.dll file source?

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.
C

carp

Thread Starter
Joined
Jan 18, 2003
Messages
48
Is there a simple way to establish what program a corrupted .dll file is used for? Examining this file (EONSYSREV_1.DLL) with a text editor didn't help, and a search for this file came up with nothing. :confused:
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
It might be a baddie. Have a look here

I'd run an online scan at Trend Micro HouseCall or Panda Active Scan

Also please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and please post the contents here.
 
C

carp

Thread Starter
Joined
Jan 18, 2003
Messages
48
Tony,
I'm running online virus check now. Ad-aware & Spybot do not highlight this file as spyware.

These are the results of startuplist:

Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
========================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\THUMBS5\THUMBS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SMC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SPYSTOPPER\SPYSTOPPER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\PANICWARE\DPPS2.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
OfficeGuard RegChecker = "C:\Program Files\Kaspersky Lab\ogrc.exe"
AVPCC = "C:\Program Files\Kaspersky Lab\avpcc.exe" /wait
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
zSPGuard = c:\program files\startpage guard\spguard.exe /s /r

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
AVPCC Service = "C:\Program Files\Kaspersky Lab\avpcc.exe" /service

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 30/1/2003, 10:21:52)

[Rename]
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\COOKIES\INDEX.DAT

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;"C:\Program Files\Executive Software\DiskeeperWorkstation\"
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL - {206E52E0-D52E-11D4-AD54-0000E86C26F6}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{470A6E01-15A3-49B3-B8B9-8EDF4AC1A480}]
CODEBASE = http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.4070601852
 
C

carp

Thread Starter
Joined
Jan 18, 2003
Messages
48
And...Trend Micro virus check came up all clear. Anyway, if this .dll file relates to a buggy program I've recently installed, I suppose I'll find out eventually.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 292 (members: 12, guests: 280)
Top