*63.219.181.7 - another one

I feel stupid to start yet another post regarding this one. But i've tried the solutions given in the other threads without succes. I've searched for those common dll's but haven't found them in my system, so here we go:

This is my Explorerdll- logfile:

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1015808 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Utforskaren
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-fil för NT Layer
kernel32.dll 77e60000 958464 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL för Windows NT BASE API
msvcrt.dll 77c00000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77dc0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Procedure Call Runtime
GDI32.dll 77c60000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
USER32.dll 77d30000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL-fil för Windows XP
SHLWAPI.dll 772c0000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
SHELL32.dll 773c0000 8359936 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-fil för Windows-gränssnittet
ole32.dll 2b0000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft OLE för Windows
OLEAUT32.dll 77110000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f60000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för gränssnittsläsare
SHDOCVW.dll 769b0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object och Control Library
UxTheme.dll 5b270000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för Microsoft UxTheme
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll 6.0 (xpsp2.040410-0905) User Experience Controls Library
comctl32.dll 77330000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75f20000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76fc0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77040000 819200 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bf0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 76600000 323584 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
CSCDLL.dll 765e0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Agent för frånkopplat nätverk
themeui.dll 5bb30000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Programmeringsgränssnitt (API) för Windows-teman
Secur32.dll 76f80000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76360000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
netapi32.dll 71c10000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
actxprxy.dll 71d30000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
urlmon.dll 760d0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32-tillägg för Win32
USERENV.dll 75a50000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
WININET.dll 761e0000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet-tillbehör för Win32
CRYPT32.dll 762a0000 573440 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) 32-bitars kryptografi-API
MSASN1.dll 76280000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
browselc.dll 72420000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för gränssnittsläsare
wmpband.dll 7610000 94208 C:\Program\Windows Media Player\wmpband.dll 9.00.00.2980 Windows Media Player
MPR.dll 71b10000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-fil för router med flera providers
msutb.dll 60130000 196608 C:\WINDOWS\System32\msutb.dll 5.1.2600.1106 (xpsp1.020828-1920) Server-DLL-fil för MSUTB
MSCTF.dll 746f0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-fil för MSCTF-servern
ntshrui.dll 76980000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-tillägg för delning
ATL.DLL 76b10000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76660000 954368 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) API för installationsprogrammet för Windows
LINKINFO.dll 76970000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
NETSHELL.dll 75cd0000 1646592 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Användargränssnitt för nätverksanslutning
credui.dll 76bf0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Användargränssnitt för referenshanteraren
WS2_32.dll 71aa0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a90000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d50000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) API för IP Helper
WINTRUST.dll 76c20000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API för autentisering av Microsoft Trust
IMAGEHLP.dll 76c80000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
comdlg32.dll 76390000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-fil med vanliga dialogrutor
msi.dll 1d40000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
WINSTA.dll 76340000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
stobject.dll 74ad0000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray shell-tjänstobjekt
BatMeter.dll 74ac0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL
POWRPROF.dll 74aa0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f40000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
webcheck.dll 74b00000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Webbplatsövervakare
ctagent.dll 10000000 65536 C:\WINDOWS\System32\ctagent.dll 1, 0, 0, 8 ctagent
netcfg.dll 2540000 950272 C:\WINDOWS\System32\netcfg.dll
DUSER.dll 6c730000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
shdoclc.dll 76150000 565248 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object och Control Library
drprov.dll 75f40000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c00000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71cc0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c80000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c70000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71be0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
davclnt.dll 75f50000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) DLL-fil för Webb-DAV-klient
MSGINA.dll 75950000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 (xpsp1.020828-1920) Inloggnings-GINA för Windows NT
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 94208 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-resurser
printui.dll 74b50000 536576 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) Print UI DLL
WINSPOOL.DRV 72fd0000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Drivrutin för Windows-bufferthanterare
ACTIVEDS.dll 76e30000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-fil för Active Directory Router Layer
adsldpc.dll 76e00000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP-provider C DLL
WLDAP32.dll 76f50000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74ab0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
WINMM.dll 76b30000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
mapledxp.dll 6bc00000 36864 C:\WINDOWS\System32\mapledxp.dll 4.08 Driver DLL for Marble Sound Maple Midi
wdmaud.drv 72cf0000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72ce0000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77bd0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM-ljudfilter
midimap.dll 77bc0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
SXS.DLL 75e70000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
jscript.dll 75c30000 593920 c:\windows\system32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
MLANG.dll 74740000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
mscoree.dll 79170000 155648 C:\WINDOWS\System32\mscoree.dll 1.1.4322.573 Microsoft .NET Runtime Execution Engine
Shfusion.dll 796e0000 253952 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll 1.1.4322.573 Microsoft COM Runtime Fusion Assembly Viewer
MSVCR71.dll 7c340000 352256 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
mstask.dll 735a0000 262144 C:\WINDOWS\System32\mstask.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-fil för gränssnittet för Schemaläggaren
RASAPI32.DLL 76ed0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Programmeringsgränssnitt för Fjärråtkomst
rasman.dll 76e80000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76ea0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL för Microsoft® Windows(TM)-telefoni-API
rtutils.dll 76e70000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
sensapi.dll 722a0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
mscms.dll 73b00000 77824 C:\WINDOWS\System32\mscms.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Color Matching System DLL
msohev.dll 325c0000 73728 C:\Program\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
asfsipc.dll 70f90000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60b10000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e70000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
wshSV.DLL 591d0000 53248 C:\WINDOWS\System32\wshSV.DLL 5.6.0.6626 Microsoft (r) Windows Script Host, internationella resurser
MCPS.DLL 36d30000 102400 C:\Program\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub

 

and here are the Internet Explorer dll's:

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-fil för NT Layer
kernel32.dll 77e60000 958464 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL för Windows NT BASE API
msvcrt.dll 77c00000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d30000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL-fil för Windows XP
GDI32.dll 77c60000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
ADVAPI32.dll 77dc0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Procedure Call Runtime
SHLWAPI.dll 772c0000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
SHDOCVW.dll 769b0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object och Control Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll 6.0 (xpsp2.040410-0905) User Experience Controls Library
SHELL32.dll 773c0000 8359936 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-fil för Windows-gränssnittet
comctl32.dll 77330000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll a00000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft OLE för Windows
BROWSEUI.dll 75f60000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för gränssnittsläsare
browselc.dll 72420000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för gränssnittsläsare
appHelp.dll 75f20000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76fc0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
OLEAUT32.dll 77110000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
COMRes.dll 77040000 819200 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bf0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
UxTheme.dll 5b270000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Bibliotek för Microsoft UxTheme
WININET.dll 761e0000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet-tillbehör för Win32
CRYPT32.dll 762a0000 573440 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) 32-bitars kryptografi-API
MSASN1.dll 76280000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
Secur32.dll 76f80000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
cscui.dll 76600000 323584 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
CSCDLL.dll 765e0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Agent för frånkopplat nätverk
SETUPAPI.dll 76660000 954368 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) API för installationsprogrammet för Windows
AcroIEFavClient.dll 10000000 147456 C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
ATL.DLL 5f3e0000 73728 C:\Program\Adobe\Acrobat 6.0\Acrobat\ATL.DLL 3.00.8449 ATL Module for Windows NT (Unicode)
MSVCP60.dll 76060000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
netcfg.dll 1710000 950272 C:\WINDOWS\System32\netcfg.dll
p2pserv.dll 1ab0000 921600 C:\WINDOWS\System32\p2pserv.dll
ctagent.dll 1da0000 65536 C:\WINDOWS\System32\ctagent.dll 1, 0, 0, 8 ctagent
msi.dll 1ec0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SXS.DLL 75e70000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
odbcfg32.dll 21f0000 888832 C:\WINDOWS\System32\odbcfg32.dll
actxprxy.dll 71d30000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
urlmon.dll 760d0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32-tillägg för Win32
shdoclc.dll 76150000 565248 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object och Control Library
mlang.dll 74740000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
wsock32.dll 71ac0000 36864 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) 32-bitars DLL-fil för Windows Socket
WS2_32.dll 71aa0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a90000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
imon.dll 20b00000 258048 C:\WINDOWS\System32\imon.dll
NTMARTA.DLL 76cd0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
WLDAP32.dll 76f50000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
SAMLIB.dll 71be0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
mswsock.dll 71a40000 245760 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Tjänstprovider för Microsoft Windows Sockets 2.0
rsvpsp.dll 73050000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a80000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
RASAPI32.DLL 76ed0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Programmeringsgränssnitt för Fjärråtkomst
rasman.dll 76e80000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71c10000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
TAPI32.dll 76ea0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Klient-DLL för Microsoft® Windows(TM)-telefoni-API
rtutils.dll 76e70000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76b30000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
mapledxp.dll 6bc00000 36864 C:\WINDOWS\System32\mapledxp.dll 4.08 Driver DLL for Marble Sound Maple Midi
sensapi.dll 722a0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a50000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
rasadhlp.dll 76fb0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
DNSAPI.dll 76f10000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76fa0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
mshtml.dll 747e0000 2846720 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft (R) Visningsprogram för HTML
msimtf.dll 746c0000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
MSCTF.dll 746f0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-fil för MSCTF-servern
IMM32.DLL 76370000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
msohev.dll 325c0000 73728 C:\Program\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
jscript.dll 75c30000 593920 c:\windows\system32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
MSLS31.DLL 74690000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
dxtrans.dll 6c350000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- DirectX Transform Core
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll 5.3.0000000.900 built by: DIRECTX Direct Draw Ex
DDRAW.dll 51000000 299008 C:\WINDOWS\System32\DDRAW.dll 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00) Microsoft DirectDraw
DCIMAN32.dll 73b90000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
dxtmsft.dll 6c390000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2800.1106 (xpsp1.020828-1920) DirectX Media -- Image DirectX Transforms
mshtmled.dll 74c80000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) HTML-redigeringskomponent för Microsoft (R)
wdmaud.drv 72cf0000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72ce0000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77bd0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM-ljudfilter
midimap.dll 77bc0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
OLEACC.DLL 74c50000 180224 C:\WINDOWS\System32\OLEACC.DLL 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component

 

and the HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 15:25:33, on 2004-11-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Eset\nod32kui.exe
C:\program\valve\steam\steam.exe
C:\Program\FinePixViewer\QuickDCF.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = C:\Program\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094247864953
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -

I'm really hoping that you're able to help me.

/Peo

 

Welcome to WindowsBBS Peotech

Download Rem.zip. Inside the zip file are 2 files, rem.bat and zip.exe. Extract the files to the C:\Windows\System32 folder. Reboot to safe mode and double click the rem.bat file. Run another HJT scan and save the log. Reboot back to Windows and save another HJT log. Open Local Disk C: and locate log.txt. Open and copy/paste it and the two HJT logs here.

 

Thank you for the reply, Dave

Here is the HJT- log (safemode):

Logfile of HijackThis v1.98.2
Scan saved at 16:30:43, on 2004-11-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [netssh.exe] netssh.exe
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = C:\Program\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094247864953
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -


and the other HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 16:34:31, on 2004-11-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Eset\nod32kui.exe
C:\Program\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = C:\Program\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094247864953
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -

 

and the REM.bat-log:

Microsoft Windows XP [Version 5.1.2600]
C:\WINDOWS\system32
"Files found"
---------------------------------------------------------------------
clfmon.exe

Zipping files............
---------------------------------------------------------

deleting files........
---------------------------------------------------------

"Files Not Deleted"
---------------------------------------------------------------------

Checking for version 2 files..........
Files Found
------------------------------------------------------------
rsn.exe
getdns.exe
sfcver.exe
netssh.exe
syspack.dll
netcfg.dll
odbcfg32.dll
p2pserv.dll

Zipping files............
---------------------------------------------------------

deleting files........
---------------------------------------------------------

Files Not deleted
------------------------------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Files]
"taskrun.exe "=" "
"trayinfo.exe "=" "
"subsys.exe "=" "
"spoolsvc.exe "=" "
"smlogvcc.exe "=" "
"sessngr.exe "=" "
"rsvxp.exe "=" "
"rsn.exe "=" "
"rexecs.exe "=" "
"resrvc32.exe "=" "
"rcip.exe "=" "
"proxyconf.exe "=" "
"powerconf.exe "=" "
"pingnet.exe "=" "
"dnsping.exe "=" "
"odcfg.exe "=" "
"netstart.exe "=" "
"netdns.exe "=" "
"getdns.exe "=" "
"msswchxp.exe "=" "
"msng.exe "=" "
"msinfo.exe "=" "
"netssl.exe "=" "
"netdetect.exe "=" "
"sfcver.exe "=" "
"netcfg.dll "=" "
"odbcfg32.dll "=" "
"p2pserv.dll "=" "
"clfmon.exe "=" "
"netssh.exe "=" "
"syspack.dll "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes]
"taskrun.exe "=" "
"trayinfo.exe "=" "
"subsys.exe "=" "
"spoolsvc.exe "=" "
"smlogvcc.exe "=" "
"sessngr.exe "=" "
"rsvxp.exe "=" "
"rsn.exe "=" "
"rexecs.exe "=" "
"resrvc32.exe "=" "
"rcip.exe "=" "
"proxyconf.exe "=" "
"powerconf.exe "=" "
"pingnet.exe "=" "
"dnsping.exe "=" "
"odcfg.exe "=" "
"netstart.exe "=" "
"netdns.exe "=" "
"getdns.exe "=" "
"msswchxp.exe "=" "
"msng.exe "=" "
"msinfo.exe "=" "
"netssl.exe "=" "
"netdetect.exe "=" "
"sfcver.exe "=" "
"clfmon.exe "=" "
"netssh.exe "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegKeys]
"{98DBBF16-CA43-4c33-BE80-99E6694468A4} "=" "
"{E9590744-812B-46C3-96EB-33212855927D} "=" "
"Files "=" "
"Ms4Hd "=" "
"Processes "=" "
"RegKeys "=" "
"RegValues "=" "
"Vendor "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegValues]
"clfmon.exe "=" "
"netssh.exe "=" "
"sessngr.exe "=" "
"spoolsvc.exe "=" "

-----------------------------------------------------------------

Done


It seems that we're gettin somewhere

/Peo

 

Great! You should have a new file in C: named bad.zip. There should also be another named bad.reg. Please create a new folder and move the log.txt, bad.zip and bad.reg to it.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} -

Reboot to safe mode and run the rem.bat again. It should come up empty, but OK if it doesn't. Let me know please.

Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open C:\Windows\Prefetch, select all and delete.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.

Reboot back to Windows and re-enable system restore. If you had any entries in the trusted zone, you will need to put them back. If you use Spybot's SDHelper, SpywareBlaster and/or IESpyad, you will need to re-install/re-enable those features.

I also suggest you scan your PC with RAV. If any files are infected, click the report button then copy and paste it here, along with a new HijackThis log.

 

Almost clean

Nothing when i ran REM.bat



HJT log now:

Logfile of HijackThis v1.98.2
Scan saved at 21:25:59, on 2004-11-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program\Eset\nod32kui.exe
C:\Program\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = C:\Program\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094247864953
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab


RAVscan found a "wininet32.exe" in c:\Windows which i deleted.
And also 2 zipfiles in application data\sun\java\deployment\cache\javapi\v1.0\jar ,which i also deleted

The trusted zone has not come back, so i think i'm clean.

Could you just give me a brief explanation of what "we've" done. What exactly does rem.bat do? Can i use it later if i suspect spyware?

And i suppose i can delete the folder containing bad.zip, bad.reg and log.txt?

Your help is much appreciated, thank you!

/Peo

 

Rem.bat is a new tool developed (Thanks Baskar ) just for this infection in the past few days. Currently there are just a couple variants of known file sets and registry entries, and this tools searches for and deletes them from the system. It also zips a copy of each file found in the event someone would like to have them submitted for review; creates the reg file in case a problem was encountered and it might need to be put back; and as you know, a text file that tells us the contents of the registry key and files found. Normally, it would be necessary to get an export of the registry to properly identify which of the known variants was present, or if a different one was present, before running the tool, or it may prove useless in removing the proper files. However, I was able to identify the variant present on your machine from the PV log you posted. The tool is useless for any other infections and could be deleted at this time. Lonny is collecting the files for study, so if you don't mind, please wait for him to respond before deleting the folder with the three files in it.

Your HijackThis log looks clean. My only other recommendations are as follows.


Information below about this process, running on your machine, taken from answersthatwork.com. C:\WINDOWS\System32\nvsvc32.exe

NVIDIA Driver Helper Service which gets installed under Windows NT4/2000/XP/2003 by the NVIDIA drivers for some of their graphics cards (or graphics cards based on an NVIDIA chipset). We do not at this stage know what this process does except consume memory ! And we also have no idea as to what a "Driver Helper Service" is supposed to do !!

Recommendation :
This service is often responsible for various glitches, from significant shutdown delays to excessive memory usage. Disabling it, however, does not result in our experience in any ill-effect in regards to the proper operation of your NVIDIA or NVIDIA chipset graphics card, so we recommend that you definitely set the Startup Mode of this service to Disabled. You can do this by going to start>run, type services.msc, hit enter. Locate the service in the list and right click>properties. Stop the service, then disable, apply and OK out.


Do you have Spybot Version 1.3? If not, download it from my signature and install. Allow it to load SD Helper. Open it up and click mode on the toolbar, then advanced mode. Check for updates! Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click IE tweaks and at least lock the HOSTS file.
Then download and install IESpyad.

That will give you some added layers of protection against unwanted parasites.


Check your version of Sun Java. I believe the current version is JRE 1.4.02_6. Update from the Sun Java website if needed. If you are current, open the Java Plug-in in the control panel and click the cache tab, then clear. If using the category view in the control panel with common tasks showing, the plug-in option will be found by clicking Other Control Panel Options in the left pane.

Glad to help. Happy surfing!

 

Hello again Dave,

I followed your recommendations, and all seems to be fine now

One more question though, do i have to keep spywareblaster running all the time to be protected?

Thank you very much for your support!

/Peo

 

From Javacool website.

Also, Baskar would like a copy of that bad.zip file. Please mail to
This address

 

bad.zip mailed.

Thanks again,

/Peo