[Benjette]

I have read through all of the required steps before posting here.

I would also like to add that I am no novice in adware/spyware removal - I have been using HijackThis and Ad-Aware SE on my own for quite some time now, and can read the results well and know which objects to delete.

I've run Ad-Aware until it detects nothing else, and I can't seem to find anything else in my Hijack log that could be causing the problem, which is why I've come here. The pop-ups show up about every 15 minutes, most of them starting with "www.loadingwebsite.com."

Logfile of HijackThis v1.99.1
Scan saved at 2:26:36 PM, on 6/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\6TU1WF6L\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab


Thank you all!

[Advertisements]

Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also

Then do a find files for param32.dll , systr.dll or popup_bl.dll and guninst.exe
Most likely they will be in your C:\WINDOWS\System\ folder

Let me know which ones are found where.

Regards,

[Metallica]

Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also

Then do a find files for param32.dll , systr.dll or popup_bl.dll and guninst.exe
Most likely they will be in your C:\WINDOWS\System\ folder

Let me know which ones are found where.

Regards,

[Benjette]

File downloaded and installed.

Searched for:

param32.dll
systr.dll
popup_dl.dll
guninst.exe

None were found in all of C drive.

[Metallica]

Hmm. Strange. I expected at least one of those.
Download and run: http://www.silentrun...ent Runners.vbs

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

Let it run. It can take a few minutes. When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

Regards,

[Benjette]

File downloaded and script run, text file pasted:



"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"UpdReg" = "C:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"AHQInit" = "C:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"]
"Symantec Core LC" = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start" ["Symantec Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"]
"LoadQM" = "loadqm.exe" [MS]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"" [MS]
"QuickTime Task" = ""C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime" ["Apple Computer, Inc."]
"devldr16.exe" = "C:\WINDOWS\SYSTEM\devldr16.exe" ["Creative Technology Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]
"ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
"ccSetMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
"MSNIA" = "C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Outlook Express 5"
\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{4ADF8C01-0AC7-4403-888C-012E6EA2F67E}" = "Sims2Pack Clean Installer Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "mscoree.dll" [MS]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\tbssaver.scr" [null data]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"Tune-up Application Start" -> launches: "walign" [MS]
"PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]
"Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]
"Norton AntiVirus - Scan my computer - Michelle" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\WINDOWS\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"1E59233493D45E4D" -> launches: "c:\progra~1\eachst~1\Tool name blah.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {CLSID}\(Default) = "MSN"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {CLSID}\(Default) = "MSN"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\PROGRAM FILES\AIM\AIM.EXE" ["America Online, Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

[Metallica]

Copy the part in the CODE box below into notepad.

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h 1E59233493D45E4D.job
del 1E59233493D45E4D.job

Save this as remjob.bat , choose to save it as "all files" and place it on your desktop.

Doubleclick on remjob.bat
A doswindow will open and close again, this is normal.

Boot back to normal and let me know how your computer is behaving.

Regards,

[Benjette]

Copied, saved, run, re-started.

Five minutes later, got a pop-up from loadingwebsite.com.

[Metallica]

Click Start > Run > copy&paste regedit /e c:\sharedtasks.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" > OK

If the key exists doing this will create the file c:\sharedtasks.txt

Post the content of that file.

Regards,

[Benjette]

Contents of file:



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[Metallica]

Those are the standard entries.

Download this zip.

http://www.downloads...atam.org/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the RUNME9x.bat

A dos window will open. Please select option iexplore dll's by typing 2 and then pressing enter.


Notepad will open with a log in it. Please copy and paste the log into this post.

Regards,

[Benjette]

Log:




Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
MSI.DLL 8370000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
PLUGIN.OCX 7f10000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX
WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor
DISPEX.DLL 2e10000 45056 C:\WINDOWS\SYSTEM\DISPEX.DLL 5.6.0.6626 Microsoft ® DispEx
KEYLIMIT.DLL 8000000 20480 C:\WINDOWS\SYSTEM\KEYLIMIT.DLL 5.00.2133.2 International Cryptographic Key Size Limits
SCHANNEL.DLL 77400000 131072 C:\WINDOWS\SYSTEM\SCHANNEL.DLL 5.00.2133.2 TLS / SSL Security Provider
ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
MSRATING.DLL 70400000 143360 C:\WINDOWS\SYSTEM\MSRATING.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
MSRATELC.DLL 30000000 69632 C:\WINDOWS\SYSTEM\MSRATELC.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
WIASHEXT.DLL 742f0000 454656 C:\WINDOWS\SYSTEM\WIASHEXT.DLL 4.90.3000.1 Imaging Devices Shell Folder UI
STI.DLL 75910000 114688 C:\WINDOWS\SYSTEM\STI.DLL 4.90.3000.1 Still Image Devices client DLL
IPROP.DLL 7b5f0000 114688 C:\WINDOWS\SYSTEM\IPROP.DLL 4.00 OLE PropertySet Implementation
SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
WIASTATD.DLL 742e0000 24576 C:\WINDOWS\SYSTEM\WIASTATD.DLL 4.90.3000.1 WIA Status Dialog
MSCORLD.DLL 79480000 98304 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL 1.1.4322.573 Microsoft Remote object loader
MSCORIE.DLL 79410000 86016 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL 1.1.4322.573 Microsoft .NET IE MIME Filter
MSVCR71.DLL 7c340000 352256 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL 7.10.3052.4 Microsoft® C Runtime Library
MSCOREE.DLL 79170000 155648 C:\WINDOWS\SYSTEM\MSCOREE.DLL 1.1.4322.573 Microsoft .NET Runtime Execution Engine
DOCPROP2.DLL 7cb70000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
AVIFIL32.DLL 7e460000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI File support library
MSACM32.DLL 7a1e0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audio Compression Manager
CRTDLL.DLL 7fb20000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
PNGFILT.DLL 70530000 45056 C:\WINDOWS\SYSTEM\PNGFILT.DLL 6.00.2800.1106 IE PNG plugin image decoder
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft ® HTML Editing Component
DXTMSFT.DLL 35cb0000 364544 C:\WINDOWS\SYSTEM\DXTMSFT.DLL 6.00.2800.1106 DirectX Media -- Image DirectX Transforms
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 430080 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0904 Microsoft DirectDraw
DXTRANS.DLL 35c50000 208896 C:\WINDOWS\SYSTEM\DXTRANS.DLL 6.00.2800.1106 DirectX Media -- DirectX Transform Core
ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)
FLASH.OCX 36a0000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft ® VBScript
MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft ® JScript
RSAENH.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.2133.2 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
SCRBLOCK.DLL 27d0000 131072 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL 1, 1, 1, 131 ScriptBlocking
SCRAUTH.DLL 12f0000 122880 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL 1, 1, 1, 131 ScriptBlocking Authenticator
MSHTML.DLL 70c50000 2805760 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1106 Microsoft ® HTML Viewer
RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows™ Telephony API Client DLL
NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
SHDOCLC.DLL 71840000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
MSXML3.DLL 69b10000 1134592 C:\WINDOWS\SYSTEM\MSXML3.DLL 8.30.9926.0 MSXML 3.0 SP 3
MSNTB.DLL 10000000 299008 C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL 01.02.3000.1001 MSN Toolbar extension
UNICOWS.DLL 7f2d0000 249856 C:\WINDOWS\SYSTEM\UNICOWS.DLL 1.0.4018.0 Microsoft Layer for Unicode on Win9x Systems (MSLU)
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
AVICAP32.DLL 7e480000 69632 C:\WINDOWS\SYSTEM\AVICAP32.DLL 4.90.3000 AVI Capture DLL
MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
OLEDLG.DLL 7fe50000 155648 C:\WINDOWS\SYSTEM\OLEDLG.DLL 1.0 Microsoft Windows™ OLE 2.0 User Interface Support
MSVCRT20.DLL 7fb50000 282624 C:\WINDOWS\SYSTEM\MSVCRT20.DLL 2.11.000 Microsoft® C Runtime Library
WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
MTBRES.DLL 11a0000 151552 C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MTBRES.DLL 01.02.3000.1001 MSN Toolbar resource library
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
URLMON.DLL 702b0000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
WININET.DLL 70200000 610304 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
CRYPT32.DLL 7da90000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.3 Crypto API32
RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
BROWSEUI.DLL 71160000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1106 Shell Browser UI Library
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
IEXPLORE.EXE 400000 102400 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.00.2800.1106 Internet Explorer
SHDOCVW.DLL 71000000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library
COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 70bd0000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft ® C Runtime Library
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
SWSUPPORT.DLL 75820000 90112 C:\WINDOWS\SYSTEM\MACROMED\COMMON\SWSUPPORT.DLL 8.0r196 Shockwave Remote Support
PNGFILT.DLL 70530000 45056 C:\WINDOWS\SYSTEM\PNGFILT.DLL 6.00.2800.1106 IE PNG plugin image decoder
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
KEYLIMIT.DLL 8000000 20480 C:\WINDOWS\SYSTEM\KEYLIMIT.DLL 5.00.2133.2 International Cryptographic Key Size Limits
SCHANNEL.DLL 77400000 131072 C:\WINDOWS\SYSTEM\SCHANNEL.DLL 5.00.2133.2 TLS / SSL Security Provider
WIASHEXT.DLL 742f0000 454656 C:\WINDOWS\SYSTEM\WIASHEXT.DLL 4.90.3000.1 Imaging Devices Shell Folder UI
STI.DLL 75910000 114688 C:\WINDOWS\SYSTEM\STI.DLL 4.90.3000.1 Still Image Devices client DLL
IPROP.DLL 7b5f0000 114688 C:\WINDOWS\SYSTEM\IPROP.DLL 4.00 OLE PropertySet Implementation
SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
WIASTATD.DLL 742e0000 24576 C:\WINDOWS\SYSTEM\WIASTATD.DLL 4.90.3000.1 WIA Status Dialog
MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft ® HTML Editing Component
FLASH.OCX 4420000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft ® VBScript
DXTMSFT.DLL 35cb0000 364544 C:\WINDOWS\SYSTEM\DXTMSFT.DLL 6.00.2800.1106 DirectX Media -- Image DirectX Transforms
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 430080 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0904 Microsoft DirectDraw
DXTRANS.DLL 35c50000 208896 C:\WINDOWS\SYSTEM\DXTRANS.DLL 6.00.2800.1106 DirectX Media -- DirectX Transform Core
ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)
MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft ® JScript
RSAENH.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.2133.2 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
SCRBLOCK.DLL 27d0000 131072 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL 1, 1, 1, 131 ScriptBlocking
SCRAUTH.DLL 12f0000 122880 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL 1, 1, 1, 131 ScriptBlocking Authenticator
MSHTML.DLL 70c50000 2805760 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1106 Microsoft ® HTML Viewer
RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows™ Telephony API Client DLL
NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
SHDOCLC.DLL 71840000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
MSXML3.DLL 69b10000 1134592 C:\WINDOWS\SYSTEM\MSXML3.DLL 8.30.9926.0 MSXML 3.0 SP 3
MSNTB.DLL 10000000 299008 C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL 01.02.3000.1001 MSN Toolbar extension
UNICOWS.DLL 7f2d0000 249856 C:\WINDOWS\SYSTEM\UNICOWS.DLL 1.0.4018.0 Microsoft Layer for Unicode on Win9x Systems (MSLU)
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
AVICAP32.DLL 7e480000 69632 C:\WINDOWS\SYSTEM\AVICAP32.DLL 4.90.3000 AVI Capture DLL
MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
OLEDLG.DLL 7fe50000 155648 C:\WINDOWS\SYSTEM\OLEDLG.DLL 1.0 Microsoft Windows™ OLE 2.0 User Interface Support
MSVCRT20.DLL 7fb50000 282624 C:\WINDOWS\SYSTEM\MSVCRT20.DLL 2.11.000 Microsoft® C Runtime Library
WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
MTBRES.DLL 11a0000 151552 C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MTBRES.DLL 01.02.3000.1001 MSN Toolbar resource library
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
URLMON.DLL 702b0000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
WININET.DLL 70200000 610304 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
CRYPT32.DLL 7da90000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.3 Crypto API32
RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
BROWSEUI.DLL 71160000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1106 Shell Browser UI Library
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
IEXPLORE.EXE 400000 102400 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.00.2800.1106 Internet Explorer
SHDOCVW.DLL 71000000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library
COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 70bd0000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft ® C Runtime Library
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component

[Metallica]

Nothing in there but a headache.

Download the following program:
findit9xMe from http://lineofire.gee...indIt 9x-ME.zip
Unzip the contents of finditnt.zip to a convenient location such as Desktop.
Navigate to the Win9x&MEFindit folder and double-click on Win9x-Find.bat
A command prompt will open and it will search your computer for malicious files.
This will take a long time to finsih.
Once it has finished a Notepad window will pop up with output.txt.
Copy the entire contents of output.txt into a new post.

Regards,

[Benjette]

Output:



Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 0F49-17EE
Directory of C:\WINDOWS\SYSTEM

CVUSALGO DLL 226,592 06-01-05 10:24p CVUSALGO.DLL
DYTIME DLL 226,592 06-01-05 10:24p DYTIME.DLL
MAXML3A DLL 226,592 06-01-05 10:24p MAXML3A.DLL
MZCO30 DLL 226,592 06-01-05 10:24p MZCO30.DLL
IOS DLL 226,592 06-01-05 10:24p IOS.DLL
MTIQTZ32 DLL 226,592 06-01-05 10:24p MTIQTZ32.DLL
OTTWA400 DLL 226,592 06-01-05 10:24p OTTWA400.DLL
MIR2CENU DLL 226,592 06-01-05 10:24p MIR2CENU.DLL
PKDLIB32 DLL 226,592 06-01-05 10:24p PKDLIB32.DLL
SWELL DLL 226,592 06-01-05 10:24p SWELL.DLL
DCSPEX DLL 226,592 06-01-05 10:24p DCSPEX.DLL
AYFSIPC DLL 226,592 06-01-05 10:24p AYFSIPC.DLL
JXDW400 DLL 226,592 06-01-05 10:24p JXDW400.DLL
MXPI32 DLL 226,592 06-01-05 10:24p mXpi32.dll
SVTUPAPI DLL 226,592 06-01-05 10:24p SVTUPAPI.DLL
LBPCX70N DLL 226,592 06-01-05 10:24p lbpcx70n.dll
MKRCLR40 DLL 226,592 06-01-05 10:24p mkrclr40.dll
DJV10 DLL 226,592 06-01-05 10:24p djv10.dll
LNFPX70N DLL 226,592 06-01-05 10:24p lnfpx70n.dll
19 file(s) 4,305,248 bytes
0 dir(s) 18,842.94 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 0F49-17EE
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 23,155 03-22-05 4:42p folder.htt
DESKTOP INI 271 03-22-05 4:42p desktop.ini
2 file(s) 23,426 bytes
0 dir(s) 18,842.91 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{00F8D06E-1D7D-BC7C-4966-785CCA235F1F}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
cvusalgo.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
dytime.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
maxml3a.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
mzco30.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
ios.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
mtiqtz32.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
ottwa400.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
mir2cenu.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
pkdlib32.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
swell.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
dcspex.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
ayfsipc.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
jxdw400.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
mxpi32.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
svtupapi.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
lbpcx70n.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
mkrclr40.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
djv10.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
lnfpx70n.dll Wed Jun 1 2005 10:24:42p ..S.R 226,592 221.28 K
folder.htt Tue Mar 22 2005 4:42:04p ...H. 23,155 22.61 K
desktop.ini Tue Mar 22 2005 4:42:04p ...H. 271 0.26 K

21 items found: 21 files, 0 directories.
Total of file sizes: 4,328,674 bytes 4.13 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.659: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.659: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.659: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.659: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.659: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.659: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.659: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.659: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\VMMHIBER.W9X: ASPack 1.08.04
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.08.03
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.08.02b
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.08.01
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.08
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.07b
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.61
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.05b
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.03
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.02
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.01
C:\WINDOWS\VMMHIBER.W9X: ASPack 1.00
C:\WINDOWS\VMMHIBER.W9X: ASPACK EXE
C:\WINDOWS\VMMHIBER.W9X: ASPACK2 EXE
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\VMMHIBER.W9X: ASPack
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\ipebase12.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"AHQInit"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE /Consumer"
"LoadQM"="loadqm.exe"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-us\\msnappau.exe\""
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"devldr16.exe"="C:\\WINDOWS\\SYSTEM\\devldr16.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"




[Metallica]

Good. Now we have something to kill.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\CVUSALGO.DLL
C:\WINDOWS\SYSTEM\DYTIME.DLL
C:\WINDOWS\SYSTEM\MAXML3A.DLL
C:\WINDOWS\SYSTEM\MZCO30.DLL
C:\WINDOWS\SYSTEM\IOS.DLL
C:\WINDOWS\SYSTEM\MTIQTZ32.DLL
C:\WINDOWS\SYSTEM\OTTWA400.DLL
C:\WINDOWS\SYSTEM\MIR2CENU.DLL
C:\WINDOWS\SYSTEM\PKDLIB32.DLL
C:\WINDOWS\SYSTEM\SWELL.DLL
C:\WINDOWS\SYSTEM\DCSPEX.DLL
C:\WINDOWS\SYSTEM\AYFSIPC.DLL
C:\WINDOWS\SYSTEM\JXDW400.DLL
C:\WINDOWS\SYSTEM\mXpi32.dll
C:\WINDOWS\SYSTEM\SVTUPAPI.DLL
C:\WINDOWS\SYSTEM\lbpcx70n.dll
C:\WINDOWS\SYSTEM\mkrclr40.dll
C:\WINDOWS\SYSTEM\djv10.dll
C:\WINDOWS\SYSTEM\LNFPX70N DLL
C:\WINDOWS\VPTNFILE.659
C:\WINDOWS\lpt$vpn.659

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Let the computer reboot and copy the part in bold below into notepad and save it as l2mfix.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{00F8D06E-1D7D-BC7C-4966-785CCA235F1F}"=-


Doubleclick the file and confirm you want to merge it with the registry.

Regards,

[Benjette]

Thanks so much for all of your help, I know it's taken a lot of your time to get through all of this mess called my hard drive. O.O

I haven't gotten a popup for a few minutes, so we'll see how that goes...

On the other hand, after re-booting, I seem to have had two Quick Launch toolbars. However, I deleted the Quick Launch part, and un-checked the checkmark next to a blank option on the Toolbars menu, and everything looks to be normal again. I just hope it doesn't happen when I restart again.

Thank you again, I'll come back if something else is wrong. You are the best!!!!!!!

<3