Please help w/ Hijack log..please!

Discussion in 'adware, spyware & hijack cleaning' started by CarolynB, Apr 22, 2004.

Thread Status:
Not open for further replies.
  1. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    I ran Norton last night and it quarantined many trojans. BUt, it couldn't fix or quarantine 15 others! I downloaded Spybot S&D, Adaware^, CWShredder and Hijackthis. (I had been getting tons of pop ups). I got rid of a bunch in Adaware (I hope I didn't delete anything important) and Spybot and also Shredder. I tried to read my HJT file on my own using a tutoraila nd managed to find 3 taht I knew was okay to fix but i don't know about anything else.
    Can someone let me know how to fix this? Thank you so much!
    Carolyn

    Logfile of HijackThis v1.97.7
    Scan saved at 5:41:24 PM, on 04/22/04
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\corn rule bows\defaultpilepure.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {D88868D4-1BFF-4F17-8E32-F959F36FEE83} - C:\WINNT\System32\cdofga.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Anti fast] C:\PROGRA~1\corn rule bows\defaultpilepure.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/202a71cb0aba4bbc6f22/netzip/RdxIE601.cab
    O19 - User stylesheet: C:\WINNT\color.css
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi CarolynB,

    Download this file: http://tools.zerosrealm.com/pv.zip and unzip it to the desktop. It will not work if you run it from inside the zip.
    Be sure to have one Internet Explorer window open, then double click on the runme.bat.
    When you doubleclick runme.bat you will get a screen with a few options. Please select option 1 for explorer dll's by typing 1 and then pressing enter.
    The txt file that gets made then is the one we need.

    Under the Post Windows you will find the Additional Options, please check Disable smilies in text, or you will get an error when trying to post the log.

    Regards,

    Pieter
     
  3. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    Hi Pieter~
    Here's my log:
    Module information for 'Explorer.exe'
    MODULE BASE SIZE PATH
    Explorer.exe 400000 245760 C:\WINNT\Explorer.exe 5.00.2920.0000 Windows Explorer
    ntdll.dll 77f80000 495616 C:\WINNT\System32\ntdll.dll 5.00.2163.1 NT Layer DLL
    ADVAPI32.DLL 77db0000 368640 C:\WINNT\system32\ADVAPI32.DLL 5.00.2191.1 Advanced Windows 32 Base API
    KERNEL32.DLL 77e80000 745472 C:\WINNT\system32\KERNEL32.DLL 5.00.2191.1 Windows NT BASE API Client DLL
    RPCRT4.DLL 77d40000 454656 C:\WINNT\system32\RPCRT4.DLL 5.00.2193.1 Remote Procedure Call Runtime
    GDI32.DLL 77f40000 245760 C:\WINNT\system32\GDI32.DLL 5.00.2180.1 GDI Client DLL
    USER32.DLL 77e10000 413696 C:\WINNT\system32\USER32.DLL 5.00.2180.1 Windows 2000 USER API Client DLL
    SHLWAPI.DLL 70bd0000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library
    msvcrt.dll 78000000 286720 C:\WINNT\system32\msvcrt.dll 6.10.8637.0 Microsoft (R) C Runtime Library
    COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
    log.dll 61c00000 61440 c:\winnt\system32\log.dll
    SHELL32.dll 775a0000 2359296 C:\WINNT\system32\SHELL32.dll 5.00.2920.0000 Windows Shell Common Dll
    OLE32.DLL 77a50000 1003520 C:\WINNT\system32\OLE32.DLL 5.00.2181.1 Microsoft OLE for Windows
    CLBCATQ.DLL 77cc0000 524288 C:\WINNT\System32\CLBCATQ.DLL 1999.9.3422.14
    OLEAUT32.DLL 779b0000 610304 C:\WINNT\system32\OLEAUT32.DLL 2.40.4512
    cscui.dll 77850000 245760 C:\WINNT\System32\cscui.dll 5.00.2172.1 Client Side Caching UI
    CSCDLL.DLL 770c0000 143360 C:\WINNT\System32\CSCDLL.DLL 5.00.2189.1 Offline Network Agent
    SHDOCVW.DLL 71000000 1347584 C:\WINNT\System32\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    browseui.dll 71160000 1036288 C:\WINNT\System32\browseui.dll 6.00.2800.1106 Shell Browser UI Library
    USERENV.DLL 77c10000 380928 C:\WINNT\System32\USERENV.DLL 5.00.2185.1 Userenv
    URLMON.DLL 702b0000 499712 C:\WINNT\system32\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2134.1 Version Checking and File Installation Libraries
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2134.1 LZ Expand/Compress API DLL
    mlang.dll 70440000 585728 C:\WINNT\System32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
    mshtml.dll 70c50000 2805760 C:\WINNT\System32\mshtml.dll 6.00.2800.1106 Microsoft (R) HTML Viewer
    WININET.DLL 70200000 610304 C:\WINNT\system32\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32
    CRYPT32.dll 77440000 491520 C:\WINNT\system32\CRYPT32.dll 5.131.2173.1 Crypto API32
    MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2134.1 ASN.1 Runtime APIs
    RASAPI32.DLL 774e0000 204800 C:\WINNT\System32\RASAPI32.DLL 5.00.2188.1 Remote Access API
    RASMAN.DLL 774c0000 69632 C:\WINNT\System32\RASMAN.DLL 5.00.2188.1 Remote Access Connection Manager
    WS2_32.DLL 75030000 81920 C:\WINNT\System32\WS2_32.DLL 5.00.2134.1 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\System32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
    TAPI32.DLL 77530000 139264 C:\WINNT\System32\TAPI32.DLL 5.00.2182.1 Microsoft® Windows(TM) Telephony API Client DLL
    RTUTILS.DLL 77830000 57344 C:\WINNT\System32\RTUTILS.DLL 5.00.2168.1 Routing Utilities
    NETSHELL.dll 76f20000 479232 C:\WINNT\system32\NETSHELL.dll 5.00.2176.1 Network Connections Shell
    webcheck.dll 70340000 266240 C:\WINNT\System32\webcheck.dll 6.00.2800.1106 Web Site Monitor
    stobject.dll 766d0000 98304 C:\WINNT\System32\stobject.dll 5.00.2144.1 Systray shell service object
    BATMETER.DLL 76740000 32768 C:\WINNT\System32\BATMETER.DLL 5.00.2920.0000 Battery Meter Helper DLL
    SETUPAPI.DLL 77890000 577536 C:\WINNT\System32\SETUPAPI.DLL 5.00.2183.1 Windows Setup API
    POWRPROF.DLL 766f0000 28672 C:\WINNT\System32\POWRPROF.DLL 5.00.2920.0000 Power Profile Helper DLL
    WINMM.DLL 77570000 196608 C:\WINNT\System32\WINMM.DLL 5.00.2161.1 MCI API DLL
    netapi32.dll 75170000 323584 C:\WINNT\System32\netapi32.dll 5.00.2194.1 Net Win32 API DLL
    SECUR32.DLL 77be0000 61440 C:\WINNT\System32\SECUR32.DLL 5.00.2154.1 Security Support Provider Interface
    NETRAP.DLL 751c0000 24576 C:\WINNT\System32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL
    SAMLIB.DLL 75150000 61440 C:\WINNT\System32\SAMLIB.DLL 5.00.2160.1 SAM Library DLL
    WLDAP32.DLL 77950000 167936 C:\WINNT\system32\WLDAP32.DLL 5.00.2168.1 Win32 LDAP API DLL
    DNSAPI.DLL 77980000 147456 C:\WINNT\System32\DNSAPI.DLL 5.00.2181.1 DNS Client API DLL
    WSOCK32.DLL 75050000 32768 C:\WINNT\System32\WSOCK32.DLL 5.00.2152.1 Windows Socket 32-Bit DLL
    MSI.DLL 770f0000 1822720 C:\WINNT\System32\MSI.DLL 1.10.1029.0 Windows Installer
    shdoclc.dll 718c0000 540672 C:\WINNT\System32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
    wdmaud.drv 77560000 36864 C:\WINNT\System32\wdmaud.drv 5.00.2147.1 WDM Audio driver mapper
    msacm32.drv 77400000 32768 C:\WINNT\System32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
    MSACM32.dll 77410000 77824 C:\WINNT\System32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
    jscript.dll 6b700000 589824 C:\WINNT\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
    MSLS31.DLL 75ac0000 163840 C:\WINNT\System32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
    IMM32.DLL 75e60000 106496 C:\WINNT\System32\IMM32.DLL 5.00.2180.1 Windows 2000 IMM32 API Client DLL
    MPR.DLL 75090000 65536 C:\WINNT\system32\MPR.DLL 5.00.2146.1 Multiple Provider Router DLL
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2157.1 Microsoft® Lan Manager
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2134.1 NT LM UI Common Code - GUI Classes
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
    mydocs.dll 76df0000 69632 C:\WINNT\System32\mydocs.dll 5.00.2920.0000 My Documents Folder UI
    ntshrui.dll 76fa0000 61440 C:\WINNT\System32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
    ATL.DLL 773e0000 73728 C:\WINNT\System32\ATL.DLL 3.00.8449 ATL Module for Windows NT (Unicode)
    idleproc.dll 67f00000 28672 C:\Program Files\America Online 9.0\idleproc.dll 9.00.000 IDLEPROC DLL
    CfgMgr32.dll 770b0000 28672 C:\WINNT\System32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
    fontext.dll 6fdd0000 233472 C:\WINNT\System32\fontext.dll 5.00.2152.1 Windows Font Folder
    comdlg32.dll 76b30000 253952 C:\WINNT\system32\comdlg32.dll 5.00.2920.0000 Common Dialogs DLL
    LINKINFO.DLL 76710000 36864 C:\WINNT\System32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
    browselc.dll 71960000 73728 C:\WINNT\System32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
    imgutil.dll 70510000 40960 C:\WINNT\System32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL
    msadp32.acm 75d40000 24576 C:\WINNT\System32\msadp32.acm 5.00.2134.1 Microsoft ADPCM CODEC for MSACM
    USP10.DLL 66650000 344064 C:\WINNT\System32\USP10.DLL 1.0325.2180.1 Uniscribe Unicode script processor
    NTMARTA.DLL 69bf0000 118784 C:\WINNT\System32\NTMARTA.DLL 5.00.2158.1 Windows NT MARTA provider
    WINSPOOL.DRV 77800000 118784 C:\WINNT\System32\WINSPOOL.DRV 5.00.2167.1 Windows Spooler Driver
    NTDSAPI.dll 77bf0000 69632 C:\WINNT\System32\NTDSAPI.dll 5.00.2160.1 NT5DS
    AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
    cdofga.dll 4280000 53248 C:\WINNT\System32\cdofga.dll
    webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library
    docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
    MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2134.1 Microsoft Video for Windows DLL
    AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2134.1 Microsoft AVI File support library
    faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Please download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    c:\winnt\system32\log.dll

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The c:\winnt\system32\log.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

    Please also post a new Hijack This log. along with a new explorer.bat log.

    there will be a few things to fix later on including the LOP parasite
     
  5. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    Hi Derek~
    Did everything you said and here is the new hijack this log followed by the explorer.bat log.
    Thanks for the help.

    carolyn
    Logfile of HijackThis v1.97.7
    Scan saved at 3:57:39 PM, on 04/23/04
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\corn rule bows\defaultpilepure.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {D88868D4-1BFF-4F17-8E32-F959F36FEE83} - C:\WINNT\System32\cdofga.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Anti fast] C:\PROGRA~1\corn rule bows\defaultpilepure.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/202a71cb0aba4bbc6f22/netzip/RdxIE601.cab
    O19 - User stylesheet: C:\WINNT\color.css

    And the new explorer.bat file. (hope it all fits!)
     
  6. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    oops..guess it didn't fit! Here it is.


    Module information for 'Explorer.exe'
    MODULE BASE SIZE PATH
    Explorer.exe 400000 245760 C:\WINNT\Explorer.exe 5.00.2920.0000 Windows Explorer
    ntdll.dll 77f80000 495616 C:\WINNT\System32\ntdll.dll 5.00.2163.1 NT Layer DLL
    ADVAPI32.DLL 77db0000 368640 C:\WINNT\system32\ADVAPI32.DLL 5.00.2191.1 Advanced Windows 32 Base API
    KERNEL32.DLL 77e80000 745472 C:\WINNT\system32\KERNEL32.DLL 5.00.2191.1 Windows NT BASE API Client DLL
    RPCRT4.DLL 77d40000 454656 C:\WINNT\system32\RPCRT4.DLL 5.00.2193.1 Remote Procedure Call Runtime
    GDI32.DLL 77f40000 245760 C:\WINNT\system32\GDI32.DLL 5.00.2180.1 GDI Client DLL
    USER32.DLL 77e10000 413696 C:\WINNT\system32\USER32.DLL 5.00.2180.1 Windows 2000 USER API Client DLL
    SHLWAPI.DLL 70bd0000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library
    msvcrt.dll 78000000 286720 C:\WINNT\system32\msvcrt.dll 6.10.8637.0 Microsoft (R) C Runtime Library
    COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
    SHELL32.dll 775a0000 2359296 C:\WINNT\system32\SHELL32.dll 5.00.2920.0000 Windows Shell Common Dll
    OLE32.DLL 77a50000 1003520 C:\WINNT\system32\OLE32.DLL 5.00.2181.1 Microsoft OLE for Windows
    CLBCATQ.DLL 77cc0000 524288 C:\WINNT\System32\CLBCATQ.DLL 1999.9.3422.14
    OLEAUT32.DLL 779b0000 610304 C:\WINNT\system32\OLEAUT32.DLL 2.40.4512
    cscui.dll 77850000 245760 C:\WINNT\System32\cscui.dll 5.00.2172.1 Client Side Caching UI
    CSCDLL.DLL 770c0000 143360 C:\WINNT\System32\CSCDLL.DLL 5.00.2189.1 Offline Network Agent
    SHDOCVW.DLL 71000000 1347584 C:\WINNT\System32\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    browseui.dll 71160000 1036288 C:\WINNT\System32\browseui.dll 6.00.2800.1106 Shell Browser UI Library
    USERENV.DLL 77c10000 380928 C:\WINNT\System32\USERENV.DLL 5.00.2185.1 Userenv
    URLMON.DLL 702b0000 499712 C:\WINNT\system32\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2134.1 Version Checking and File Installation Libraries
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2134.1 LZ Expand/Compress API DLL
    mlang.dll 70440000 585728 C:\WINNT\System32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
    mshtml.dll 70c50000 2805760 C:\WINNT\System32\mshtml.dll 6.00.2800.1106 Microsoft (R) HTML Viewer
    WININET.DLL 70200000 610304 C:\WINNT\system32\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32
    CRYPT32.dll 77440000 491520 C:\WINNT\system32\CRYPT32.dll 5.131.2173.1 Crypto API32
    MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2134.1 ASN.1 Runtime APIs
    RASAPI32.DLL 774e0000 204800 C:\WINNT\System32\RASAPI32.DLL 5.00.2188.1 Remote Access API
    RASMAN.DLL 774c0000 69632 C:\WINNT\System32\RASMAN.DLL 5.00.2188.1 Remote Access Connection Manager
    WS2_32.DLL 75030000 81920 C:\WINNT\System32\WS2_32.DLL 5.00.2134.1 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\System32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
    TAPI32.DLL 77530000 139264 C:\WINNT\System32\TAPI32.DLL 5.00.2182.1 Microsoft® Windows(TM) Telephony API Client DLL
    RTUTILS.DLL 77830000 57344 C:\WINNT\System32\RTUTILS.DLL 5.00.2168.1 Routing Utilities
    sensapi.dll 75ab0000 20480 C:\WINNT\System32\sensapi.dll 5.00.2163.1 SENS Connectivity API DLL
    shdoclc.dll 718c0000 540672 C:\WINNT\System32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
    jscript.dll 6b700000 589824 C:\WINNT\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
    MSLS31.DLL 75ac0000 163840 C:\WINNT\System32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
    IMM32.DLL 75e60000 106496 C:\WINNT\System32\IMM32.DLL 5.00.2180.1 Windows 2000 IMM32 API Client DLL
    MPR.DLL 75090000 65536 C:\WINNT\system32\MPR.DLL 5.00.2146.1 Multiple Provider Router DLL
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2157.1 Microsoft® Lan Manager
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2134.1 NT LM UI Common Code - GUI Classes
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
    NETAPI32.DLL 75170000 323584 C:\WINNT\System32\NETAPI32.DLL 5.00.2194.1 Net Win32 API DLL
    SECUR32.DLL 77be0000 61440 C:\WINNT\System32\SECUR32.DLL 5.00.2154.1 Security Support Provider Interface
    NETRAP.DLL 751c0000 24576 C:\WINNT\System32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL
    SAMLIB.DLL 75150000 61440 C:\WINNT\System32\SAMLIB.DLL 5.00.2160.1 SAM Library DLL
    WLDAP32.DLL 77950000 167936 C:\WINNT\system32\WLDAP32.DLL 5.00.2168.1 Win32 LDAP API DLL
    DNSAPI.DLL 77980000 147456 C:\WINNT\System32\DNSAPI.DLL 5.00.2181.1 DNS Client API DLL
    WSOCK32.DLL 75050000 32768 C:\WINNT\System32\WSOCK32.DLL 5.00.2152.1 Windows Socket 32-Bit DLL
    NETSHELL.dll 76f20000 479232 C:\WINNT\system32\NETSHELL.dll 5.00.2176.1 Network Connections Shell
    MSI.DLL 770f0000 1822720 C:\WINNT\System32\MSI.DLL 1.10.1029.0 Windows Installer
    webcheck.dll 70340000 266240 C:\WINNT\System32\webcheck.dll 6.00.2800.1106 Web Site Monitor
    stobject.dll 766d0000 98304 C:\WINNT\System32\stobject.dll 5.00.2144.1 Systray shell service object
    BATMETER.DLL 76740000 32768 C:\WINNT\System32\BATMETER.DLL 5.00.2920.0000 Battery Meter Helper DLL
    SETUPAPI.DLL 77890000 577536 C:\WINNT\System32\SETUPAPI.DLL 5.00.2183.1 Windows Setup API
    POWRPROF.DLL 766f0000 28672 C:\WINNT\System32\POWRPROF.DLL 5.00.2920.0000 Power Profile Helper DLL
    WINMM.DLL 77570000 196608 C:\WINNT\System32\WINMM.DLL 5.00.2161.1 MCI API DLL
    mydocs.dll 76df0000 69632 C:\WINNT\System32\mydocs.dll 5.00.2920.0000 My Documents Folder UI
    ntshrui.dll 76fa0000 61440 C:\WINNT\System32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
    ATL.DLL 773e0000 73728 C:\WINNT\System32\ATL.DLL 3.00.8449 ATL Module for Windows NT (Unicode)
    wdmaud.drv 77560000 36864 C:\WINNT\System32\wdmaud.drv 5.00.2147.1 WDM Audio driver mapper
    msacm32.drv 77400000 32768 C:\WINNT\System32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
    MSACM32.dll 77410000 77824 C:\WINNT\System32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
    es.dll 76290000 249856 C:\WINNT\System32\es.dll 1999.9.3422.21
    TXFAUX.DLL 76120000 360448 C:\WINNT\System32\TXFAUX.DLL 1999.9.3422.24 Support routines for TXF
    CfgMgr32.dll 770b0000 28672 C:\WINNT\System32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
    fontext.dll 6fdd0000 233472 C:\WINNT\System32\fontext.dll 5.00.2152.1 Windows Font Folder
    comdlg32.dll 76b30000 253952 C:\WINNT\system32\comdlg32.dll 5.00.2920.0000 Common Dialogs DLL
    browselc.dll 71960000 73728 C:\WINNT\System32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
    AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
    cdofga.dll 2d70000 53248 C:\WINNT\System32\cdofga.dll
    LINKINFO.DLL 76710000 36864 C:\WINNT\System32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
    webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library
    imgutil.dll 70510000 40960 C:\WINNT\System32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL
    msadp32.acm 75d40000 24576 C:\WINNT\System32\msadp32.acm 5.00.2134.1 Microsoft ADPCM CODEC for MSACM
    mshtmled.dll 70f30000 450560 C:\WINNT\System32\mshtmled.dll 6.00.2800.1106 Microsoft (R) HTML Editing Component
    docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
    MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2134.1 Microsoft Video for Windows DLL
    AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2134.1 Microsoft AVI File support library
    faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
    USP10.DLL 66650000 344064 C:\WINNT\System32\USP10.DLL 1.0325.2180.1 Uniscribe Unicode script processor
    idleproc.dll 67f00000 28672 C:\Program Files\America Online 9.0\idleproc.dll 9.00.000 IDLEPROC DLL
    WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    First download CWshredder from https://www.wilderssecurity.com/showthread.php?t=14086

    boot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\cdofga.dll/sp.html (obfuscated)
    O2 - BHO: (no name) - {D88868D4-1BFF-4F17-8E32-F959F36FEE83} - C:\WINNT\System32\cdofga.dll
    O4 - HKLM\..\Run: [Anti fast] C:\PROGRA~1\corn rule bows\defaultpilepure.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/202a71c...ip/RdxIE601.cab
    O19 - User stylesheet: C:\WINNT\color.css

    Delete these files
    C:\WINNT\color.css
    C:\WINNT\System32\cdofga.dll

    and these folders
    C:\PROGRAM FILES\corn rule bows

    Now Run Cwshreddder
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.


    Reboot After running cwshredder and as soon as possible follow this advice:
    Now as CWS Hijacks are normally installed via the byte verifier exploit in M$ JavaVM, just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    then
    Reboot normally & hopefully it will have all gone

    but please post a new hjt log and pv log to check please
     
  8. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    hi Derek~
    Thanks so very much for your help.
    It's looking so much better but there was one problem. I could not find one of the files you told me to delete. C:\WINNT\System32\cdofga.dll
    I looked in the system 32 file in the C drive and it was not there.
    When I went to the window to uncheck "Hide protected operating system files" and also untick "hide extensions for known file types" there was no option to "Apply to all folders". I did click "apply" then "ok". (is untick the same as uncheck? That is what I did. )
    Would this mess anything up?
    I went to Microsoft Updates and installed 3 updates but not the service pack that gives information about new updates, etc. I started to, but before install could finish it said to back up my system and update service repair disk and I have no idea how to do any of that.
    What should I do about finding the hidden file? It didn't show up on the log but I didn't delete it from my computer.
    Here is the newest HJT log and in the next post will be the pv log.
    Thanks again!
    Carolyn

    Logfile of HijackThis v1.97.7
    Scan saved at 9:36:29 PM, on 04/23/04
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38100.7784375
     
  9. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    And here is the pv log....
    Thanks!!!!
    Carolyn


    Module information for 'Explorer.exe'
    MODULE BASE SIZE PATH
    Explorer.exe 400000 245760 C:\WINNT\Explorer.exe 5.00.2920.0000 Windows Explorer
    ntdll.dll 77f80000 495616 C:\WINNT\System32\ntdll.dll 5.00.2163.1 NT Layer DLL
    ADVAPI32.DLL 77db0000 368640 C:\WINNT\system32\ADVAPI32.DLL 5.00.2191.1 Advanced Windows 32 Base API
    KERNEL32.DLL 77e80000 745472 C:\WINNT\system32\KERNEL32.DLL 5.00.2191.1 Windows NT BASE API Client DLL
    RPCRT4.DLL 77d40000 454656 C:\WINNT\system32\RPCRT4.DLL 5.00.2193.1 Remote Procedure Call Runtime
    GDI32.DLL 77f40000 245760 C:\WINNT\system32\GDI32.DLL 5.00.2180.1 GDI Client DLL
    USER32.DLL 77e10000 413696 C:\WINNT\system32\USER32.DLL 5.00.2180.1 Windows 2000 USER API Client DLL
    SHLWAPI.DLL 70bd0000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library
    msvcrt.dll 78000000 286720 C:\WINNT\system32\msvcrt.dll 6.10.8637.0 Microsoft (R) C Runtime Library
    COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
    SHELL32.dll 775a0000 2359296 C:\WINNT\system32\SHELL32.dll 5.00.2920.0000 Windows Shell Common Dll
    OLE32.DLL 77a50000 1003520 C:\WINNT\system32\OLE32.DLL 5.00.2181.1 Microsoft OLE for Windows
    CLBCATQ.DLL 77cc0000 524288 C:\WINNT\System32\CLBCATQ.DLL 1999.9.3422.14
    OLEAUT32.DLL 779b0000 610304 C:\WINNT\system32\OLEAUT32.DLL 2.40.4512
    SHDOCVW.DLL 71000000 1347584 C:\WINNT\System32\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    browseui.dll 71160000 1036288 C:\WINNT\System32\browseui.dll 6.00.2800.1106 Shell Browser UI Library
    USERENV.DLL 77c10000 380928 C:\WINNT\System32\USERENV.DLL 5.00.2185.1 Userenv
    URLMON.DLL 702b0000 499712 C:\WINNT\system32\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2134.1 Version Checking and File Installation Libraries
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2134.1 LZ Expand/Compress API DLL
    mlang.dll 70440000 585728 C:\WINNT\System32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
    mshtml.dll 70c50000 2805760 C:\WINNT\System32\mshtml.dll 6.00.2800.1106 Microsoft (R) HTML Viewer
    WININET.DLL 70200000 610304 C:\WINNT\system32\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32
    CRYPT32.dll 77440000 491520 C:\WINNT\system32\CRYPT32.dll 5.131.2173.1 Crypto API32
    MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2134.1 ASN.1 Runtime APIs
    RASAPI32.DLL 774e0000 204800 C:\WINNT\System32\RASAPI32.DLL 5.00.2188.1 Remote Access API
    RASMAN.DLL 774c0000 69632 C:\WINNT\System32\RASMAN.DLL 5.00.2188.1 Remote Access Connection Manager
    WS2_32.DLL 75030000 81920 C:\WINNT\System32\WS2_32.DLL 5.00.2134.1 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\System32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
    TAPI32.DLL 77530000 139264 C:\WINNT\System32\TAPI32.DLL 5.00.2182.1 Microsoft® Windows(TM) Telephony API Client DLL
    RTUTILS.DLL 77830000 57344 C:\WINNT\System32\RTUTILS.DLL 5.00.2168.1 Routing Utilities
    NETSHELL.dll 76f20000 479232 C:\WINNT\system32\NETSHELL.dll 5.00.2176.1 Network Connections Shell
    webcheck.dll 70340000 266240 C:\WINNT\System32\webcheck.dll 6.00.2800.1106 Web Site Monitor
    stobject.dll 766d0000 98304 C:\WINNT\System32\stobject.dll 5.00.2144.1 Systray shell service object
    BATMETER.DLL 76740000 32768 C:\WINNT\System32\BATMETER.DLL 5.00.2920.0000 Battery Meter Helper DLL
    SETUPAPI.DLL 77890000 577536 C:\WINNT\System32\SETUPAPI.DLL 5.00.2183.1 Windows Setup API
    POWRPROF.DLL 766f0000 28672 C:\WINNT\System32\POWRPROF.DLL 5.00.2920.0000 Power Profile Helper DLL
    WINMM.DLL 77570000 196608 C:\WINNT\System32\WINMM.DLL 5.00.2161.1 MCI API DLL
    MSI.DLL 770f0000 1822720 C:\WINNT\System32\MSI.DLL 1.10.1029.0 Windows Installer
    cscui.dll 77850000 245760 C:\WINNT\System32\cscui.dll 5.00.2172.1 Client Side Caching UI
    CSCDLL.DLL 770c0000 143360 C:\WINNT\System32\CSCDLL.DLL 5.00.2189.1 Offline Network Agent
    wdmaud.drv 77560000 36864 C:\WINNT\System32\wdmaud.drv 5.00.2147.1 WDM Audio driver mapper
    msacm32.drv 77400000 32768 C:\WINNT\System32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
    MSACM32.dll 77410000 77824 C:\WINNT\System32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
    MPR.DLL 75090000 65536 C:\WINNT\system32\MPR.DLL 5.00.2146.1 Multiple Provider Router DLL
    mydocs.dll 76df0000 69632 C:\WINNT\System32\mydocs.dll 5.00.2920.0000 My Documents Folder UI
    netapi32.dll 75170000 323584 C:\WINNT\System32\netapi32.dll 5.00.2194.1 Net Win32 API DLL
    SECUR32.DLL 77be0000 61440 C:\WINNT\System32\SECUR32.DLL 5.00.2154.1 Security Support Provider Interface
    NETRAP.DLL 751c0000 24576 C:\WINNT\System32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL
    SAMLIB.DLL 75150000 61440 C:\WINNT\System32\SAMLIB.DLL 5.00.2160.1 SAM Library DLL
    WLDAP32.DLL 77950000 167936 C:\WINNT\system32\WLDAP32.DLL 5.00.2168.1 Win32 LDAP API DLL
    DNSAPI.DLL 77980000 147456 C:\WINNT\System32\DNSAPI.DLL 5.00.2181.1 DNS Client API DLL
    WSOCK32.DLL 75050000 32768 C:\WINNT\System32\WSOCK32.DLL 5.00.2152.1 Windows Socket 32-Bit DLL
    ntshrui.dll 76fa0000 61440 C:\WINNT\System32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
    ATL.DLL 773e0000 73728 C:\WINNT\System32\ATL.DLL 3.00.8449 ATL Module for Windows NT (Unicode)
    shdoclc.dll 718c0000 540672 C:\WINNT\System32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
    MSLS31.DLL 75ac0000 163840 C:\WINNT\System32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
    IMM32.DLL 75e60000 106496 C:\WINNT\System32\IMM32.DLL 5.00.2180.1 Windows 2000 IMM32 API Client DLL
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2157.1 Microsoft® Lan Manager
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2134.1 NT LM UI Common Code - GUI Classes
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
    CfgMgr32.dll 770b0000 28672 C:\WINNT\System32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
    fontext.dll 6fdd0000 233472 C:\WINNT\System32\fontext.dll 5.00.2152.1 Windows Font Folder
    comdlg32.dll 76b30000 253952 C:\WINNT\system32\comdlg32.dll 5.00.2920.0000 Common Dialogs DLL
    browselc.dll 71960000 73728 C:\WINNT\System32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
    LINKINFO.DLL 76710000 36864 C:\WINNT\System32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
    imgutil.dll 70510000 40960 C:\WINNT\System32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL
    msadp32.acm 75d40000 24576 C:\WINNT\System32\msadp32.acm 5.00.2134.1 Microsoft ADPCM CODEC for MSACM
    USP10.DLL 66650000 344064 C:\WINNT\System32\USP10.DLL 1.0325.2180.1 Uniscribe Unicode script processor
    jscript.dll 6b700000 589824 C:\WINNT\System32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
    WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
    AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
    webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library
    docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
    MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2134.1 Microsoft Video for Windows DLL
    AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2134.1 Microsoft AVI File support library
    faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
     
  10. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  11. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    Hi Derek~
    Thank you again for helping me with my PC. One more question...do I need to uninstall the Microsoft JVM from Windows because Microsoft no longer supports it and install the Sun Microsytems JVM? I read about it here:
    http://winnetmag.com/Articles/Print.cfm?ArticleID=38206

    Thanks.

    carolyn
     
  12. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    at this stage it's optional

    M$ have just announced that they are being allowed to continue support for it until 2007 now

    provided you keep it updated at M$ updates it seems as safe as SUN

    the latest CWS exploits seem to affect those using SUN as well so they seem to have found a new way in
     
  13. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    Hi Derek~
    After doing all of the updates etc. I just receieved an instant message (AOL) from someone I do not know (Satanchick). Did some of my settings change when I ran all of the spyware software, etc.? I have never received IMS from people I don't know. Thanks for your input!

    Carolyn
     
  14. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    i don't use aol im but i assume that someone has got hold of your details, either from someone who knows it or it's a random chance
     
  15. CarolynB

    CarolynB Registered Member

    Joined:
    Apr 22, 2004
    Posts:
    19
    Okay, thanks for your quick reply. I was just curious.

    Carolyn
     
Thread Status:
Not open for further replies.