More Junk.....HJT Log posted

Well, I got more Junk (You cant say c rap?!) on my computer (Popups, BHOs, taskbars, etc.) and have ran every spyware (<---This word is underlined saying "Free spyware protector!) program I have and it wont get rid of anything!

I ran hijackThis, so heres the log if someone can help me out.
--------------------------------------------------------------------------
Logfile of HijackThis v1.99.0
Scan saved at 6:22:58 PM, on 1/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\d3ev.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\winnl32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\crnrq.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cibhs.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {288E8A17-EDA8-0E96-CAED-9600B30FF9A5} - C:\WINDOWS\system32\javarj.dll
O2 - BHO: (no name) - {83178A24-387F-3954-5521-786A5F6F77D9} - C:\WINDOWS\javarc32.dll
O2 - BHO: (no name) - {DD6F50C0-9F8F-A41C-291E-7B3FB818EF18} - C:\WINDOWS\javarc32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe
O4 - HKLM\..\Run: [winnl32.exe] C:\WINDOWS\winnl32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105650450795
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\d3ev.exe

 

Please Help! I can barely use my computer!

 

You should print this out and/or save it to text where you can access it in safe mode.

Download AboutBuster from one of the following locations.

http://tools.zerosrealm.com/AboutBuster.zip

http://www.downloads.subratam.org/AboutBuster.zip

First unzip all files from the zip folder to a folder on your desktop. Open and double click AboutBuster.exe, click ok, then update. A new screen should popup. On that screen click Check for Updates. If it says it found an update click Download Updates. If it doesn't, it will automatically tell you and exit. Close for now.

Click here to download cwsserviceremove.zip, unzip it to your desktop and have it ready to run later.

Check for updates to Ad-aware.

Click start then run and type services.msc, then hit enter. Locate Network Security Service, right click and choose properties. Stop the service, then set to disabled. Click Apply then OK. Close the services window.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Double click the cwsserviceemove.reg file you unzipped earlier. Click yes to merge it to the registry.

Scan again with HijackThis and place a check next to the following entries. Close all other windows and click fix.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {288E8A17-EDA8-0E96-CAED-9600B30FF9A5} - C:\WINDOWS\system32\javarj.dll
O2 - BHO: (no name) - {83178A24-387F-3954-5521-786A5F6F77D9} - C:\WINDOWS\javarc32.dll
O2 - BHO: (no name) - {DD6F50C0-9F8F-A41C-291E-7B3FB818EF18} - C:\WINDOWS\javarc32.dll
O4 - HKLM\..\Run: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe
O4 - HKLM\..\Run: [winnl32.exe] C:\WINDOWS\winnl32.exe


Open C:\Windows\System32 and delete the files mfcpc.exe, winnl32.exe and d3ev.exe.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames. **Make sure you do the Owner\Local Settings\Temp.
Open C:\Windows\Prefetch, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Then open the Java Plug-in, click the cache tab and then clear. This will only apply if you have installed Sun Java.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.

Open AboutBuster, click start then OK. Exit when finished.

Open CWShredder and click fix.

Open Ad-aware and run in full scan mode. Delete all it finds.

Uncheck the /safeboot box in msconfig and ok to reboot.

Reboot back to Windows and run Housecall. Make sure the box to autoclean is checked.

Run another HijackThis scan and post the log.
-----------------------------------------------------------------------------

Also, this hijacker is known to alter or delete certain files so check this out please:

Download the Hoster from here . UnZip the file and press "Restore Original Hosts" and press "OK ". Exit Program.

If you did already have Spybot S&D installed you may also need to replace one file.
Go here and download SDHelper.dll. Copy the file to the folder containing your Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

Check in the C:\Windows\system32 folder to be sure you have a file named Shell.dll. If you do not have one, go to the C:\Windows\system32\dllcache folder.
Find shell.dll and right click on it. Choose Copy from the menu.
Open the System32 folder and right click on an empty space in the window. Choose Paste from the menu.


control.exe may have been deleted.
See if control.exe is present in C:\windows\system32

If control.exe isn't there, go here, and download control.exe per the instructions at the site.

IMPORTANT!: Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended here.

 

OK I did all that, But none of these were in hijack this

O2 - BHO: (no name) - {288E8A17-EDA8-0E96-CAED-9600B30FF9A5} - C:\WINDOWS\system32\javarj.dll
O2 - BHO: (no name) - {83178A24-387F-3954-5521-786A5F6F77D9} - C:\WINDOWS\javarc32.dll
O2 - BHO: (no name) - {DD6F50C0-9F8F-A41C-291E-7B3FB818EF18} - C:\WINDOWS\javarc32.dll
O4 - HKLM\..\Run: [mfcpc.exe] C:\WINDOWS\system32\mfcpc.exe
O4 - HKLM\..\Run: [winnl32.exe] C:\WINDOWS\winnl32.exe


and C:\Windows\System32 and delete the files mfcpc.exe, winnl32.exe and d3ev.exe. wasnt there either.

I did all of the stuff you listed under the ------------------ bar, and shell.dll and control.exe were still there.

However, I cannot run Housecall because I get an error that says "Internet Explorer has encountered a problem and needs to close ".


And do I need to undo this after Im done?

"Click start then run and type services.msc, then hit enter. Locate Network Security Service, right click and choose properties. Stop the service, then set to disabled. Click Apply then OK. Close the services window. "

 

No, you do not want to undo stopping that service. It is a rogue service put there by malware. Please post a new HJT log.

 

OK Here it is-

Logfile of HijackThis v1.99.0
Scan saved at 12:01:20 PM, on 1/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\atlua.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sysnn32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Office97\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {429D3F6E-0FEE-D4CD-B6EF-675AF3BCC120} - C:\WINDOWS\system32\ipyl32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [appvm32.exe] C:\WINDOWS\system32\appvm32.exe
O4 - HKLM\..\Run: [atlua.exe] C:\WINDOWS\atlua.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105650450795
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\sysnn32.exe

 

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mgofi.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {429D3F6E-0FEE-D4CD-B6EF-675AF3BCC120} - C:\WINDOWS\system32\ipyl32.dll
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [appvm32.exe] C:\WINDOWS\system32\appvm32.exe
O4 - HKLM\..\Run: [atlua.exe] C:\WINDOWS\atlua.exe


Again, click start then run and type services.msc, then hit enter. Locate Network Security Service, right click and choose properties. Stop the service, then set to disabled. Click Apply then OK. Close the services window.

Double click the cwsserviceemove.reg file you downloaded and unzipped previously. Click yes to merge it to the registry.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. DO NOT allow restart.

Open CWShredder, close ALL other windows and click fix.

Open AboutBuster, click start then OK. Exit when finished.

Reboot.

Now in safe mode, open C:\WINDOWS and delete the file atlua.exe and sysnn32.exe.
Open C:\WINDOWS\system32 and delete the files appvm32.exe.
Open C:\Windows\Prefetch, select all and delete.
Open Ad-aware and run in full scan mode. Delete all it finds.
Empty the recycle bin.
Uncheck the /safeboot box in msconfig and ok to reboot.

Try running Housecall again. Post back with a new HijackThis log.

 

OK I ran the AboutBuster, but some stuff went wrong I think-

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 23


Removed Data Streams:
C:\WINDOWS\twunk_32.exe:kwcll


Error Removing! : C:\WINDOWS\atljs.exe
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Error Removing! : C:\WINDOWS\System32\kbdjid.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!


See all those errors?


This is my HijackThis Log

Logfile of HijackThis v1.99.0
Scan saved at 6:45:56 PM, on 1/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\addqy.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\atljs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {44765800-29E0-044B-8B06-1F6293BFBEF0} - C:\WINDOWS\addjz32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atljs.exe] C:\WINDOWS\atljs.exe
O4 - HKLM\..\RunOnce: [addqy.exe] C:\WINDOWS\system32\addqy.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105650450795
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\sysnn32.exe (file missing)


******Also I didn't delete the things in the windows/prefetch folder, they looked too important. In C:\WINDOWS\system32 the file appvm32.exe wasn't there.
And these werent in my hjt log

O2 - BHO: (no name) - {429D3F6E-0FEE-D4CD-B6EF-675AF3BCC120} - C:\WINDOWS\system32\ipyl32.dll
O4 - HKLM\..\Run: [atlua.exe] C:\WINDOWS\atlua.exe

 

Download The Killbox from here: http://tools.zerosrealm.com/killbox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\system32\hftvo.dll

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot ". On the next screen, click on the File menu and choose "Add File ". The filename and path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot ". DO NOT allow reboot when prompted. Instead, repeat the above steps for the following and close the Killbox when done.

C:\WINDOWS\System32\kbdjid.dll

C:\WINDOWS\system32\addqy.exe

C:\WINDOWS\atljs.exe


Open C:\Windows\Prefetch and delete ALL.....NOTHING in that folder is important, but it IS important that you delete it!

Empty the recycle bin.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hftvo.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [atljs.exe] C:\WINDOWS\atljs.exe
O4 - HKLM\..\RunOnce: [addqy.exe] C:\WINDOWS\system32\addqy.exe

Reboot.

Post a new hijackthis log.

 

OK Did ALL of that, Heres the log when I rebooted BEFORE I accessed the internet to post this

Logfile of HijackThis v1.99.0
Scan saved at 4:38:10 PM, on 2/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {44765800-29E0-044B-8B06-1F6293BFBEF0} - C:\WINDOWS\addjz32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105650450795
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe


And heres the log AFTER I accesssed it!


Logfile of HijackThis v1.99.0
Scan saved at 4:40:36 PM, on 2/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\addqy.exe
C:\WINDOWS\system32\ielo.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {44765800-29E0-044B-8B06-1F6293BFBEF0} - C:\WINDOWS\addjz32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ielo.exe] C:\WINDOWS\system32\ielo.exe
O4 - HKLM\..\RunOnce: [addqy.exe] C:\WINDOWS\system32\addqy.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105650450795
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe

Whenever I get on the internet, those 12345 files get back! And I still have About:Blank!

 

Download this zip.

http://tools.zerosrealm.com/pv.zip

Unzip it to a folder of it's own on the desktop. It will not work if you run it from inside the zip. After unzipping, open the pv folder and double click on the runme.bat. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy and paste the log into this thread. Also, run option 2 for Internet explorer dlls and post it's log.


Download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.

 

RUNME 1

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack
USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
themeui.dll 5b630000 458752 C:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL
USERENV.dll 52880000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.15 (xpclnt_qfe.010827-1803) Userenv
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
NETAPI32.dll 71c20000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor
NETSHELL.dll 75cf0000 1638400 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell
credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface
WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 86016 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API
netman.dll 76de0000 155648 C:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager
MPRAPI.dll 76d40000 90112 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 147456 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
RASAPI32.dll 76ee0000 225280 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\system32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
TAPI32.dll 76eb0000 172032 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
WINMM.dll 76b40000 180224 C:\WINDOWS\system32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
WZCSvc.DLL 76da0000 196608 C:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service
WMI.dll 76d30000 16384 C:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality
DHCPCSVC.DLL 76d80000 106496 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service
DNSAPI.dll 76f20000 151552 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs
stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object
BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
shellextension.dll 1300000 106496 C:\Program Files\Microsoft AntiSpyware\shellextension.dll 1.00.0501 Microsoft AntiSpyware Shell Extension
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.0 (xpclient.010817-1148) Windows NT MARTA provider
msi.dll 76400000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
DUSER.dll 6c1b0000 274432 C:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine
fxsst.dll 68df0000 573440 C:\WINDOWS\System32\fxsst.dll 5.2.1776.0 Fax Service
FXSAPI.dll 69010000 458752 C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.0 Microsoft Fax API Support DLL
1F.tmp 10000000 24576 C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
MSVFW32.dll 73bd0000 126976 C:\WINDOWS\System32\MSVFW32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Video for Windows DLL
qedit.dll 1c200000 536576 C:\WINDOWS\System32\qedit.dll
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
quartz.dll 35500000 1413120 C:\WINDOWS\System32\quartz.dll
devenum.dll 35680000 65536 C:\WINDOWS\System32\devenum.dll
msdmo.dll 1b90000 28672 C:\WINDOWS\System32\msdmo.dll
qdvd.dll 2800000 393216 C:\WINDOWS\System32\qdvd.dll
mscms.dll 73b30000 77824 C:\WINDOWS\System32\mscms.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Color Matching System DLL
zipfldr.dll 73380000 331776 C:\WINDOWS\System32\zipfldr.dll 6.00.2600.0000 (xpclient.010817-1148) Compressed (zipped) Folders
rarext.dll 1df0000 176128 C:\Program Files\WinRAR\rarext.dll
mydocs.dll 72410000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) My Documents Folder UI
AcroIEHelper.ocx 840000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
rsaenh.dll ffd0000 139264 C:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider
asfsipc.dll 70eb0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 605f0000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host

 

RUNME 2


Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack
USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\system32\uxtheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
addjz32.dll f00000 241664 C:\WINDOWS\addjz32.dll
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
NETAPI32.dll 71c20000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
TAPI32.dll 76eb0000 172032 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
lsp.dll 60910000 126976 C:\WINDOWS\system32\lsp.dll 2005.1.2.0
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.0 (XPClient.010817-1148) SENS Connectivity API DLL
USERENV.dll 52880000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.15 (xpclnt_qfe.010827-1803) Userenv
msi.dll 76400000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
1F.tmp 1940000 24576 C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
mshtml.dll 74810000 2805760 C:\WINDOWS\System32\mshtml.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Viewer
msimtf.dll 746f0000 167936 C:\WINDOWS\System32\msimtf.dll 5.1.2600.0 (xpclient.010817-1148) Active IMM Server DLL
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Editing Component
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
wmpdxm.dll 89f0000 290816 C:\WINDOWS\System32\wmpdxm.dll 10.00.00.3646 Windows Media 6.4 Player Shim
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
wmp.dll 7510000 5558272 C:\WINDOWS\System32\wmp.dll 10.00.00.3646 Windows Media Player Core
gdiplus.dll 70d00000 1708032 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll 5.1.3101.0 (xpsp1.020828-1920) Microsoft GDI+

 

MSVFW32.dll 73bd0000 126976 C:\WINDOWS\System32\MSVFW32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Video for Windows DLL
wmploc.dll 8260000 3371008 C:\WINDOWS\System32\wmploc.dll 10.00.00.3646 Windows Media Player
wmvcore.dll 86c0000 2375680 C:\WINDOWS\System32\wmvcore.dll 10.00.00.3646 built by: DNSRV(bld4act) Windows Media Playback/Authoring DLL
WMASF.DLL 70d0000 241664 C:\WINDOWS\System32\WMASF.DLL 10.00.00.3646 built by: DNSRV(bld4act) Windows Media ASF DLL
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
dispex.dll 6cc60000 45056 C:\WINDOWS\System32\dispex.dll 5.6.0.6626 Microsoft (r) DispEx
MSXML3.DLL 72e00000 1130496 C:\WINDOWS\System32\MSXML3.DLL 8.20.8730.1 XML OM
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- DirectX Transform Core
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll 5.3.0000000.900 built by: DIRECTX Direct Draw Ex
DDRAW.dll 51000000 299008 C:\WINDOWS\System32\DDRAW.dll 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- Image DirectX Transforms
vbscript.dll 73300000 479232 C:\WINDOWS\System32\vbscript.dll 5.6.0.6626 Microsoft (r) VBScript
Flash.ocx 48a0000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx 7,0,19,0 Macromedia Flash Player 7.0 r19
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2600.0000 (xpclient.010817-1148) IE plugin image decoder support DLL
MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
c_g18030.dll 6fd80000 233472 C:\WINDOWS\System32\c_g18030.dll 5.1.2600.0 (xpclient.010817-1148) GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll 6fd70000 20480 C:\WINDOWS\System32\c_is2022.dll 5.1.2600.0 (xpclient.010817-1148) ISO-2022 Code Page Translation DLL
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 32768 C:\WINDOWS\System32\LPK.DLL 5.1.2600.0 (xpclient.010817-1148) Language Pack
USP10.dll 72fa0000 368640 C:\WINDOWS\System32\USP10.dll 1.0407.2600.0 (xpclient.010817-1148) Uniscribe Unicode script processor
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\system32\uxtheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
addjz32.dll f00000 241664 C:\WINDOWS\addjz32.dll
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
mshtml.dll 74810000 2805760 C:\WINDOWS\System32\mshtml.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Viewer
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
NETAPI32.dll 71c20000 323584 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
TAPI32.dll 76eb0000 172032 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.0 (XPClient.010817-1148) SENS Connectivity API DLL
USERENV.dll 52880000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.15 (xpclnt_qfe.010827-1803) Userenv
msi.dll 76400000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
1F.tmp 1200000 24576 C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
msimtf.dll 746f0000 167936 C:\WINDOWS\System32\msimtf.dll 5.1.2600.0 (xpclient.010817-1148) Active IMM Server DLL
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
lsp.dll 60910000 126976 C:\WINDOWS\system32\lsp.dll 2005.1.2.0
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT Logon GINA DLL
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Editing Component
MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
c_g18030.dll 6fd80000 233472 C:\WINDOWS\System32\c_g18030.dll 5.1.2600.0 (xpclient.010817-1148) GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll 6fd70000 20480 C:\WINDOWS\System32\c_is2022.dll 5.1.2600.0 (xpclient.010817-1148) ISO-2022 Code Page Translation DLL
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2600.0000 (xpclient.010817-1148) IE plugin image decoder support DLL
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll 5.3.0000000.900 built by: DIRECTX Direct Draw Ex
DDRAW.dll 51000000 299008 C:\WINDOWS\System32\DDRAW.dll 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
pngfilt.dll 5e310000 45056 C:\WINDOWS\System32\pngfilt.dll 6.00.2600.0000 (xpclient.010817-1148) IE PNG plugin image decoder
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- DirectX Transform Core
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- Image DirectX Transforms
shellextension.dll 29e0000 106496 C:\Program Files\Microsoft AntiSpyware\shellextension.dll 1.00.0501 Microsoft AntiSpyware Shell Extension




And for this part "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here. "

I copy and pasterd, but didnt see the AppInit_DLLs entry

 

I have identified several dlls for removal, but please check for the AppInit_dlls again. I've attached a picture of what should be there.

 

Still isnt there... Heres a screen- http://img.photobucket.com/albums/v171/lpdrummer/Picture8.bmp

 

Save this to text so you can copy and paste the file paths below.

Check for updates to Ad-aware.

Open the Spybot folder in Program Files and see if SDHelper.dll is there. If not, download it here.

System Restore should be off.

Download RegSeeker and unzip to it's own folder.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\udzvn.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ielo.exe] C:\WINDOWS\system32\ielo.exe
O4 - HKLM\..\RunOnce: [addqy.exe] C:\WINDOWS\system32\addqy.exe

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. DO NOT allow restart.

Open the Killbox. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\qedit.dll

Click on the Action menu and choose "Delete on Reboot ". On the next screen (log), click on the File menu and choose "Add File ". The filename and path should show up in the window. If that's successful, copy the next filepath and paste it in the box, again click Action> "Delete on Reboot ">File> "Add File ". When all of the below filepaths are done, click Action on the log screen menu and select "Process and Reboot ". Allow it to reboot.

C:\WINDOWS\System32\devenum.dll
C:\WINDOWS\System32\msdmo.dll
C:\WINDOWS\System32\qdvd.dll
C:\WINDOWS\system32\addqy.exe
C:\WINDOWS\system32\ielo.exe
C:\WINDOWS\udzvn.dll
C:\WINDOWS\addjz32.dll
C:\WINDOWS\system32\ielo.exe
C:\WINDOWS\system32\addqy.exe

Now in safe mode, logon to your user account.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Delete cookies. Click the programs tab, then the "Reset Web Settings" button. Include your homepage.
Open HijackThis and click config, then backups and delete all.
Open Ad-aware and run a full scan. Delete all it finds. When done, open the Quarantine list and delete all.
Empty the recycle bin.
Search for each of the above files and delete if found. Empty recycle bin again if necessary.
Open RegSeeker, maximize the window and click clean registry. When scan is complete,verify the backup box in lower left corner is checked and click the select all button. Then right click within the search results and select delete. Run it again and delete all. Run it a third time.
Uncheck the /safeboot box in msconfig and ok to reboot.

Back in Windows, do not open IE. Click start>All Programs>Windows Update. Accept ALL critical Updates offered. Reboot and go back to Windows Update. Repeat until no more critical updates are offered.

Open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates from time to time. Still in Spybot, click tools in the left pane, then Resident and check the box for SD Helper. Then click IE tweaks and at least lock the HOSTS file. Then download and install IESpyads.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

 

I am running RAV right now, But when I try to do Windows Update, it just says this

"Checking for the latest version of the Windows Update software...

Depending on your connection speed, this might take a minute. During this time, you may receive one or more security warnings. Review each security warning to ensure that the content is signed by Microsoft, and then click Install or Yes to install the software. "

And then dosent do anything. Its like it froze.

 

Most common cause of freezing at that stage, with no error messages is a third-party firewall. Try shutting it down when accessing Windows Update.

 

OK Ill try that.

But heres the results of the RAV scan

Scanned
============================
Objects: 178750
Directories: 13789
Archives: 10734
Size(Kb): -429606
Infected files: 187

Found
============================
Viruses found: 33
Suspicious files: 449
Disinfected files: 0
Mail files: 5031


and heres a new HJT log

Logfile of HijackThis v1.99.0
Scan saved at 7:10:37 AM, on 2/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\netuq.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\miniport_mp.exe
C:\WINDOWS\crmn32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\surfmonkey\SMProxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dgang.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D822877E-46BD-178B-A721-897CC4553D02} - C:\WINDOWS\addja32.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MiniPortRt] C:\WINDOWS\System32\miniport_mp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [crmn32.exe] C:\WINDOWS\crmn32.exe
O4 - HKLM\..\RunOnce: [netuq.exe] C:\WINDOWS\system32\netuq.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107893824546
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Norton Internet Security Service - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe


it seems like the 12345 things come back whenever I get online...