1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

linklist.cc hijack

Discussion in 'Virus & Other Malware Removal' started by inbigtrouble, Apr 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    Here is the hjt log. can you see whether linklist.cc is present or not? As far as I know the malware file is resk.dll for linklist.cc for my computer. with the help of the pv readme.bat I was able to identify the file but I cannot delete it with killbox

    I appreciate the help.

    Logfile of HijackThis v1.97.7
    Scan saved at 17:06:35, on 13.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
    C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\[email protected]\[email protected]
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\BAHAR\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
    O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Multi Reminders.lnk = C:\Program Files\Multi Reminders\reminder.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.298599537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF84AA48-8F1B-4711-A434-B4AD556534D8}: NameServer = 212.156.4.1,212.156.4.20
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Edit: This is one that i am not familiar with...........but these are instructions from shaddowwar and he is the guy who put this fix together.

    This thing actively hides from windows so deleteing that way is useless. here is the only way that works.

    Please download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    c:\windows\system32\resk.dll

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The c:\windows\system32\resk.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

    When you're back in windows, check to see if there's any change in the search problem and report back.
     
  3. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    good morning. I am very happy to report that I am not hijacked to about:blank this morning. I guess we got rid of that. the linklist.cc remains to be seen as it does not hijack to that page all the time but seems to do it when there is something wrong with the page that I am trying to view. Thanks steve.
     
  4. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    my god. this about:blank is back again. maybe I should just throw out this machine! :mad:
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Ive just arrived.........let me take a look around the web and see how we are doing.

    Dont you dare give up!!
    ;)
     
  6. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    are the cwshredder people aware of this recurring variant? Is it really this tough to crack this time? good luck to you guys. In the meantime do you have other ideas for the guinea pig? We might as well try those while we wait for the real fix.
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Has the LinkList.cc problem gone?.would help to know that.
    ;)
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I got your PM.

    Let's see what your Hijack This log looks like now.
     
  9. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    hello

    here is the hijack this log. it looks clean to me. but as sure as a lot of other things in life, this about:blank hijack will pop up in a few hours for sure.

    Hope you see something in there.

    by the way is it normal that I have two svchost.exe's running?

    Logfile of HijackThis v1.97.7
    Scan saved at 15:37:11, on 19.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Downloads\SetiStats\SetiStats.exe
    C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
    C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\[email protected]\[email protected]
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\ICQ\Icq.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Documents and Settings\BAHAR\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
    O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Multi Reminders.lnk = C:\Program Files\Multi Reminders\reminder.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.298599537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF84AA48-8F1B-4711-A434-B4AD556534D8}: NameServer = 212.156.4.1,212.156.4.20
     
  10. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    hey there steve..just dropped by to let you know that linklist.cc is still intact as well. I have permanent linklist.cc and about:blank... yippeeeee
     
  11. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Let's try this:

    Download this zip.

    http://www.zero.vulc4n.com/downloads/pv.zip

    unzip it to the desktop.

    Be sure to have at least 1 internet explorer window open.

    Double click on the runme.bat

    This will open a command window. In the command window enter the digit 1 by hitting the 1 key on your keyboard and then hit the Enter key.

    Notepad will open with a log in it. Please copy and paste the log into this thread.
     
  13. inbigtrouble

    inbigtrouble Thread Starter

    Joined:
    Apr 9, 2004
    Messages:
    42
    I did this this morning and cleaned out resk.dll which seemed to be the problem. everything is serene for the moment including the linklist.cc

    Thanks for your help and please elt me know if there are other things that need to be cleaned out

    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL
    USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    msctfime.ime 990000 176128 C:\WINDOWS\System32\msctfime.ime
    Msctf.dll 74720000 278528 C:\WINDOWS\System32\Msctf.dll
    Msimtf.dll 746f0000 155648 C:\WINDOWS\System32\Msimtf.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    dlprotect.dll 11000000 192512 C:\Program Files\SpywareGuard\dlprotect.dll
    MSVBVM60.DLL 66000000 1384448 C:\WINDOWS\System32\MSVBVM60.DLL
    NavShExt.dll 1630000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll
    ccTrust.dll 1650000 106496 C:\WINDOWS\System32\ccTrust.dll
    MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    XX2GR.DLL 16d0000 253952 C:\Program Files\GetRight\XX2GR.DLL
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV
    mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    msi.dll 1f90000 2101248 C:\WINDOWS\System32\msi.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    scrauth.dll 2900000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 2a30000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll
    iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    vbscript.dll 73300000 479232 c:\windows\system32\vbscript.dll
    Flash.ocx 43c0000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx
    ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll
    DDRAW.dll 51000000 290816 C:\WINDOWS\System32\DDRAW.dll
    DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll
    MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL
    msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll
    actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll
    SwSupport.dll 69000000 57344 C:\WINDOWS\System32\Macromed\Common\SwSupport.dll
    dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll
    dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll
    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL
    USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    msctfime.ime 990000 176128 C:\WINDOWS\System32\msctfime.ime
    Msctf.dll 74720000 278528 C:\WINDOWS\System32\Msctf.dll
    Msimtf.dll 746f0000 155648 C:\WINDOWS\System32\Msimtf.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    dlprotect.dll 11000000 192512 C:\Program Files\SpywareGuard\dlprotect.dll
    MSVBVM60.DLL 66000000 1384448 C:\WINDOWS\System32\MSVBVM60.DLL
    NavShExt.dll 1670000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll
    ccTrust.dll 1690000 106496 C:\WINDOWS\System32\ccTrust.dll
    MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    XX2GR.DLL 1710000 253952 C:\Program Files\GetRight\XX2GR.DLL
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV
    mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    msi.dll 1fd0000 2101248 C:\WINDOWS\System32\msi.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    scrauth.dll 2a40000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 2b70000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll
    drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll
    ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll
    NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll
    NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll
    NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll
    davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll
    MSGINA.dll 75970000 991232 C:\WINDOWS\System32\MSGINA.dll
    WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll
    ODBC32.dll 3c60000 204800 C:\WINDOWS\System32\ODBC32.dll
    odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    msxml3.dll 72e00000 1134592 C:\WINDOWS\System32\msxml3.dll
    Flash.ocx 48a0000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx
    ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll
    DDRAW.dll 51000000 290816 C:\WINDOWS\System32\DDRAW.dll
    DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll
    vbscript.dll 73300000 479232 c:\windows\system32\vbscript.dll
    SwSupport.dll 69000000 57344 C:\WINDOWS\System32\Macromed\Common\SwSupport.dll
    actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You posted the wrong log. You were supposed to click on runme.bat and then enter the digit 1 to get the exporer.dlls. You entered the digit 2 and got the iexplorer.dlls.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice