3 SynthCore R2.0 Midi Interface Driver
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32 Extensions for Win32
AcroIEHelper.dll 10000000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SDHelper.dll 1760000 733184 D:\spyware\SPYBOT~1\SDHelper.dll
olepro32.dll 5edd0000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft (R) OLE Property Support DLL
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Microsoft (R) HTML Viewer
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-114 Shell Doc Object and Control Library
MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-114 Multi Language Support DLL
msi.dll 2120000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF Server DLL
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-114 WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-114 Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-114 Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-114 Microsoft MIDI Mapper
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-114 Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-114 Windows Sockets Helper DLL
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-114 Routing Utilities
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-114 Remote Access AutoDial Helper
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-114 LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
FLASH.OCX 33d0000 1716224 C:\WINDOWS\System32\Macromed\Flash\FLASH.OCX 7,0,14,0 Macromedia Flash Player 7.0 r14
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
pubmod.dll 66000000 61440 C:\Program Files\Yahoo!\Companion\Installs\cpn7\pubmod.dll 2004, 1, 7, 1 PopupBlocker Module for Yahoo! Companion
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll 5.3.0000000.900 built by: DIRECTX Direct Draw Ex
DDRAW.dll 51000000 290816 C:\WINDOWS\System32\DDRAW.dll 5.3.0000000.900 built by: DIRECTX Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-114 DCI Manager
YPUBC.dll 3890000 176128 C:\Program Files\Yahoo!\Companion\Installs\cpn7\YPUBC.dll 2003.10.22.01 Companion Pop-Up Blocker DLL
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) HTML Editing Component
vbscript.dll 73300000 479232 C:\WINDOWS\System32\vbscript.dll 5.6.0.7426 Microsoft (r) VBScript
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-114 Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-114 Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-114 NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-114 NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-114 Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-114 Web DAV Client DLL

 

Damn, i thought i had the sollution ;-)

By the way, they got me again, my startpage was autosearch.cc all over again :-(

 

Please read: https://www.wilderssecurity.com/showthread.php?t=26290

Pieter

 

A Solution Found For Autosearch.cc

Please read: https://www.wilderssecurity.com/showthread.php?t=26290

Pieter