0

:-|

I have been plagued with the about:blank homepage. I have installed and run updated versions of Spybot S&D, Ad-Aware, CWShreder, PestPatrol, obviously HJT, and McAfee.

Obviously, you can see by my log that I run the Google toolbar. It seems all the R1 and R0 stuff is the culprit, but I am just a novice. If there is anything else (logs, etc.) that would help you diagnose my problem, please ask and I will post it immediately. This is really bothering me.

I think I have a mean version of Adware-Virtumundo somethingoranother and Adware-SearchX and iSearch.

What do you experts recommend I do to get this stuff off my computer? Please, if someone is kind enough to recommend a fix, include short instructions on how to do what you recommend. I'm not the best at this ;)

Scan saved at 10:47:35 PM, on 4/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tyler Gates\Local Settings\Temporary Internet Files\Content.IE5\8DWN4F03\GoogleToolbarInstaller[1].exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Tyler Gates\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mmh.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {39E75D9A-BBD8-41D6-BA1D-12F41E760986} - C:\WINDOWS\System32\mmh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

2
Contributors
11
Replies
12
Views
13 Years
Discussion Span
Last Post by crunchie
0

There is no easy way to rid your computer of this. I will include instructions that were written by Mosaic1, a security expert on another forum.

Get the latest CWShredder from this page. Do not run it yet:
CWShredder

Download TheKillbox from this link: here.
------------------
Sign off the internet.
Run CWShredder and press the fix Button to clean.


Stay off the internet!
Step Two:
Remove the reinstaller:
Go to start>Run and type regedit. Press enter.

Navigate to:
Open the registry and navigate here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Highlight Windows in the left pane.

Look in the right pane for this value:
AppInit_Dlls

You won't see any data there.

But if you right click on that and choose Modify Binary Data you will.

If nothing is there it should just show a few 0's.

But if they are hiding a dll they load to reinstall, it will show a path to it.


----------------------------
This is how one looks when there is only one file loading.
0000 00 00 3A 00 5C 00 77 00 ..:.\.w.
0008 69 00 6E 00 64 00 6F 00 i.n.d.o.
0010 77 00 73 00 5C 00 73 00 w.s.\.s.
0018 79 00 73 00 74 00 65 00 y.s.t.e.
0020 6D 00 33 00 32 00 5C 00 m.3.2.\.
0028 6D 00 73 00 6B 00 6B 00 m.s.k.k.
0030 67 00 2E 00 64 00 6C 00 g...d.l.
0038 6C 00 00 00 l...

Notice on the far right. You want to look there. It looks funny because all of the periods.

Look closely and you'll see the path and file name here was:
Windows\system32\mskkg.dll

This was the example. Yours will have its own file name. This is not the same file as you are seeing in your HijackThis log. Get its name the same as I just described.
--------------

Once you have the filename unzip TheKillBox and run it.

In the "Paste Full Path of File to Delete" box, copy and paste the following:

c:\windows\system32\filename Where filename is what you found as the filename in the appinit_dlls key in the registry.

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The c:\Windows\system32\filename listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot. Restart the Computer.

When you get back into Windows reset your Search and Home pages.

Look in the registry and remove the entry which should now be clearly visible and no longer hidden.


This last part and removing the AppInit_Dlls entry and its corresponding file is removing the reinstaller. So you do not get reinfected. Do not go on the internet until you have performed all of the steps.
--------------------------------

0

Thank you for the reply. I will try it now, and report back. I appreciate the help.

0

Okay, I did all of that, but in my applinit_dlls, modify binary data, there were all 0's. However, I know there is a .dll, and its name changes all the time. What now?

0

Here is the log from the PRCView:

Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
iphlpapi.dll 76d60000 94208 C:\WINDOWS\System32\iphlpapi.dll
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
googletoolbar1.dll 10000000 790528 c:\program files\google\googletoolbar1.dll
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
msi.dll 1e30000 2101248 C:\WINDOWS\System32\msi.dll
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
mydocs.dll 72410000 102400 C:\WINDOWS\System32\mydocs.dll
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
schannel.dll 767f0000 147456 C:\WINDOWS\System32\schannel.dll
dssenh.dll ffa0000 135168 C:\WINDOWS\System32\dssenh.dll


And here is a HJT log that I JUST ran:

Logfile of HijackThis v1.97.7
Scan saved at 1:07:47 AM, on 4/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tyler Gates\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autopia.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html


Again, THANK YOU.

0

Ok. Hang in there as this might take a little while. I'll be back.

I will check this again in the morning. I can't thank you enough.

0

Please double click the runme.bat again. Does the DOS window open? If so, choose option 6 for appinit contents.
Notepad will open with a log in it. Please copy and paste it into the results.

0

There is a runme file, but when I click on it, it automatically brings up this notepad with the following log:

It does not list any options.


Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
iphlpapi.dll 76d60000 94208 C:\WINDOWS\System32\iphlpapi.dll
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
ole32.dll 771b0000 1196032 C:\WINDOWS\system32\ole32.dll
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
CLBCATQ.DLL 7c890000 528384 C:\WINDOWS\System32\CLBCATQ.DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
googletoolbar1.dll 10000000 790528 c:\program files\google\googletoolbar1.dll
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
msi.dll 1e30000 2101248 C:\WINDOWS\System32\msi.dll
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
mydocs.dll 72410000 102400 C:\WINDOWS\System32\mydocs.dll
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
schannel.dll 767f0000 147456 C:\WINDOWS\System32\schannel.dll
dssenh.dll ffa0000 135168 C:\WINDOWS\System32\dssenh.dll
cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll
DDRAW.dll 51000000 315392 C:\WINDOWS\System32\DDRAW.dll
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll
McVSSkt.dll 4270000 114688 c:\progra~1\mcafee.com\vso\McVSSkt.dll
plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll

0

Hi. Yes, that was it. Nothing there that I can see. Please try the following. Udate CWShredder to the latest version, 1.57.0 at the present. Update Adaware. Sign off the internet & boot into safe mode.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder & not on the desktop). Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Run CWShredder with all windows closed (only CWS running) & have it fix all it finds.
Run Adaware & delete all it finds.
Reboot. See how your comp goes then.

Please go here & install ALL critical updates required for your system.


If the problem returns follow the instructions at this link.
This one.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.