View Full Version : InetGet2
Hi all!
In a foolish, non-thinking moment a few days ago, I managed to install InetGet2. I've run both my Symantec Virus program and Spybot SD in an attempt to remove it. I fear my attempts have been unsuccessful and I hope you will be able to help.
Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 2:56:45 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Creative\Bluetooth Software\BTTray.exe
C:\Program Files\Portrait Displays\ImageTune\dthtml.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Portrait Displays\ImageTune\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\J. Sexton\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ImageTune.lnk = C:\Program Files\Portrait Displays\ImageTune\dthtml.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150764697656
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Thanks!
LonnyRJones
2006-10-07, 05:59
Welcome
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
J. Sexton - 06-10-07 9:36:47.07 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\J. Sexton\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Inetget2
C:\Program Files\PrintView
C:\Program Files\Common Files\{38AA97AD-07DA-1033-0315-050419050001}
((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))
2006-09-30 22:24 720,896 --a------ C:\WINDOWS\iun6002ev.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-07 09:38 -------- d-------- C:\Program Files\Common Files
2006-10-07 09:34 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-02 21:51 -------- d-------- C:\Program Files\AOL Games
2006-10-01 09:17 -------- d-------- C:\Program Files\Tradewinds Full Game
2006-09-30 22:10 -------- d-------- C:\Program Files\Java
2006-09-30 22:08 -------- d-------- C:\Program Files\Common Files\Java
2006-09-30 19:17 -------- d-------- C:\Program Files\WildTangent
2006-09-30 17:45 -------- d-------- C:\Documents and Settings\J. Sexton\Application Data\PlayFirst
2006-09-30 17:44 -------- d-------- C:\Program Files\Internet Explorer
2006-09-25 21:54 -------- d-------- C:\Documents and Settings\J. Sexton\Application Data\Adobe
2006-09-21 06:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 06:50 -------- d-------- C:\Program Files\SlySoft
2006-09-21 06:12 40 ---hs---- C:\Documents and Settings\J. Sexton\Application Data\.zreglib
2006-09-14 09:38 -------- d-------- C:\Program Files\AIM
2006-09-14 09:36 -------- d-------- C:\Program Files\AOD
2006-08-24 08:26 -------- d-------- C:\Program Files\Common Files\NSIS
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-18 21:20 -------- d-------- C:\Documents and Settings\J. Sexton\Application Data\SlySoft
2006-08-18 21:02 -------- d-------- C:\Program Files\DVDFab Decrypter
2006-08-12 13:19 -------- d-------- C:\Program Files\Symantec
2006-08-12 13:19 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-11 22:20 -------- d-------- C:\Program Files\The Adventure Company
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-02 15:09 2508 --a------ C:\Documents and Settings\J. Sexton\Application Data\$_hpcst$.hpc
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\\\nTune.exe\" clear"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F89688C0-370E-4E5D-A473-299B383A41E5}"="NSIS Media Extension"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Palm\\HOTSYNC.EXE "
"item"="HotSync Manager"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Sat 10/07/2006 9:38:53.51
ComboFix.txt
LonnyRJones
2006-10-07, 16:11
Download "Suspicious File Packer" Third one on this page >
http://www.safer-networking.org/en/tools/index.html
To your desktop, unzip the file inside
run sfp.exe copy then paste the list below into it and hit continue.
C:\Documents and Settings\J. Sexton\Application Data\.zreglib
C:\Program Files\Common Files\NSIS\*.*
a .cab file will have been created on your desktop
Send it to submitlonnyATsubratam.org
Replace AT with @ , then include a link back to this thread.
Or you could attach it here http://www.thespykiller.co.uk/forum/index.php?board=1.0
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Windows Registry Editor Version 5.00
;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F89688C0-370E-4E5D-A473-299B383A41E5}"=-
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.
C:\Program Files\Common Files\NSIS < delete folder
Are there any current problems ?
I've completed the instructions above. I ran a Spybot SD scan, and the results were clean.
Everything looks great. No current problems, but I'll be sure to let you know if something else comes up!
Thank you so much!
LonnyRJones
2006-10-08, 01:55
Do you have firefox installed ?
If so is this file and folder present ?
C:\Program Files\Mozilla Firefox\Chrome\nsis
C:\Program Files\Mozilla Firefox\chrome\nsis.jar
I do not have Firefox installed on this computer.
On an additional note, I have received several NSIS popups since my last reply (despite deleting that folder). I have run an Ad-Aware scan, Spybot scan, and a Symantic scan. All of the results have come back clean.
Where is this nasty little booger hiding?
LonnyRJones
2006-10-08, 05:06
Have you installed any free programs that might have installed nsis ?
If so what ?
Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in
NSIS media extension
hit ok, wait, then when wordpad opens copy that back here please
Note: Your antivirus script protection might interfear, its safe, please allow it to run.
Download and run Silentrunners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click no to not skip the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "NSIS media extension" 10/7/2006 11:12:40 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F89688C0-370E-4E5D-A473-299B383A41E5}"="NSIS Media Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
"DisplayName"="NSIS Media Extension"
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NVIDIA nTune" = ""C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear" ["NVIDIA"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"CTDVDDET" = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{654D0431-C930-43C4-B8DA-9AA01BA5B486}" = "PDI GUI Engine COM Obj"
-> {HKLM...CLSID} = "PDI GUI Engine COM Obj"
\InProcServer32\(Default) = "C:\Program Files\Portrait Displays\ImageTune\HtmlEngine.dll" ["Portrait Displays, Inc"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation"]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]
"{45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}" = "ProxyExtExt Extension"
-> {HKLM...CLSID} = "ProxyExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\wmproxt.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\J. Sexton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\plussand.scr" [MS]
Startup items in "J. Sexton" & "All Users" startup folders:
-----------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
"BTTray" -> shortcut to: "C:\Program Files\Creative\Bluetooth Software\BTTray.exe" ["Broadcom Corporation"]
"ImageTune" -> shortcut to: "C:\Program Files\Portrait Displays\ImageTune\dthtml.exe -startup_folder" ["Portrait Displays, Inc"]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\(Default) = "PrintView"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found]
HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\(Default) = "PrintView"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\PROGRA~1\AIM\aim.exe" ["America Online, Inc."]
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Asset Management Daemon, Asset Management Daemon, "C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bluetooth Service, btwdins, "C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Portrait Displays Display Tune Service, DTSRVC, "C:\Program Files\Portrait Displays\ImageTune\DTSRVC.exe" [null data]
SAVRoam, SavRoam, ""C:\Program Files\Symantec AntiVirus\SavRoam.exe"" ["symantec"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation"]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 10 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 10 seconds.
---------- (total run time: 43 seconds)
LonnyRJones
2006-10-08, 09:16
When you made that reg file (fixme.reg) and merged it did you recieve a successfull message ?
Have you installed any free programs lately that might have installed nsis ?
If so what ?
Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.
@echo off
Echo.
Echo searching please wait....
(echo off
For %%i in (%systemdrive%) do findstr /S /M /C:"mediastub.dll" %%i\*.dll
For %%i in (%systemdrive%) do findstr /S /M /C:"mediastub.dll" %%i\*.exe
For %%i in (%systemdrive%) do findstr /S /M /C:"wwmdma" %%i\*.dll
For %%i in (%systemdrive%) do findstr /S /M /C:"wwmdma" %%i\*.exe
)>>logit.txt 2>nul
start notepad logit.txt
Run check.bat and post back with the text that will open
I have recently downloaded several dvd ripping and burning software programs. They came from what I considered to be legitimate websites, although it looks as if I was wrong.
Here are the results of the last bit of code:
C:\Program Files\Common Files\NSIS\ns49.dll
C:\Program Files\Common Files\NSIS\ns49.dll
Thanks again!
LonnyRJones
2006-10-09, 22:10
"several dvd ripping and burning software programs"
Show me where that software was from please
Is there stil an uninst.exe file in the NSIS folder ?
I downloaded several. The one that I ended up using was called Any-Dvd (?). I uninstalled them all this weekend. I found them by googling "freeware dvd ripper," so I don't have any specific websites that I remember and my Internet history clears every night. I'm sorry I'm not more helpful. The only other download I can think of (which happens to be a Mozilla related product) is Thunderbird. I don't use it as my e-mail client, but I was working on consolidating address book entrys for my boss in that program.
I still have an NSIS folder, and it does contain the file uninst.exe
Help!
LonnyRJones
2006-10-10, 07:11
Thanks for the info
Download an unzip Registry Search, preferably to your desktop.
http://www.xs4all.nl/~fstaal01/regsearch-us.html
unzip the program and start it , at the top in the blank white box/field rightclick once then type in
nsis
at the top in the second blank field type in
wwmdma
then click ok and wait for a text to open, copy and paste that back here please.
Here is the requested log from regsearch:
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 10/10/2006 8:17:51 AM for strings:
; 'nsis'
; Strings excluded from search:
; 'wwmdma'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NSISMedia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F89688C0-370E-4E5D-A473-299B383A41E5}"="NSIS Media Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
"DisplayName"="NSIS Media Extension"
"UninstallString"="C:\\Program Files\\Common Files\\NSIS\\uninst.exe"
"DisplayIcon"="C:\\Program Files\\Common Files\\NSIS\\uninst.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS]
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Media]
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Media]
"InstDir"="C:\\Program Files\\Common Files\\NSIS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Symbols]
[HKEY_USERS\S-1-5-21-343818398-1844823847-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="NSIS"
[HKEY_USERS\S-1-5-21-343818398-1844823847-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\J24A0~1.SEX\\LOCALS~1\\Temp\\A~NSISu_.exe"="A~NSISu_"
"C:\\ATI\\SUPPORT\\5-5_mce_dd_ccc_enu\\makensisw.exe"="makensisw"
; End Of The Log...
LonnyRJones
2006-10-11, 03:24
Thanks
Run the regsearch tool again and put
nsis on the first line
wwmdma on the second line
In the top field not the exclude area
Go start run and paste in
%Temp%
hit ok , Is this file present A~NSISu_.exe ? if so we need a copy
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 10/10/2006 11:24:43 PM for strings:
; 'nsis'
; 'wwmdma'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NSISMedia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F89688C0-370E-4E5D-A473-299B383A41E5}"="NSIS Media Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
"DisplayName"="NSIS Media Extension"
"UninstallString"="C:\\Program Files\\Common Files\\NSIS\\uninst.exe"
"DisplayIcon"="C:\\Program Files\\Common Files\\NSIS\\uninst.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS]
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Media]
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Media]
"InstDir"="C:\\Program Files\\Common Files\\NSIS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Symbols]
[HKEY_USERS\S-1-5-21-343818398-1844823847-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="NSIS"
; End Of The Log...
Sorry about that.
Also, I looked in the Temp folder and did not see a file by that name there.
LonnyRJones
2006-10-11, 06:18
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Windows Registry Editor Version 5.00
;
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS]
"OptOut"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\NSIS\Media]
"OptOut"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-
"{F89688C0-370E-4E5D-A473-299B383A41E5}"=-
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
C:\Program Files\Common Files\NSIS move the NSIS folder to c:\ (not copy)
Restart your PC.
Launch Notepad again (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BACC17E-BDF7-405B-BC68-ECB506395118}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89688C0-370E-4E5D-A473-299B383A41E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7DDB794-65BF-452C-BBA8-D063078B42F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wwmdma.nsis]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-
"{F89688C0-370E-4E5D-A473-299B383A41E5}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
[-HKEY_LOCAL_MACHINE\SOFTWARE\NSIS]
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Keep and eye out to see if that nsis folder comes back or if there are any nsis popups.
I completed your instructions, but when I started my computer this morning, I got an NSIS popup as soon as I started IE.
Bah!
LonnyRJones
2006-10-12, 00:56
Im Glad your patient )
Id like to see a kaspersky report then get samples of any files that might show
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
We dont need to see item's listed as "Object is locked skipped" so edit those out.
We do not need to see items reported that are in an antivirus quorantine folder.
And an option one and two log from a tool called PV, takken when you see one of those popups.
Download this zip.
http://www.downloads.subratam.org/pv.zip
unzip it to the desktop.
Open the folder and Double click on the runme.bat
choose option 1, hit enter, post that then do option 2
Post that one also
I ran the Kaspersky scan. It only pulled up objects that were "object is locked skipped." It also said that there was no malware on my computer. I have a sneaking suspicion that it was mistaken.
The next time an NSIS popup appeared, I ran the other file you told me to. I chose option 1 and option 2 for the same popup.
The logs are as follows.
Thank you for your patience with me. I hope we can figure this out. Also, symantec pulled up a trojan alert that it quarantined. I deleted the file (through symantec) this morning (without any associated tumult).
Option 1 Log:
Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427) GDI Client DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8474624 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) Windows Shell Common Dll
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Browser UI Library
SHDOCVW.dll 77760000 1507328 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2952 (xpsp_sp2_gdr.060714-0446) Net Win32 API DLL
WININET.dll 771b0000 692224 C:\WINDOWS\system32\WININET.dll 6.00.2900.2937 (xpsp.060623-0011) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
wmproxt.dll 10000000 94208 C:\WINDOWS\System32\wmproxt.dll 5, 1, 2600, 0 Proxy Extension Module
olescope.dll 11000000 196608 C:\WINDOWS\System32\olescope.dll 5.01.2600
MSVBVM60.DLL 73420000 1392640 C:\WINDOWS\System32\MSVBVM60.DLL 6.00.9690 Visual Basic Virtual Machine
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
msutb.dll 5fc10000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSUTB Server DLL
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
msi.dll 1c00000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2703 (xpsp.050620-1711) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
urlmon.dll 77260000 655360 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2960 (xpsp.060725-0051) OLE32 Extensions for Win32
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 74b30000 286720 C:\WINDOWS\system32\webcheck.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
dthook.dll 1ff0000 151552 C:\Program Files\Portrait Displays\ImageTune\dthook.dll
PresetsCOM.dll 1f10000 110592 C:\Program Files\Portrait Displays\ImageTune\PresetsCOM.dll
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.2703 (xpsp.050620-1711) Wireless Zero Configuration service API
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
ctagent.dll b10000 65536 C:\WINDOWS\system32\ctagent.dll 1, 0, 0, 8 ctagent
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
shdoclc.dll 3160000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
mshtml.dll 7dc30000 3080192 C:\WINDOWS\system32\mshtml.dll 6.00.2900.2963 (xpsp.060728-0003) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
jscript.dll 75c50000 450560 C:\WINDOWS\system32\jscript.dll 5.6.0.8831 Microsoft (r) JScript
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) DNS Client API DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
schannel.dll 767f0000 159744 C:\WINDOWS\system32\schannel.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TLS / SSL Security Provider
DDRAW.dll 73760000 299008 C:\WINDOWS\system32\DDRAW.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\system32\DCIMAN32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DCI Manager
browselc.dll 1b80000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
AcroIEHelper.dll 1a40000 57344 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 7.0.7.2006011200 Adobe Acrobat IE Helper Version 7.0 for ActiveX
MSVCR71.dll 7c340000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
SDHelper.dll 39c0000 872448 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 4, 0, 0 Bad download blocker
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
PDFShell.dll 3f00000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension
wuapi.dll 506a0000 471040 C:\WINDOWS\system32\wuapi.dll 5.8.0.2469 built by: lab01_n(wmbla) Windows Update Client API
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
btkeyind.dll 1fa0000 61440 C:\Program Files\Creative\Bluetooth Software\btkeyind.dll
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.2703 (xpsp.050620-1711) Wireless Zero Configuration Service UI
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows HTTP Services
msimtf.dll 746f0000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
sptip.dll 5c2c0000 262144 C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAPI5.0/CTF layer DLL
SPGRMR.DLL 3e90000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SPTIP Grammar DLL
SKCHUI.DLL 4560000 372736 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
Flash9.ocx 30000000 3006464 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx 9,0,16,0 Adobe Flash Player 9.0 r16
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
SwSupport.dll 69000000 57344 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll 10.1r11 Director Support
ddrawex.dll 6d430000 40960 C:\WINDOWS\system32\ddrawex.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Direct Draw Ex
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\system32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
MCPS.DLL 36d30000 106496 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.6551 Media Catalog Proxy/Stub
Option 2 log:
Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427) GDI Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Light-weight Utility Library
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
SHDOCVW.dll 77760000 1507328 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2952 (xpsp_sp2_gdr.060714-0446) Net Win32 API DLL
WININET.dll 771b0000 692224 C:\WINDOWS\system32\WININET.dll 6.00.2900.2937 (xpsp.060623-0011) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
SHELL32.dll 7c9c0000 8474624 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) Windows Shell Common Dll
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
uxtheme.dll 5ad70000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Browser UI Library
browselc.dll 20000000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
wmproxt.dll 10000000 94208 C:\WINDOWS\System32\wmproxt.dll 5, 1, 2600, 0 Proxy Extension Module
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
urlmon.dll 77260000 655360 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2960 (xpsp.060725-0051) OLE32 Extensions for Win32
AcroIEHelper.dll d70000 57344 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 7.0.7.2006011200 Adobe Acrobat IE Helper Version 7.0 for ActiveX
MSVCR71.dll 7c340000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
SDHelper.dll e20000 872448 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 4, 0, 0 Bad download blocker
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180
ssv.dll 6d610000 434176 C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll 5.0.80.3 Java(TM) 2 Platform Standard Edition binary
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
shdoclc.dll 1000000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
xpsp2res.dll 1090000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
mlang.dll 75cf0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
ctagent.dll de0000 65536 C:\WINDOWS\system32\ctagent.dll 1, 0, 0, 8 ctagent
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
msi.dll 1970000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) DNS Client API DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
mshtml.dll 7dc30000 3080192 C:\WINDOWS\system32\mshtml.dll 6.00.2900.2963 (xpsp.060728-0003) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
msimtf.dll 746f0000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
jscript.dll 75c50000 450560 C:\WINDOWS\system32\jscript.dll 5.6.0.8831 Microsoft (r) JScript
vbscript.dll 73300000 421888 C:\WINDOWS\system32\vbscript.dll 5.6.0.8820 Microsoft (r) VBScript
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
sptip.dll 5c2c0000 262144 C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAPI5.0/CTF layer DLL
SPGRMR.DLL 2320000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SPTIP Grammar DLL
SKCHUI.DLL 2340000 372736 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
dxtrans.dll 6bdd0000 221184 C:\WINDOWS\system32\dxtrans.dll 6.00.2900.2937 (xpsp.060623-0011) DirectX Media -- DirectX Transform Core
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ddrawex.dll 6d430000 40960 C:\WINDOWS\system32\ddrawex.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Direct Draw Ex
DDRAW.dll 73760000 299008 C:\WINDOWS\system32\DDRAW.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\system32\DCIMAN32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DCI Manager
dxtmsft.dll 6be10000 368640 C:\WINDOWS\system32\dxtmsft.dll 6.00.2900.2937 (xpsp.060623-0011) DirectX Media -- Image DirectX Transforms
mshtmled.dll 76200000 462848 C:\WINDOWS\system32\mshtmled.dll 6.00.2900.2937 (xpsp.060623-0011) Microsoft (R) HTML Editing Component
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
Flash9.ocx 30000000 3006464 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx 9,0,16,0 Adobe Flash Player 9.0 r16
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
msxml3.dll 69b10000 1064960 C:\WINDOWS\system32\msxml3.dll 8.70.1104.0 MSXML 3.0 SP 7
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
corpol.dll 6e4a0000 49152 C:\WINDOWS\system32\corpol.dll 2003.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft COM Runtime Execution Engine
cryptnet.dll 75e60000 77824 C:\WINDOWS\system32\cryptnet.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto Network Related API
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows HTTP Services
ADVPACK.DLL 75260000 167936 C:\WINDOWS\system32\ADVPACK.DLL 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ADVPACK
Cabinet.dll 75150000 81920 C:\WINDOWS\system32\Cabinet.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Cabinet File API
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
wshbth.dll 751d0000 122880 C:\WINDOWS\system32\wshbth.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
shgina.dll 73d70000 77824 C:\WINDOWS\system32\shgina.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell User Logon
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
Option 2 Log continued...
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
odbcint.dll c2c0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
audiodev.dll 40000000 495616 C:\WINDOWS\system32\audiodev.dll 5.2.3790.3646 (private/xpsp_mce.040810-0205) Portable Media Devices Shell Extension
WMVCore.DLL c2e0000 2355200 C:\WINDOWS\system32\WMVCore.DLL 10.00.00.4332 built by: dnsrv(bld4act) Windows Media Playback/Authoring DLL
WMASF.DLL c520000 241664 C:\WINDOWS\system32\WMASF.DLL 10.00.00.4332 built by: dnsrv(bld4act) Windows Media ASF DLL
ImgUtil.dll 66880000 49152 C:\WINDOWS\system32\ImgUtil.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) IE plugin image decoder support DLL
pngfilt.dll 5e310000 49152 C:\WINDOWS\system32\pngfilt.dll 6.00.2900.2937 (xpsp.060623-0011) IE PNG plugin image decoder
schannel.dll 767f0000 159744 C:\WINDOWS\system32\schannel.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TLS / SSL Security Provider
dssenh.dll 68100000 147456 C:\WINDOWS\system32\dssenh.dll 5.1.2600.2133 (xpsp.040514-1639) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
xpsp3res.dll 3430000 94208 C:\WINDOWS\system32\xpsp3res.dll 5.1.2600.2937 (xpsp.060623-0011) Service Pack 3 Messages
wmp.dll 1dfb0000 5541888 C:\WINDOWS\system32\wmp.dll 10.00.00.4036 Windows Media Player Core
gdiplus.dll 4ec50000 1716224 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158) Microsoft GDI+
MSVFW32.dll 75a70000 135168 C:\WINDOWS\system32\MSVFW32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Video for Windows DLL
wmploc.dll 1e500000 3371008 C:\WINDOWS\system32\wmploc.dll 10.00.00.3931 Windows Media Player
btkeyind.dll 1cda0000 61440 C:\Program Files\Creative\Bluetooth Software\btkeyind.dll
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
wuapi.dll 506a0000 471040 C:\WINDOWS\system32\wuapi.dll 5.8.0.2469 built by: lab01_n(wmbla) Windows Update Client API
Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427) GDI Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Light-weight Utility Library
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
SHDOCVW.dll 77760000 1507328 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2952 (xpsp_sp2_gdr.060714-0446) Net Win32 API DLL
WININET.dll 771b0000 692224 C:\WINDOWS\system32\WININET.dll 6.00.2900.2937 (xpsp.060623-0011) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
SHELL32.dll 7c9c0000 8474624 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) Windows Shell Common Dll
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
uxtheme.dll 5ad70000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2937 (xpsp.060623-0011) Shell Browser UI Library
browselc.dll 20000000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
wmproxt.dll 10000000 94208 C:\WINDOWS\System32\wmproxt.dll 5, 1, 2600, 0 Proxy Extension Module
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
urlmon.dll 77260000 655360 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2960 (xpsp.060725-0051) OLE32 Extensions for Win32
AcroIEHelper.dll ea0000 57344 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 7.0.7.2006011200 Adobe Acrobat IE Helper Version 7.0 for ActiveX
MSVCR71.dll 7c340000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
SDHelper.dll f50000 872448 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 4, 0, 0 Bad download blocker
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180
ssv.dll 6d610000 434176 C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll 5.0.80.3 Java(TM) 2 Platform Standard Edition binary
mshtml.dll 7dc30000 3080192 C:\WINDOWS\system32\mshtml.dll 6.00.2900.2963 (xpsp.060728-0003) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
shdoclc.dll 1530000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
xpsp2res.dll 15c0000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
ctagent.dll f20000 65536 C:\WINDOWS\system32\ctagent.dll 1, 0, 0, 8 ctagent
msi.dll 1c90000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
msimtf.dll 746f0000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
sptip.dll 5c2c0000 262144 C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAPI5.0/CTF layer DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
SPGRMR.DLL 1fb0000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SPTIP Grammar DLL
SKCHUI.DLL 1fd0000 372736 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) DNS Client API DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
jscript.dll 75c50000 450560 C:\WINDOWS\system32\jscript.dll 5.6.0.8831 Microsoft (r) JScript
vbscript.dll 73300000 421888 C:\WINDOWS\system32\vbscript.dll 5.6.0.8820 Microsoft (r) VBScript
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
dxtrans.dll 6bdd0000 221184 C:\WINDOWS\system32\dxtrans.dll 6.00.2900.2937 (xpsp.060623-0011) DirectX Media -- DirectX Transform Core
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ddrawex.dll 6d430000 40960 C:\WINDOWS\system32\ddrawex.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Direct Draw Ex
DDRAW.dll 73760000 299008 C:\WINDOWS\system32\DDRAW.dll 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\system32\DCIMAN32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DCI Manager
dxtmsft.dll 6be10000 368640 C:\WINDOWS\system32\dxtmsft.dll 6.00.2900.2937 (xpsp.060623-0011) DirectX Media -- Image DirectX Transforms
Flash9.ocx 30000000 3006464 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx 9,0,16,0 Adobe Flash Player 9.0 r16
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
schannel.dll 767f0000 159744 C:\WINDOWS\system32\schannel.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TLS / SSL Security Provider
iepeers.dll 66e50000 262144 C:\WINDOWS\system32\iepeers.dll 6.00.2900.2937 (xpsp.060623-0011) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
mshtmled.dll 76200000 462848 C:\WINDOWS\system32\mshtmled.dll 6.00.2900.2937 (xpsp.060623-0011) Microsoft (R) HTML Editing Component
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
shgina.dll 73d70000 77824 C:\WINDOWS\system32\shgina.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell User Logon
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
odbcint.dll 68b0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
audiodev.dll 40000000 495616 C:\WINDOWS\system32\audiodev.dll 5.2.3790.3646 (private/xpsp_mce.040810-0205) Portable Media Devices Shell Extension
WMVCore.DLL 9980000 2355200 C:\WINDOWS\system32\WMVCore.DLL 10.00.00.4332 built by: dnsrv(bld4act) Windows Media Playback/Authoring DLL
WMASF.DLL 70e0000 241664 C:\WINDOWS\system32\WMASF.DLL 10.00.00.4332 built by: dnsrv(bld4act) Windows Media ASF DLL
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
dssenh.dll 68100000 147456 C:\WINDOWS\system32\dssenh.dll 5.1.2600.2133 (xpsp.040514-1639) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
cryptnet.dll 75e60000 77824 C:\WINDOWS\system32\cryptnet.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto Network Related API
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows HTTP Services
ImgUtil.dll 66880000 49152 C:\WINDOWS\system32\ImgUtil.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) IE plugin image decoder support DLL
pngfilt.dll 5e310000 49152 C:\WINDOWS\system32\pngfilt.dll 6.00.2900.2937 (xpsp.060623-0011) IE PNG plugin image decoder
msxml3.dll 69b10000 1064960 C:\WINDOWS\system32\msxml3.dll 8.70.1104.0 MSXML 3.0 SP 7
SwSupport.dll 69000000 57344 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll 10.1r11 Director Support
LonnyRJones
2006-10-14, 00:51
Thanks
Reboot into safe mode and zip up a copy of this file please
C:\WINDOWS\System32\wmproxt.dll
then delete the original and the c:\program files\common files\NSIS folder
Reboot back to normal and send me that copy of wmproxt.dll please
Send it to submitlonnyATsubratam.org
I was unable to delete the wmproxt.dll file because it was in use. I did, however, delete the NSIS folder.
LonnyRJones
2006-10-14, 07:12
Thanks for sending that
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Windows Registry Editor Version 5.00
;
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BACC17E-BDF7-405B-BC68-ECB506395118}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89688C0-370E-4E5D-A473-299B383A41E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7DDB794-65BF-452C-BBA8-D063078B42F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89C49C15-72D0-4949-9355-9CD109A2DC2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72BA6BE1-A20E-4E9E-9305-D9FC1561F888}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B889F851-86CD-4BF2-A5BF-F1E98ED83BE5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wwmdma.nsis]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-
"{F89688C0-370E-4E5D-A473-299B383A41E5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSISMedia]
[-HKEY_LOCAL_MACHINE\SOFTWARE\NSIS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Proxy.ProxyExt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Proxy.ProxyExt.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\ShellEx\ContextMenuHandlers\ProxyExt]
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.
C:\Program Files\Common Files\NSIS < delete if present
C:\WINDOWS\System32\wmproxt.dll < delete
LonnyRJones
2006-10-19, 09:37
jsmba07 ?
LonnyRJones
2006-10-21, 13:47
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
LonnyRJones
2006-10-21, 13:47
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.