1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

.dll file source?

Discussion in 'All Other Software' started by carp, Jan 30, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. carp

    carp Thread Starter

    Joined:
    Jan 18, 2003
    Messages:
    48
    Is there a simple way to establish what program a corrupted .dll file is used for? Examining this file (EONSYSREV_1.DLL) with a text editor didn't help, and a search for this file came up with nothing. :confused:
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It might be a baddie. Have a look here

    I'd run an online scan at Trend Micro HouseCall or Panda Active Scan

    Also please do this:

    Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

    Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and please post the contents here.
     
  3. carp

    carp Thread Starter

    Joined:
    Jan 18, 2003
    Messages:
    48
    Tony,
    I'm running online virus check now. Ad-aware & Spybot do not highlight this file as spyware.

    These are the results of startuplist:

    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ========================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\THUMBS5\THUMBS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\SYGATE\SMC.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\SPYSTOPPER\SPYSTOPPER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\PANICWARE\DPPS2.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    OfficeGuard RegChecker = "C:\Program Files\Kaspersky Lab\ogrc.exe"
    AVPCC = "C:\Program Files\Kaspersky Lab\avpcc.exe" /wait
    Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    zSPGuard = c:\program files\startpage guard\spguard.exe /s /r

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    AVPCC Service = "C:\Program Files\Kaspersky Lab\avpcc.exe" /service

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 30/1/2003, 10:21:52)

    [Rename]
    NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
    NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
    NUL=C:\WINDOWS\COOKIES\INDEX.DAT

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;"C:\Program Files\Executive Software\DiskeeperWorkstation\"
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL - {A5366673-E8CA-11D3-9CD9-0090271D075B}
    (no name) - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL - {206E52E0-D52E-11D4-AD54-0000E86C26F6}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    PCHealth Scheduler for Data Collection.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [{470A6E01-15A3-49B3-B8B9-8EDF4AC1A480}]
    CODEBASE = http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.4070601852
     
  4. carp

    carp Thread Starter

    Joined:
    Jan 18, 2003
    Messages:
    48
    And...Trend Micro virus check came up all clear. Anyway, if this .dll file relates to a buggy program I've recently installed, I suppose I'll find out eventually.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/116123

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice