Your log looked clean so we will go on with this fix and have you run another virus scan. Can you do this in your sleep yet? But I want you to run another tool called DLLCompare.
Restore Deleted Files Now we need to see if we need to restore some deleted files: Please check for the following files using the Windows Search Engine: control.exe rundll32.exe wmplayer.exe msconfig.exe notepad.exe shell.dll SDHelper.dll If any are missing or not working properly then you can download new copies from
http://www.richardthelionhearted.com/?url=merijn.richardthelionhearted.com
and follow the instructions at that site to install them where they belong for your OS. Download the Hoster from
http://www.funkytoad.com/download/hoster.zip
Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
Hijackthis Finally, scan again with HijackThis and post your logfile. If the Antivirus scan found anything please post that log also.
DLLCompare Download DllCompare from
http://downloads.subratam.org/DllCompare.exe.
Double-click on DllCompare.exe to run the program. Click "Run Locate.com" and it will scan your system for files. Once the scan has finished click "Compare" to compare your files to valid Windows files. Once it has finished comparing click "Make a Log of what was found". Click "Yes" at the View Log file? prompt to view the log. Copy and paste the entire log into this topic. If you accidentally close out of the log it is also saved as log.txt to where you saved DllCompare.exe. Click "Exit" to exit DLLCompare. Please post back the Dllcompare log
Come join us at the Malware Removal University and help others fight malware!
Housecall found CoolwebA again and again could not delete it cause it was currently in use. I did not see an option to post a log from that site.
The link for the DLL compare was not good. Clicking on the home page fro downloads subatram said I was not authorized.
Finally here is a new HJT log
Logfile of HijackThis v1.99.1 Scan saved at 5:14:08 PM, on 5/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I am sorry but try this again please. I had a period at the end of the link above which messed up your trying to download the DLLCompare.
DLLCompare Download DllCompare from
http://downloads.subratam.org/DllCompare.exe
Double-click on DllCompare.exe to run the program. Click "Run Locate.com" and it will scan your system for files. Once the scan has finished click "Compare" to compare your files to valid Windows files. Once it has finished comparing click "Make a Log of what was found". Click "Yes" at the View Log file? prompt to view the log. Copy and paste the entire log into this topic. If you accidentally close out of the log it is also saved as log.txt to where you saved DllCompare.exe. Click "Exit" to exit DLLCompare. Please post back the Dllcompare log
I tried that DLL compare link again....it brings me to a "page can not be found" and when I click on the link on that page for the downloads subratam.org home page I get a page that says I am not authorized to view the page????
I ggogled Subratam and did find a home page for them but could not find DLL Compare on that home page. When I searched their site for dll compare it brought me to a PV Zip file but I am not knowledgeable enough to know if that is what I should be looking for.
I fixed the hyperlinks which had a "stupid" period in it. I am sorry about my mistake but please follow the instructions above and do the DllCompare. I am looking for a bad file which keeps the infection going.
I click on the link on that page for the downloads subratam.org home page I get a page that says I am not authorized to view the page???? I get that too.
* DLLCompare Log version() Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________
O^E says: "There were no files found :)" ________________________________________________
2,136 items found: 2,136 files, 0 directories. Total of file sizes: 273,176,166 bytes 260.52 M
I've stumbled across something that I am not sure if it is related to my intial problem... but I had noticed over the last few weeks that my NAV did not always run as I had scheduled it to do. So when I saw that it had not run I would just run it. But tonight I decided to figure out why it did not run as I wanted it to. I followed some of the instructions from SYmantec and it appears that I did not have a user password associated with the scheduled tasks. I have had this computer and NAV for a year so I was confused how this could be. I thought with all the stuff we have been doing with my computer that the passwords were deleted. So I attempted to follow the instructions for assigning a password and I found that I can not open the User Account section on the control panel.I can;t get a password and therefore can't schedule NAV on any kind of schedule. So in my paranoid mind now I wonder could a virus/infection have taken away the passwords specifically to screw up NAV and prevent it from running on a schedule???
Do you have any idea why I would not be able to open the User Account section in the control panel??
I attempted to follow the instructions for assigning a password and I found that I can not open the User Account section on the control panel.I can;t get a password and therefore can't schedule NAV on any kind of schedule. So in my paranoid mind now I wonder could a virus/infection have taken away the passwords specifically to screw up NAV and prevent it from running on a schedule???
Do you have any idea why I would not be able to open the User Account section in the control panel??
Did you upgrade to Windows XP? I would suggest that you search the Microsoft Knowledge Base for articles that might solve your problem.
I want you to run some more scans. I believe that there is a hidden file that is causing the Aboutbuster problem and your infection. With these scans I hope to confirm its presence and then we can proceed with deletion and finish up.
Keep one IE window open and..... Go to the folder where you put the PV-Tool and doubleclick "Runme.bat" . In the command window type "1" and "enter" . A textfile will be produced then copy and post it.
Repeat the procedure and this time type"2" and a new textfile will be produced, copy and post this one ,too.
RegSrch.vbs
You will also see in the folder with the runme.bat, another folder named RegSrch.vbs. Double click on RegSrch.vbs and enter kbd.dll and click OK. A file will be generated in Word Pad. Please copy this file and post it also.
AboutBuster – yes again!
I know you have downloaded this several times but please do it again and check for updates to be sure that you have the most current version. Download AboutBuster from http://www.malwarebytes.biz/AboutBuster5.zip Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet
Safe Mode
Go to safe mode—reboot and tap the F8 key
Then go to: Start
Run
type in
regsvr32 /u "C\Windows\System32\kbd.dll"
Enter (Should get a success message....but may get Module not Found)
Now navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.
I am keeping my fingers crossed and hoping aboutbuster does run. Please let me know what happens.
Reboot and post the aboutbuster log or errors messages.
Susan
Come join us at the Malware Removal University and help others win the fight against Malware!
When i tried to run the RegSrch I got a NAV window that said "Hi risk" your computer was halted and needs to do something about this. ANd then it listed:
Object: Windows script host shell object
Activity: Run
File:c\pv\pv\pvregscrchvbs
ANd then there was a drop down box with choices stop script, allow activity once, allow entire script once,, quarantine, authorize. Since I am totally clueless as to what any of this means I said stop and exited. If you wnat me to try again what do I choose?
I am going to try the about buster now and will post the log after I reboot.
Aboutbuster completed successfully! I am so happy! :smileyvery-happy: It removed 65 items! We are making progress! Thank you for your persistence!
Once again I want you to do the following steps!
Run antivirus scan TrendMicro - http://housecall.trendmicro.com/housecall/start_corp.asp Be sure and check Auto Clean box Click "Select Your Location - Start Free Scan" If there is anything non-cleanable please take note and give me complete filepaths if you can. Reboot
Run Hijackthis Please run HijackThis once more and post your logfile and information about the antivirus scan.
ALgal
1.2K Posts
0
May 30th, 2005 16:00
Restore Deleted Files Now we need to see if we need to restore some deleted files: Please check for the following files using the Windows Search Engine: control.exe rundll32.exe wmplayer.exe msconfig.exe notepad.exe shell.dll SDHelper.dll If any are missing or not working properly then you can download new copies from http://www.richardthelionhearted.com/?url=merijn.richardthelionhearted.com and follow the instructions at that site to install them where they belong for your OS. Download the Hoster from http://www.funkytoad.com/download/hoster.zip Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
Message Edited by ALgal on 05-31-2005 08:17 AM
Mollie2333
63 Posts
0
May 30th, 2005 20:00
Hi Susan:
I did not have to restore any files.
Housecall found CoolwebA again and again could not delete it cause it was currently in use. I did not see an option to post a log from that site.
The link for the DLL compare was not good. Clicking on the home page fro downloads subatram said I was not authorized.
Finally here is a new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 5:14:08 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\NewHJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100829214\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\America Online 9.0b\waol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kontiki.com/securedelivery/main/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ALgal
1.2K Posts
0
May 30th, 2005 22:00
Message Edited by ALgal on 05-31-2005 08:16 AM
Message Edited by ALgal on 05-31-2005 08:19 AM
Mollie2333
63 Posts
0
May 30th, 2005 22:00
Susan;
I tried that DLL compare link again....it brings me to a "page can not be found" and when I click on the link on that page for the downloads subratam.org home page I get a page that says I am not authorized to view the page????
I ggogled Subratam and did find a home page for them but could not find DLL Compare on that home page. When I searched their site for dll compare it brought me to a PV Zip file but I am not knowledgeable enough to know if that is what I should be looking for.
ALgal
1.2K Posts
0
May 30th, 2005 23:00
Message Edited by ALgal on 05-31-2005 08:25 AM
Mollie2333
63 Posts
0
May 31st, 2005 22:00
Hi Susan:
Got to the Dll compare..this is the log
* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: "There were no files found :)"
________________________________________________
2,136 items found: 2,136 files, 0 directories.
Total of file sizes: 273,176,166 bytes 260.52 M
Administrator Account = True
--------------------End log---------------------
Mollie2333
63 Posts
0
June 1st, 2005 00:00
Hi Susan:
I've stumbled across something that I am not sure if it is related to my intial problem... but I had noticed over the last few weeks that my NAV did not always run as I had scheduled it to do. So when I saw that it had not run I would just run it. But tonight I decided to figure out why it did not run as I wanted it to. I followed some of the instructions from SYmantec and it appears that I did not have a user password associated with the scheduled tasks. I have had this computer and NAV for a year so I was confused how this could be. I thought with all the stuff we have been doing with my computer that the passwords were deleted. So I attempted to follow the instructions for assigning a password and I found that I can not open the User Account section on the control panel.I can;t get a password and therefore can't schedule NAV on any kind of schedule. So in my paranoid mind now I wonder could a virus/infection have taken away the passwords specifically to screw up NAV and prevent it from running on a schedule???
Do you have any idea why I would not be able to open the User Account section in the control panel??
ALgal
1.2K Posts
0
June 1st, 2005 15:00
Hello Mollie,
I attempted to follow the instructions for assigning a password and I found that I can not open the User Account section on the control panel.I can;t get a password and therefore can't schedule NAV on any kind of schedule. So in my paranoid mind now I wonder could a virus/infection have taken away the passwords specifically to screw up NAV and prevent it from running on a schedule???
Do you have any idea why I would not be able to open the User Account section in the control panel??
Did you upgrade to Windows XP? I would suggest that you search the Microsoft Knowledge Base for articles that might solve your problem.
http://support.microsoft.com/search/default.aspx?qu=Windows+XP+%2B+User+Account+%2B+Control+Panel+
I want you to run some more scans. I believe that there is a hidden file that is causing the Aboutbuster problem and your infection. With these scans I hope to confirm its presence and then we can proceed with deletion and finish up.
PV zip
Download PV.zip from http://www.downloads.subratam.org/pv.zip
Keep one IE window open and..... Go to the folder where you put the PV-Tool and doubleclick "Runme.bat" . In the command window type "1" and "enter" . A textfile will be produced then copy and post it.
Repeat the procedure and this time type"2" and a new textfile will be produced, copy and post this one ,too.
RegSrch.vbs
You will also see in the folder with the runme.bat, another folder named RegSrch.vbs. Double click on RegSrch.vbs and enter kbd.dll and click OK. A file will be generated in Word Pad. Please copy this file and post it also.
AboutBuster – yes again!I know you have downloaded this several times but please do it again and check for updates to be sure that you have the most current version.
Download AboutBuster from http://www.malwarebytes.biz/AboutBuster5.zip Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet
Safe Mode
Go to safe mode—reboot and tap the F8 key
Now navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.
I am keeping my fingers crossed and hoping aboutbuster does run. Please let me know what happens.
Reboot and post the aboutbuster log or errors messages.
Mollie2333
63 Posts
0
June 1st, 2005 23:00
Second part of Number 2 log
NavShExt.dll 1b30000 98304 C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
MSVCP70.dll 7c080000 487424 C:\WINDOWS\system32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
shdoclc.dll 1b70000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
xpsp2res.dll 1c00000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
mlang.dll 75cf0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
connwsp.dll 1ed0000 57344 C:\WINDOWS\system32\connwsp.dll 1.2.1393.0 connwsp Dynamic Link Library
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
rsvpsp.dll 73080000 114688 C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Rsvp 1.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DNS Client API DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access AutoDial Helper
msi.dll 2670000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
idleproc.dll 67f00000 24576 C:\Program Files\America Online 9.0a\idleproc.dll 9.00.001 IDLEPROC DLL
MSVCR71.dll 7c360000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.6014.4 Microsoft® C Runtime Library
OFUSBS.DLL 2980000 81920 C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL 3.0.4.591 Ofoto USB Services Module
mshtml.dll 7d4a0000 3035136 C:\WINDOWS\System32\mshtml.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\System32\msls31.dll 3.10.349.0 Microsoft Line Services library file
msimtf.dll 746f0000 172032 C:\WINDOWS\System32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
sptip.dll 5c2c0000 262144 C:\WINDOWS\ime\sptip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAPI5.0/CTF layer DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
SPGRMR.DLL 1ae0000 69632 C:\WINDOWS\IME\SPGRMR.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SPTIP Grammar DLL
SKCHUI.DLL 3130000 372736 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL 1.0.1038.0 Draw Pen Tip
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
scrauth.dll 32d0000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 1, 131 ScriptBlocking Authenticator
ScrBlock.dll 3300000 131072 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 1, 131 ScriptBlocking
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
jscript.dll 75c50000 450560 c:\windows\system32\jscript.dll 5.6.0.8820 Microsoft (r) JScript
iepeers.dll 66e50000 262144 C:\WINDOWS\System32\iepeers.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
mshtmled.dll 76200000 462848 C:\WINDOWS\System32\mshtmled.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft (R) HTML Editing Component
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
Mollie2333
63 Posts
0
June 1st, 2005 23:00
It's me again...
The Regsvr32....came up Module not found.
It looks like About Buster ran, here is the log...
Scan started on [6/1/2005] at [8:28:52 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\aucfg.ini:udmltg
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:cllvve
Removed Stream! C:\WINDOWS\chipset.log:ticqqw
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:hlnuzt
Removed Stream! C:\WINDOWS\CONTROL.INI:duxcgv
Removed Stream! C:\WINDOWS\CONTROL.INI:zlxhce
Removed Stream! C:\WINDOWS\DESKTOP.INI:apgfjq
Removed Stream! C:\WINDOWS\dgzvs.log:knqrlc
Removed Stream! C:\WINDOWS\DirectX.log:cnjryr
Removed Stream! C:\WINDOWS\DJBDRV.LOG:ikiudk
Removed Stream! C:\WINDOWS\DtcInstall.log:lrjygk
Removed Stream! C:\WINDOWS\FaxSetup.log:drcdan
Removed Stream! C:\WINDOWS\Greenstone.bmp:owhbus
Removed Stream! C:\WINDOWS\KB817027.log:lthwfm
Removed Stream! C:\WINDOWS\KB823559.log:duschw
Removed Stream! C:\WINDOWS\KB823559.log:fmmck
Removed Stream! C:\WINDOWS\KB842773.log:hdxsan
Removed Stream! C:\WINDOWS\KB867282.log:nyijcw
Removed Stream! C:\WINDOWS\KB885836.log:bjgmea
Removed Stream! C:\WINDOWS\KB885836.log:tbmwia
Removed Stream! C:\WINDOWS\KB886185.log:vdvvs
Removed Stream! C:\WINDOWS\KB888113.log:tkyszk
Removed Stream! C:\WINDOWS\KB890175.log:mlrftm
Removed Stream! C:\WINDOWS\KB891781.log:elckvx
Removed Stream! C:\WINDOWS\kodakpcd.Gail.ini:txkote
Removed Stream! C:\WINDOWS\nsreg.dat:erogpr
Removed Stream! C:\WINDOWS\ntdtcsetup.log:zvzvmd
Removed Stream! C:\WINDOWS\n_cgwwte.txt:hszrmm
Removed Stream! C:\WINDOWS\n_mhcpdh.txt:eygrio
Removed Stream! C:\WINDOWS\n_mhcpdh.txt:nifzmb
Removed Stream! C:\WINDOWS\n_zqjmsp.txt:pzjceb
Removed Stream! C:\WINDOWS\ODBC.INI:hacpyl
Removed Stream! C:\WINDOWS\orun32.ini:kwkoiq
Removed Stream! C:\WINDOWS\Q328213.log:mgwra
Removed Stream! C:\WINDOWS\Q329112.log:flegel
Removed Stream! C:\WINDOWS\Q329112.log:oaeiw
Removed Stream! C:\WINDOWS\Q329115.log:nqcmda
Removed Stream! C:\WINDOWS\Q329170.log:fygmyn
Removed Stream! C:\WINDOWS\Q329834.log:yzqrbx
Removed Stream! C:\WINDOWS\Route32.INI:vlkorh
Removed Stream! C:\WINDOWS\SchedLgU.Txt:sfawmw
Removed Stream! C:\WINDOWS\SETUPERR.LOG:rqumcr
Removed Stream! C:\WINDOWS\spupdsvc.log:odtpzq
Removed Stream! C:\WINDOWS\spupdsvc.log:yeslj
Removed Stream! C:\WINDOWS\svcpack.log:ihbwsc
Removed Stream! C:\WINDOWS\SynInst.log:wwgvkt
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
Removed Stream! C:\WINDOWS\TSOC.LOG:mtqetv
Removed Stream! C:\WINDOWS\upst.ini:sfofqn
Removed Stream! C:\WINDOWS\VBADDIN.INI:zyjlbq
Removed Stream! C:\WINDOWS\vmuninst.log:szuydt
Removed Stream! C:\WINDOWS\WMSysPrx.prx:dvrjbd
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aimeyy
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:amdhwa
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:annwa
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:bjxzpm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:bvsho
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cgjfuh
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cvmgwd
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:dlfakl
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:eeitxb
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:gbcefg
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:gegpnl
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:hbxusj
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:hkfpb
------------------------------------------------
Removed File! : C:\Windows\hdxsa.dat
Removed File! : C:\Windows\System32\jublu.dat
Removed File! : C:\Windows\System32\kfadw.dat
Removed File! : C:\Windows\System32\nthst32.dll
Removed File! : C:\Windows\System32\nwdcf.dat
Removed File! : C:\Windows\System32\usglz.dat
Removed File! : C:\Windows\System32\vwxlz.dat
Removed File! : C:\Windows\System32\xpdxh.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:31:25 PM
Mollie2333
63 Posts
0
June 1st, 2005 23:00
First part of Nummber 2 log
Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Light-weight Utility Library
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
SHDOCVW.dll 77760000 1490944 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
uxtheme.dll 5ad70000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
asOEHook.dll 10000000 196608 C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll 2004.1.04.18 AntiSpam OE Hook
MSVCR70.dll 7c000000 344064 C:\WINDOWS\system32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
SynTPFcs.dll 63000000 81920 C:\WINDOWS\system32\SynTPFcs.dll 7.10.8 22Apr04 SynTPFcs
WLHook.dll ea0000 28672 C:\Program Files\Common Files\AOL\ACS\WLHook.dll 3.1.0.1 ACS Session White List Hook
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Browser UI Library
browselc.dll 20000000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
urlmon.dll 77260000 647168 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) OLE32 Extensions for Win32
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
googletoolbar2.dll 1850000 708608 c:\program files\google\googletoolbar2.dll 2, 0, 114, 9 Google IE Client Toolbar
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
DBGHELP.DLL 59a60000 659456 C:\WINDOWS\system32\DBGHELP.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Image Helper
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
AcroIEHelper.dll 1a60000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
Mollie2333
63 Posts
0
June 1st, 2005 23:00
Susan:
When i tried to run the RegSrch I got a NAV window that said "Hi risk" your computer was halted and needs to do something about this. ANd then it listed:
Object: Windows script host shell object
Activity: Run
File:c\pv\pv\pvregscrchvbs
ANd then there was a drop down box with choices stop script, allow activity once, allow entire script once,, quarantine, authorize. Since I am totally clueless as to what any of this means I said stop and exited. If you wnat me to try again what do I choose?
I am going to try the about buster now and will post the log after I reboot.
Mollie2333
63 Posts
0
June 1st, 2005 23:00
second part of Number 1
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LangageBar Add In
browselc.dll 2240000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
WLHook.dll 2280000 28672 C:\Program Files\Common Files\AOL\ACS\WLHook.dll 3.1.0.1 ACS Session White List Hook
wzcdlg.dll 5df10000 385024 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Wireless Zero Configuration Service UI
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows HTTP Services
AcroIEHelper.dll 2c50000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
MSVCR70.dll 7c000000 344064 C:\WINDOWS\system32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
asOEHook.dll 2cc0000 196608 C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll 2004.1.04.18 AntiSpam OE Hook
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
firewall.cpl 4b500000 90112 C:\WINDOWS\system32\firewall.cpl 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Firewall Control Panel
netsetup.cpl 74fc0000 36864 C:\WINDOWS\system32\netsetup.cpl 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Setup Wizard Control Panel Applet
nvtuicpl.cpl 1e50000 143360 C:\WINDOWS\system32\nvtuicpl.cpl 6.14.10.4585 NVIDIA nView Control Panel, Version 45.85
shdoclc.dll 3030000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
MSVCR71.dll 7c360000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.6014.4 Microsoft® C Runtime Library
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
dadkeyb.dll 3240000 77824 C:\Program Files\Dell\QuickSet\dadkeyb.dll
Dadkeyb.dll 3270000 65536 C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll
mshtml.dll 7d4a0000 3035136 C:\WINDOWS\System32\mshtml.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\System32\msls31.dll 3.10.349.0 Microsoft Line Services library file
hhctrl.ocx 5d300000 557056 C:\WINDOWS\System32\hhctrl.ocx 5.2.3790.1280 (dnsrv.041117-1805) Microsoft® HTML Help Control
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
mscoree.dll 79170000 155648 C:\WINDOWS\System32\mscoree.dll 1.1.4322.2032 Microsoft .NET Runtime Execution Engine
mscorie.dll 79410000 86016 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll 1.1.4322.573 Microsoft .NET IE MIME Filter
scrauth.dll 67e0000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 1, 131 ScriptBlocking Authenticator
ScrBlock.dll 6830000 131072 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 1, 131 ScriptBlocking
jscript.dll 75c50000 450560 c:\windows\system32\jscript.dll 5.6.0.8820 Microsoft (r) JScript
printui.dll 74b80000 573440 C:\WINDOWS\system32\printui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Print UI DLL
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
idleproc.dll 67f00000 24576 C:\Program Files\America Online 9.0a\idleproc.dll 9.00.001 IDLEPROC DLL
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
odbcint.dll 4720000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
sti.dll 73ba0000 77824 C:\WINDOWS\System32\sti.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Still Image Devices client DLL
NavShExt.dll e70000 98304 C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
MSVCP70.dll 7c080000 487424 C:\WINDOWS\system32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
ScrTrust.dll 49e0000 65536 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll 1, 1, 1, 131 ScriptBlocking Trust Verifier
MCPS.DLL 36d30000 106496 C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL 11.0.6357 Media Catalog Proxy/Stub
Mollie2333
63 Posts
0
June 1st, 2005 23:00
Hi Susan:
These freakin' logs are too long to post as one so here goes:
Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Browser UI Library
SHDOCVW.dll 77760000 1490944 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\System32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
msutb.dll 5fc10000 208896 C:\WINDOWS\System32\msutb.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSUTB Server DLL
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MSCTF Server DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
NETSHELL.dll 76400000 1728512 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
urlmon.dll 77260000 647168 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648) OLE32 Extensions for Win32
msi.dll 1470000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 74b30000 286720 C:\WINDOWS\System32\webcheck.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\System32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\System32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\System32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
SynTPFcs.dll 63000000 81920 C:\WINDOWS\system32\SynTPFcs.dll 7.10.8 22Apr04 SynTPFcs
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Wireless Zero Configuration service API
OFUSBS.DLL 10000000 81920 C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL 3.0.4.591 Ofoto USB Services Module
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll
ALgal
1.2K Posts
0
June 2nd, 2005 13:00
Hello Mollie,
Aboutbuster completed successfully! I am so happy! :smileyvery-happy: It removed 65 items! We are making progress! Thank you for your persistence!
Once again I want you to do the following steps!
Run antivirus scan
TrendMicro - http://housecall.trendmicro.com/housecall/start_corp.asp
Be sure and check Auto Clean box
Click "Select Your Location - Start Free Scan"
If there is anything non-cleanable please take note and give me complete filepaths if you can.
Reboot
Run Hijackthis
Please run HijackThis once more and post your logfile and information about the antivirus scan.