another pop ups zipzap promos.com

I'm sorry, but I have tried all the steps to try and get rid of these stupid Zipzap Promo pop-ups, and they just keep coming back. I found a Windows created log that read something like "Gamer/Local Settings/Temp/the two EGD files transfered to C:/Windows/System32 ". There are no files in my temp folder. My HJT log doesn't have the 04 one nor the 016, but used to have both before I took the steps to remove them. I found EGDACCESS.inf and EGDACCESS_1057.dll, tried to delete them (I was in safe mode), and they came up with and error saying they couldn't be deleted. I opened the folder that they were supposedly in (it was an option of the search results) and they disappeared from the search results.

A note about what these nefarious little popups do: They disconnect you from your ISP and to their ISP, which costs about $3 per minute. I contacted their support and got an answer that assured me that I had downloaded this program intentionally. One question: Who, in their right minds, would ever ever download a program like this???

Anyway, any advice?

 

Welcome to WindowsBBS s00p

Open C:\Windows\Prefetch, select all and delete.

Download The Killbox from here: http://tools.zerosrealm.com/killbox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\EGDACCESS.inf assuming from your post, the files were found in the system32 folder

Click on the Action menu and choose "Delete on Reboot ". On the next screen (log), click on the File menu and choose "Add File ". The filename and path should show up in the window. If that's successful, copy the next filepath and paste it in the box, again click Action> "Delete on Reboot ">File> "Add File ". When done, click Action on the log screen menu and select "Process and Reboot ". Allow it to reboot.

C:\WINDOWS\System32\EGDACCESS_1057.dll

When you're back in windows, please run updated Ad-aware in full scan mode. Fix anything it finds. Then post a hijackthis log.

 

Actually, I did use the Killbox method you described to delet the 3 files on reboot: the EGD ones and the wthvijcfp.exe one. Ad-Aware never found anything in the first place. However, there are some odd little things I found nagging in my registry. I deleted "unfamosas" because it could be doing anything good. But also this thing called Desktop Messenger. Note the backdoor referance next to it. Is it possible that this program has been reconfigured to extrapolate personal data from my computer, or is this just a normal reg key?

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe "
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1991c6b6004c20d14703/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8780E0-BE08-42AD-8EBF-B187A3E91B72}: NameServer = 205.171.3.65 205.171.2.65
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Anyway, I shall try everything again, and then also scan with Ad-Aware. Thanks for the help, especially on Superbowl Sunday!

 

Happy to help. Fix these with HJT.

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab

Search the drive for and delete all instances of the following files and folder.

powerreg scheduler.exe
powerreg schedulerv2.exe
powerregschedulerv3.exe
powerreg<<<<<Program Files folder

Are you still getting the popups?

 

I did a very thorough job of deleting everything this time, but the popups have returned. I've noticed it takes a little while for the 04 key to sink in, as well as the program folder. I have been deleting the program with "Dialpass Uninstall" which is the uninstall that Zipzap provides. Should I do it without using that?
Are you positive about the Backweb and Powerreg? Is there a way to backup those keys just in case? Powerreg isn't in my program files folder, I'll do a search for it.
Another fun little message is popping up when I log in:
'Windows encountered an error in the registry. It was recovered by use of log or alternate copy" (or something like that)

 

Yes I'm sure about powerreg and backweb.
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078189
http://castlecops.com/startuplist-1829.html

HijackThis creates backups of all entries fixed with it, and places them within the same folder where it resides, which is why we suggest putting it in it's own folder.

Yes, remove the suggested files without using ZipZap's uninstaller. They really don't want you to remove it, and it's unlikely that they would provide a real uninstaller.

 

I split this thread from the other to prevent confusion.

 

Ok, I got "Desktop Manager" and it doesn't seem to be coming back. (It was the Logitech downloader). However, the popups are still just as annoying and prevailant. I've been checking into this a little more and it seems that there is nothing else to delete. So I started looking at everything that could be anything suspicious. I found that nwiz was Nvidia and HPJD was my printer. Whoopdy do. Then I found tca.exe and tcm.exe.
I did a search on tca.exe on 'dedicated to spyware', and it yielded the result "nocreditcard.somethin ". I remembered seeing this SOMEWHERE..( ) This file also relates to Instant Access. I'm downloading Spy Hunter right now...
So, my question is, what are these files (tca, tcm)?
Thanks!
edit: oops! the tca.exe and tcm.exe are files related to "The Cleaner "...I don't understand the results I got though. If it starts to look too desperate I might do a dreaded backup. Anyway, thanks for all the help, I'll write later.

 

That was once a bogus spyware removal tool, and is not rated well as a legitimate application. Spybot and Ad-Aware does much better, and at a better price.
http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note

About these popups, these could be the result of Windows Messenger Service, not to be confused with the MSN Messenger. Here is a free tool to check it, and disable it.
http://www.grc.com/stm/shootthemessenger.htm

 

Quite frankly, I thought a while back that we had this ZipZap infection nailed down to the egdaccess files but it seems to be hooked into something else (maybe a new variant), so we'll need to do some exploratory to see if we can find it.

Please post a new HijackThis log.

Download this zip.

http://tools.zerosrealm.com/pv.zip

Unzip it to a folder of it's own on the desktop. It will not work if you run it from inside the zip. After unzipping, open the pv folder and double click on the runme.bat. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy and paste the log into this thread. Also, run option 2 for Internet explorer dlls and post it's log. Usually pretty large and take more than one post.

Also, please download and install Process Explorer, unzip and open. When you start getting the popups, click file>save as and put on your desktop. Open the log and copy/paste it here.

And finally, please download the List Installed Programs script from here, run it and post it's log.

 

Well, let's not cross our fingers yet, but I haven't experienced a popup for a good ten minutes. I killed the file 'msegcompid.dll' (Spyhunter found it) and the entire folder of registry that was related to EGDACCESS. I also deleted the backup in my !Submit folder.
I'm still gonna download those programs, but one of the links is down (zerosrealm).
I'll delete SpyHunter, I got all the info I needed out of it.

 

msegcompid.dll
Hmmm, that file is related to a well known adware.

http://www.securemost.com/articles/trou_3_remove_magiccontrol.htm

http://www.securemost.com/articles/trou_3_remove_ieaccess.htm

Looks like they might be updating

 

Hm, Nothink. I looked for those keys mentioned in the sites, nothin'. Well, I have a theory about the lack of popups: I've done just enough damage for it to take about the time you can say "I beat it" to get downloaded again.
Anyway, nothing is happening, and I'm almost feeling a tinge of hope...
I'll write back tommorow with an updated HJT log. Until then, thanks very much and good night!

 

I don't get it. The popups are back. Here's exactly what I did:
I restarted the computer after I thought I had gotten rid of the popups.
I logged onto "Gamer ". Windows gave me that registry message (it didn't do it the time before, where I didn't have popups)
Now, after two popups, I searched for the file msegcompid.dll and couldn't find it.
Instant access has popped back up into the registry and HJT + TCM.
Do you think you could post an alternate link to the Zero's Realm program? It looks like the site is down.

 

Here it is.

 

Heres my programs:
Ad-Aware SE Personal
Adobe Acrobat 5.0 Ver: 5.0
Adobe Photoshop 6.0 Ver: 6.0
Adobe Photoshop 7.0 Ver: 7.0
Adobe SVG Viewer 3.0 Ver: 3.0
Backup Dell-Installed Programs Ver: 2.01.0000 Installed: 5/6/2002
Britannica CD 98
Broadxent V.92 PCI Value DI3652-2
Bryce 4.0
bzdqir
CC_ccStart Ver: 2.0.0.635 Installed: 3/6/2004
ccCommon Ver: 2.0.0.635 Installed: 3/6/2004
Chessmaster 7000
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
Dell ResourceCD
DivX Codec Ver: 5.1.1
DivX Player Ver: 2.5.3
DriverLINX Port I/O Driver
Easy CD Creator 5 Basic Ver: 5.0.0.0000 Installed: 5/26/2002
Electronic Arts Game Updater
Emperor: Battle For Dune
FinalAlert 2 Yuri's Revenge
GetRight
Half-Life
Half-Life(R) 2 Ver: 1.0.0.0 Installed: 12/25/2004
HijackThis 1.99.0 Ver: 1.99.0
Homeworld
hp deskjet 960c series (Remove only)
HP PhotoSmart Photo Printing Software
Instant Access
InterActual Player
iTunes Ver: 4.7.0.42 Installed: 12/2/2004
iTunes Ver: 4.7.0.42 Installed: 12/2/2004
LiveReg (Symantec Corporation) Ver: 2.4.0.2044
LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
Logitech MouseWare 9.42 .1
Macromedia Dreamweaver MX Ver: 6.0
Macromedia Extension Manager Ver: 1.5
MapSource - US Topo v3.02
Master Unit
MetaStream
Microsoft Office XP Media Content Ver: 10.0.2619.0 Installed: 5/6/2002
Microsoft Office XP Small Business Ver: 10.0.6626.0 Installed: 4/21/2004
Microsoft Visual C++ 6.0 Docs
Microsoft Visual C++ 6.0 Introductory Edition
MSN Messenger 6.0 Ver: 6.0.0602 Installed: 10/10/2003
MSRedist Ver: 1.0.0.0 Installed: 3/6/2004
Music Write 2000 Standard Edition
Need For Speed - Porsche Unleashed
Need For Speed III
Network Play System (Patching)
Norton AntiVirus 2004 Ver: 10.00.00 Installed: 3/6/2004
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.00
Norton AntiVirus Parent MSI Ver: 10.0.0 Installed: 3/6/2004
Norton AntiVirus SYMLT MSI Ver: 10.0.0 Installed: 3/6/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 10/16/2004
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.1
Power Tab Editor 1.7
PowerDVD
Quicken 2003 Basic Ver: 12.00.0000 Installed: 11/24/2002
Quicken 2003 Basic Ver: 12.00.0000 Installed: 11/24/2002
QuickTime
Quicktime Browser Plug-In
Retrospect 5.6 Ver: 5.06.1320 Installed: 6/5/2003
Sample Programs for TI-83 Plus
Shockwave Flash
Sierra Account Wizard
SimCity 4
Steam(TM) Ver: 1.0.0.0 Installed: 12/25/2004
Steinberg Cubasis VST 3
STY C++ in 21 Days, Complete Compiler Edition, Third Edition
Symantec Network Drivers Update Ver: 5.4.4.17 Installed: 2/4/2005
Symantec Script Blocking Installer Ver: 1.0.0 Installed: 3/6/2004
SymNet Ver: 4.7.1 Installed: 3/6/2004
The Cleaner Ver: 4.1
The Sims Livin' Large
TI Connect(TM) 1.2.1
TI-Black Link
TI-Graph Link 89
TIGCC Calculator SDK
USB Storage Adapter FX (MXO)
WaveLab Lite
WebFldrs XP Ver: 9.50.5318 Installed: 5/4/2002
Westwood Shared Internet Components
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Service Pack 2 Ver: 20040803.231319
Worms World Party

 

Here's the Explorer dll's:
1
Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP USER API Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Common Dll
ole32.dll 774e0000 1294336 C:\WINDOWS\system32\ole32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft OLE for Windows
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Browser UI Library
SHDOCVW.dll 77760000 1490944 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\System32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
urlmon.dll 77260000 647168 C:\WINDOWS\System32\urlmon.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) OLE32 Extensions for Win32
NETSHELL.dll 76400000 1728512 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 74b30000 286720 C:\WINDOWS\System32\webcheck.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\System32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\System32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\System32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
msi.dll 7d1e0000 2826240 C:\WINDOWS\system32\msi.dll 3.0.3790.2180 Windows Installer
LgMousHk.dll a70000 32768 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll 9.42.57 Logitech Mouse Hook Library
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
tcshellex.dll 1700000 380928 C:\Program Files\The Cleaner\tcshellex.dll 2.0.0.0 The Cleaner Shell Extension
NavShExt.dll bf0000 98304 C:\Program Files\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
MSVCP70.dll 7c080000 487424 C:\WINDOWS\system32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
MSVCR70.dll 7c000000 344064 C:\WINDOWS\system32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
browselc.dll c10000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
odbcint.dll 1f90000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
shdoclc.dll 2070000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
mydocs.dll 72410000 106496 C:\WINDOWS\System32\mydocs.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) My Documents Folder UI
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Wireless Zero Configuration service API
cabview.dll 6fd40000 94208 C:\WINDOWS\system32\cabview.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Cabinet File Viewer Shell Extension
AcroIEHelper.ocx cc0000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
wuapi.dll 506a0000 421888 C:\WINDOWS\System32\wuapi.dll 5.4.3790.2182 built by: srv03_rtm(ntvbl04) Windows Update Client API
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
MSISIP.DLL 605f0000 57344 C:\WINDOWS\system32\MSISIP.DLL 3.0.3790.2180 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\system32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
ScrTrust.dll 10000000 65536 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll 1, 1, 1, 131 ScriptBlocking Trust Verifier
MCPS.DLL 365a0000 90112 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.6313 Media Catalog Proxy/Stub
MSVCP60.DLL 76080000 413696 C:\WINDOWS\system32\MSVCP60.DLL 6.02.3104.0 Microsoft (R) C++ Runtime Library

 

And finally, my IE files:

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP USER API Client DLL
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Light-weight Utility Library
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
SHDOCVW.dll 77760000 1490944 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
ole32.dll 774e0000 1294336 C:\WINDOWS\system32\ole32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft OLE for Windows
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Common Dll
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Browser UI Library
browselc.dll 20000000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
urlmon.dll 77260000 647168 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) OLE32 Extensions for Win32
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
NavShExt.dll 10000000 98304 C:\Program Files\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
MSVCP70.dll 7c080000 487424 C:\WINDOWS\system32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
MSVCR70.dll 7c000000 344064 C:\WINDOWS\system32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
shdoclc.dll dc0000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
AcroIEHelper.ocx 1050000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
xpsp2res.dll 10d0000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
mlang.dll 75cf0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
msi.dll 7d1e0000 2826240 C:\WINDOWS\system32\msi.dll 3.0.3790.2180 Windows Installer
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
LgMousHk.dll 15c0000 32768 C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll 9.42.57 Logitech Mouse Hook Library
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DNS Client API DLL
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access AutoDial Helper
mshtml.dll 7d4a0000 3026944 C:\WINDOWS\System32\mshtml.dll 6.00.2900.2523 (xpsp_sp2_gdr.040919-1056) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\System32\msls31.dll 3.10.349.0 Microsoft Line Services library file
msimtf.dll 746f0000 172032 C:\WINDOWS\System32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
sptip.dll 5c2c0000 262144 C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAPI5.0/CTF layer DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
SPGRMR.DLL 1970000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SPTIP Grammar DLL
SKCHUI.DLL 1990000 372736 C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
scrauth.dll 2370000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 1, 131 ScriptBlocking Authenticator
ScrBlock.dll 23a0000 131072 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 1, 131 ScriptBlocking
jscript.dll 75c50000 450560 c:\windows\system32\jscript.dll 5.6.0.8820 Microsoft (r) JScript
iepeers.dll 66e50000 258048 C:\WINDOWS\System32\iepeers.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
vbscript.dll 73300000 421888 c:\windows\system32\vbscript.dll 5.6.0.8820 Microsoft (r) VBScript
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
Flash.ocx 2ff0000 1732608 C:\WINDOWS\system32\macromed\flash\Flash.ocx 7,0,19,0 Macromedia Flash Player 7.0 r19
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
ddrawex.dll 6d430000 40960 C:\WINDOWS\System32\ddrawex.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Direct Draw Ex
DDRAW.dll 73760000 299008 C:\WINDOWS\System32\DDRAW.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DCI Manager
mshtmled.dll 76200000 462848 C:\WINDOWS\System32\mshtmled.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft (R) HTML Editing Component
dxtrans.dll 6bdd0000 217088 C:\WINDOWS\System32\dxtrans.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) DirectX Media -- DirectX Transform Core
dxtmsft.dll 6be10000 368640 C:\WINDOWS\System32\dxtmsft.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) DirectX Media -- Image DirectX Transforms
MSRATING.dll 5ff20000 155648 C:\WINDOWS\system32\MSRATING.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Ratings and Local User Management DLL
msratelc.dll 5ff50000 69632 C:\WINDOWS\system32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
plugin.ocx 72b20000 98304 C:\WINDOWS\system32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component

 

Still would like to see the Process Explorer log. Also, do as described here, and do another search with RegSearch for Instant Access and bzdqir, and post that log too.

Don't see any rogue dll's, BTW.

 

Here's the bzdqir search
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bzdqir]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bzdqir "= "c:\\windows\\system32\\bzdqir.exe -start "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bzdqir]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bzdqir]
"UninstallString "= "c:\\windows\\system32\\bzdqir.exe -uninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bzdqir]
"DisplayName "= "bzdqir "

[HKEY_USERS\S-1-5-21-854245398-1614895754-725345543-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\windows\\system32\\bzdqir.exe "= "bzdqir "