HijackThis Logfile 2

Discussion in 'adware, spyware & hijack cleaning' started by Whispy_THing, Apr 10, 2004.

Thread Status:
Not open for further replies.
  1. Whispy_THing

    Whispy_THing Guest

    HijackThis log

    Logfile of HijackThis v1.97.7
    Scan saved at 00:42:41, on 11.4.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\WINDOWS\DitExp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Semagic\LiveJournalU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winamp.exe
    C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Ragnar Sigurður\Desktop\Downloads\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bt.is/
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bt.is/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://support.vugames.com/betasubmission/sysinfo/Si.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37925.069849537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553532000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D6564E-6CA3-43CD-BF54-10E63418825C}: NameServer = 212.30.200.200 194.105.224.1




    Could some one go through this with me? The reason why I'm posting this is because there seems to be some sort of a program running 'behind the curtains'. It shows up when I 'alt+tab', however it's just a blank icon and doesn't show a name.

    Does any one know what in there I should 'fix'?
    Thanks in advance. =)
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Re: HijackThis log

    Hi Whispy_THing,

    Welcome to Wilders.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
  3. Whispy_Thing

    Whispy_Thing Guest

    Re: HijackThis log

    Thanks for responding so quickly! I did as you asked and here's the log:


    Logfile of HijackThis v1.97.7
    Scan saved at 01:03:31, on 11.4.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ragnar Sigurður\Desktop\Downloads\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bt.is/
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bt.is/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://support.vugames.com/betasubmission/sysinfo/Si.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37925.069849537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553532000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D6564E-6CA3-43CD-BF54-10E63418825C}: NameServer = 212.30.200.200 194.105.224.1





    Okay, so far I haven't seen any evidence of the program coming back. But most often it does take a bit until after the restart for it to surface. Do things look clean? :)

    Again, thanks!
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Re: HijackThis log

    Hi Whispy_Thing,

    Your log is clean now, good work :D ...

    Regards,
    Kent
     
  5. Whispy_Thing

    Whispy_Thing Guest

    Re: HijackThis log

    Thanks man!! I owe you a beer! ;)

    I hope you guys won't mind if I come back if that sneaky bugger comes back.

    Cheers!
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Re: HijackThis log

    Hi Whispy_Thing,

    No problem as it was my pleasure ;) ....

    Regards,
    Kent
     
  7. Whispy_Thing

    Whispy_Thing Guest

    Hi again. The sneaky bugger is back in the alt+tab, it seems. I'm posting a brand new logfile. Did what I deleted come back, or is there something else we missed?

    Logfile of HijackThis v1.97.7
    Scan saved at 03:36:06, on 11.4.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Semagic\LiveJournalU.exe
    C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Ragnar Sigurður\Desktop\Downloads\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bt.is/
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bt.is/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://support.vugames.com/betasubmission/sysinfo/Si.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37925.069849537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553532000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D6564E-6CA3-43CD-BF54-10E63418825C}: NameServer = 212.30.200.200 194.105.224.1

    Also, a really bad screenshot of the sneaky bugger:
    http://bb.domaindlx.com/whispything/WeirdIcon.jpg



    I made this log while the thing was running then selected it through alt+tab (nothing popped up onto the screen or any thing) and closed it throught ALT+F4. It keeps popping back in there tho', and it's freaking me out. :p

    Any help more then appreciated! Thanks a bunch. =)
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Whispy_Thing,

    Your log looks clean to me as I do not see anything obviously wrong with it. One of the other Experts should be here in 2 or 3 hours and I will have one of them take a look also.

    Regards,
    Kent
     
  9. Whispy_Thing

    Whispy_Thing Guest

    Thanks man, I'll check back tomorrow.

    Cheers!
     
  10. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
  11. Whispy_Thing

    Whispy_Thing Guest

    Okay, now I -know- that there's something unool going on. After I got the Sygate Personal Firewall, I've been getting steady reports of all kinds of things both port scanning and probing, plus the sneaky bugger program is BACK. I wouldn't be surprised if it were some sort a trojan or who-knows-what. I used the Sygate tracer to report the IP's that were doing the port scanning/probing to their ISP, but I still want that thing out of my computer. I don't even really feel that I'm safe to go online just to post this. :(

    Okay, here's the HijackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 18:31:12, on 11.4.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ragnar Sigurður\Desktop\Downloads\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bt.is/
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bt.is/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://support.vugames.com/betasubmission/sysinfo/Si.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37925.069849537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553532000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D6564E-6CA3-43CD-BF54-10E63418825C}: NameServer = 212.30.200.200 194.105.224.1




    It's probably identical to those I've already posted, but just in case you guys would want it.

    Am I just being paranoid, or is this some sort of a new thing? =/

    Thanks in advance for any replies!
     
  12. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Whispy_Thing,

    I still do not see anything obviously wrong with you HJT log. I will try to have one of the other Experts here have a look at it as soon as possible. We have been real busy since the software change here and someone else will have a look as soon as they can.

    Regards,
    Kent
     
  13. WhispyThing

    WhispyThing Guest

    Thanks. :) I really appreciate it. And I do hope I'm not being too much of a bother with all of this.
     
  14. Whispy_Thing

    Whispy_Thing Guest

    Still no luck?

    If you guys want, I'll post a new HijackThis log. =) But I doubt any thing noticable has changed.
     
  15. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    post a new log and also

    Download this zip: http://www.zero.vulc4n.com/downloads/pv.zip, unzip it to the desktop.
    Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.
    Notepad will open with a log in it

    post that log please

    you will have the option of doing a log with IE ands with explorer please do both
     
  16. Whispy_Thing

    Whispy_Thing Guest

    Thanks for replying!! Here are the logs you asked for. =)



    Module information for 'Explorer.EXE'
    MODULE BASE SIZE PATH
    Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2800.1221 (xpsp2.030511-1403) Windows Explorer
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) NT Layer DLL
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1254 (xpsp2.030801-1834) Remote Procedure Call Runtime
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Windows XP USER API Client DLL
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell Light-weight Utility Library
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Windows Shell Common Dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1263 (xpsp2.030819-2129) Microsoft OLE for Windows
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser UI Library
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Shell Doc Object and Control Library
    UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-114:cool: Version Checking and File Installation Libraries
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Client Side Caching UI
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-114:cool: Offline Network Agent
    themeui.dll 559e0000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Theme API
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
    MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
    SSSensor.dll 6330000 86016 C:\WINDOWS\System32\SSSensor.dll 5. 5. 0. 5 ScreenSaver Sensor
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
    LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Volume Tracking
    ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell extensions for sharing
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-114:cool: Multi Language Support DLL
    msi.dll 1120000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
    urlmon.dll 1a400000 499712 C:\WINDOWS\System32\urlmon.dll 6.00.2800.1400 OLE32 Extensions for Win32
    NETSHELL.dll 75cf0000 1642496 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1254 (xpsp2.030801-1834) Network Connections Shell
    credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Credential Manager User Interface
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 2.0 Helper for Windows NT
    iphlpapi.dll 76d60000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP Helper API
    WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
    webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Web Site Monitor
    stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray shell service object
    BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-114:cool: Battery Meter Helper DLL
    POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-114:cool: Power Profile Helper DLL
    WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-114:cool: WDM Audio driver mapper
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Sound Mapper
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft ACM Audio Filter
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft MIDI Mapper
    WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-114:cool: Microsoft Trust Verification APIs
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1274 (xpsp2.030825-2117) ASN.1 Runtime APIs
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll 6.00.2800.1400 Internet Extensions for Win32
    MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-114:cool: Multiple Provider Router DLL
    drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Terminal Server Network Provider
    ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
    NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-114:cool: NT LM UI Common Code - GUI Classes
    NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-114:cool: NT LM UI Common Code - Networking classes
    NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-114:cool: Net Remote Admin Protocol DLL
    davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-114:cool: Web DAV Client DLL
    printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) Print UI DLL
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
    ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-114:cool: ADs Router Layer DLL
    adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
    CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-114:cool: Configuration Manager Forwarder DLL
    fxsst.dll 68df0000 573440 C:\WINDOWS\System32\fxsst.dll 5.2.1776.1023 Fax Service
    FXSAPI.dll 69010000 458752 C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.1023 Microsoft Fax API Support DLL
    NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA provider
    idle.dll 10000000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll 1, 0, 0, 1 idle
    XAHook.dll 930000 57344 C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll 1, 0, 0, 1008 XAHook Dynamic Link Library
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows(TM) Telephony API Client DLL
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-114:cool: Routing Utilities
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-114:cool: Shell Doc Object and Control Library
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
    DUSER.dll 6c1b0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
    HKNTDLL.dll 1c000000 24576 C:\WINDOWS\HKNTDLL.dll
    WMVCore.DLL 8530000 2084864 C:\WINDOWS\System32\WMVCore.DLL 9.00.00.2980 built by: lab03_dev(bld4act) Windows Media Playback/Authoring DLL
    WMASF.DLL 7260000 233472 C:\WINDOWS\System32\WMASF.DLL 9.00.00.2980 built by: lab03_dev(bld4act) Windows Media ASF DLL
    msdmo.dll 31e0000 28672 C:\WINDOWS\System32\msdmo.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
    events.dll 18d0000 147456 C:\Program Files\Trillian\events.dll
    rarext.dll 1a40000 176128 C:\Program Files\WinRAR\rarext.dll
    tds3shl.dll 18b0000 32768 C:\WINDOWS\System32\tds3shl.dll 1, 0, 0, 1 TDS Shell Extension
    NavShExt.dll 1960000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll 9.05.15 Norton AntiVirusNAVShellExt Module
    ccTrust.dll 1a10000 106496 C:\WINDOWS\System32\ccTrust.dll 1.0.10.002 Common Client ccTrust
    MSVCP60.dll 55900000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll 5.131.2600.0 (xpclient.010817-114:cool: Crypto Network Related API
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Socket 32-Bit DLL
    mswsock.dll 71a50000 241664 C:\WINDOWS\System32\mswsock.dll 5.1.2600.0 (xpclient.010817-114:cool: Microsoft Windows Sockets 2.0 Service Provider
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-114:cool: LDAP RnR Provider DLL
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-114:cool: Remote Access AutoDial Helper
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-114:cool: Windows Sockets Helper DLL
    nvshell.dll 32b0000 458752 C:\WINDOWS\System32\nvshell.dll 6.14.10.5664 NVIDIA Desktop Explorer, Version 56.64
    zipfldr.dll 73380000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1126 (xpsp2.020921-0842) Compressed (zipped) Folders
    ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-114:cool: ActiveX Interface Marshaling Library
    asfsipc.dll 70eb0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
    MSISIP.DLL 605f0000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
    wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
    ScrTrust.dll 890000 53248 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll 1, 1, 0, 126 ScriptBlocking Trust Verifier
    MCPS.DLL 365a0000 86016 C:\PROGRA~1\MI1933~1\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub



    --------------




    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll
    SSSensor.dll 6330000 86016 C:\WINDOWS\System32\SSSensor.dll
    msi.dll 2380000 2101248 C:\WINDOWS\System32\msi.dll
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
    idle.dll 10000000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll
    XAHook.dll 26b0000 57344 C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    HKNTDLL.dll 1c000000 24576 C:\WINDOWS\HKNTDLL.dll
    netapi32.dll 71c20000 319488 C:\WINDOWS\System32\netapi32.dll
    MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll
    drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll
    ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll
    NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll
    NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll
    NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll
    davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll
    MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll
    ODBC32.dll 27d0000 204800 C:\WINDOWS\System32\ODBC32.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    iphlpapi.dll 76d60000 94208 C:\WINDOWS\System32\iphlpapi.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    scrauth.dll 31b0000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 32e0000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll
    Flash.ocx 3e70000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx
    ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll
    DDRAW.dll 51000000 315392 C:\WINDOWS\System32\DDRAW.dll
    DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll
    imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
    dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll
    ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL
    vbscript.dll 73300000 479232 c:\windows\system32\vbscript.dll
    msxml3.dll 72e00000 1134592 C:\WINDOWS\System32\msxml3.dll
    WMP.DLL 7680000 4763648 C:\WINDOWS\System32\WMP.DLL
    MSVFW32.dll 73bd0000 131072 C:\WINDOWS\System32\MSVFW32.dll
    wmploc.dll 8110000 2940928 C:\WINDOWS\System32\wmploc.dll
    wmpdxm.dll 8830000 229376 C:\WINDOWS\System32\wmpdxm.dll
    wmvcore.dll 8530000 2084864 C:\WINDOWS\System32\wmvcore.dll
    WMASF.DLL 7260000 233472 C:\WINDOWS\System32\WMASF.DLL
    wmnetmgr.dll 72b0000 1007616 C:\WINDOWS\System32\wmnetmgr.dll
    msv1_0.dll 76d10000 118784 C:\WINDOWS\system32\msv1_0.dll
    wdigest.dll 74380000 61440 C:\WINDOWS\system32\wdigest.dll
    MPRAPI.dll 76d40000 90112 C:\WINDOWS\System32\MPRAPI.dll
    ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll
    adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll
    quartz.dll 35500000 2129920 C:\WINDOWS\system32\quartz.dll
    msdmo.dll 71e0000 28672 C:\WINDOWS\System32\msdmo.dll
    DSOUND.DLL 51080000 368640 C:\WINDOWS\System32\DSOUND.DLL
    KsUser.dll 5ef80000 16384 C:\WINDOWS\System32\KsUser.dll
    HLINK.DLL 76820000 77824 C:\WINDOWS\System32\HLINK.DLL
    MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL
    msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll
    schannel.dll 767f0000 147456 C:\WINDOWS\System32\schannel.dll
    dssenh.dll ffa0000 135168 C:\WINDOWS\System32\dssenh.dll
    plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx
    iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll
    WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV
    mscoree.dll 79170000 155648 C:\WINDOWS\System32\mscoree.dll
    mscorie.dll 79410000 86016 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    MSVCR71.dll 7c340000 352256 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
    mscorld.dll 79480000 98304 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    events.dll 2180000 147456 C:\Program Files\Trillian\events.dll
    ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll
    mshtmler.dll 608b0000 65536 C:\WINDOWS\System32\mshtmler.dll
    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll
    msi.dll 2390000 2101248 C:\WINDOWS\System32\msi.dll
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    SSSensor.dll 6330000 86016 C:\WINDOWS\System32\SSSensor.dll
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
    events.dll 10000000 147456 C:\Program Files\Trillian\events.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    idle.dll 27c0000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll
    XAHook.dll 27d0000 57344 C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    scrauth.dll 2a50000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 2a80000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll
    dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll
    ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL
    ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll
    DDRAW.dll 51000000 315392 C:\WINDOWS\System32\DDRAW.dll
    DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll
    dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll
    MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL
    msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll
    DAPIE.DLL 2af40000 65536 C:\PROGRA~1\DAP\DAPIE.DLL
    MFC42.DLL 6c370000 991232 C:\PROGRA~1\DAP\MFC42.DLL
    HKNTDLL.dll 1c000000 24576 C:\WINDOWS\HKNTDLL.dll
    ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL
    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll
    kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll
    msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll
    USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll
    GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll
    ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll
    SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll
    SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll
    comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
    SHELL32.dll 773d0000 8331264 C:\WINDOWS\system32\SHELL32.dll
    comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll
    ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll
    uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll
    BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll
    browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll
    appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll
    CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL
    OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll
    COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll
    VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll
    WININET.dll 63000000 614400 C:\WINDOWS\system32\WININET.dll
    CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll
    MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll
    Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll
    cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll
    CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll
    SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll
    urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll
    mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll
    shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll
    MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll
    msi.dll 2390000 2101248 C:\WINDOWS\System32\msi.dll
    SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL
    SSSensor.dll 6330000 86016 C:\WINDOWS\System32\SSSensor.dll
    msimtf.dll 746f0000 155648 C:\WINDOWS\System32\msimtf.dll
    MSCTF.dll 74720000 278528 C:\WINDOWS\System32\MSCTF.dll
    MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL
    IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL
    msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll
    events.dll 10000000 147456 C:\Program Files\Trillian\events.dll
    WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll
    comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll
    idle.dll 27d0000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll
    XAHook.dll 27e0000 57344 C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll
    HKNTDLL.dll 1c000000 24576 C:\WINDOWS\HKNTDLL.dll
    netapi32.dll 71c20000 319488 C:\WINDOWS\System32\netapi32.dll
    MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll
    drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll
    ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll
    NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll
    NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll
    NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll
    SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll
    davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll
    MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll
    USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll
    WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll
    ODBC32.dll 2900000 204800 C:\WINDOWS\System32\ODBC32.dll
    odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll
    wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv
    msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv
    MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll
    midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll
    wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll
    WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll
    WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll
    mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll
    RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL
    rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll
    TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll
    rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll
    wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll
    DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll
    winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll
    WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll
    sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll
    rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll
    scrauth.dll 30b0000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
    ScrBlock.dll 31e0000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
    wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll
    IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll
    rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll
    cryptnet.dll 73d50000 65536 C:\WINDOWS\System32\cryptnet.dll
    jscript.dll 6b700000 589824 c:\windows\system32\jscript.dll
    mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll
    mshtmler.dll 608b0000 65536 C:\WINDOWS\System32\mshtmler.dll




    ------------------


    Logfile of HijackThis v1.97.7
    Scan saved at 18:46:58, on 15.4.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\mHotkey.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\oDC\oDC.exe
    C:\Program Files\Semagic\LiveJournalU.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Ragnar Sigurður\Desktop\Downloads\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bt.is/
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Power Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bt.is/
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://support.vugames.com/betasubmission/sysinfo/Si.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37925.069849537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553532000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7D6564E-6CA3-43CD-BF54-10E63418825C}: NameServer = 212.30.200.200 194.105.224.1






    Here we go. :) And again, thanks so much for all this help!


    p.s.
    Sorry if this comes out as a double post; I hit 'reply'.. then stopped quickly when I realized I hadn't put in my user name. Hope this works. :)
     
  17. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    the only thing I can find strange in any of the logs is this
    HKNTDLL.dll 1c000000 24576 C:\WINDOWS\HKNTDLL.dll

    I can't find what C:\WINDOWS\HKNTDLL.dll belongs to

    there are only 3 references to it on the net so that always makes me suspect something

    please copy C:\WINDOWS\HKNTDLL.dll and send it to me at submit@thespykiller.co.uk so I can look at it and se if it is good or bad

    please include a short note referring to this thread

    don't do anything else to it yet, it probably belongs to a game or something
     
  18. Whispy_Thing

    Whispy_Thing Guest

  19. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I've got it

    I'm not sure what it is so I'm sending it off for further analysis and will let you know as soon as I do
     
  20. Whispy_Thing

    Whispy_Thing Guest

    Thanks man, both of ya. =)

    Take your time. :)
     
  21. Whispy_Thing

    Whispy_Thing Guest

    Hey!

    I just wanted to say thanks to both of you for all the help! I found out that the sneaky bugger was my POP-UP stopper. Do I feel stupid? Yes! :p

    I'm very sorry for taking so much off of your time, and I'm very grateful for all the help you gave!

    I definately owe both of you a beer. ;)

    Cheers.
     
  22. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Whispy_Thing,

    I am just glad you figured it out ;) :cool: .....

    Regards,
    Kent
     
  23. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    After a lot of digging around and pulling that file apart it probably is a keyboard driver

    can't be 100% positive, but that's the consensus
     
  24. Whispy_Thing

    Whispy_Thing Guest


    Is it safe to delete? I thought the sneaky window was the Panicware Pop-Up Stopper, but now that I've uninstalled it.. the thing seems to be BACK. It sneaks into the alt+tab bar and just sits there. I'm started to get freaked that maybe it's a trojan or a keylogger or something uncool like that. SpySweeper, Ad-Aware, SpyBot S&D and TDS-3 don't find any thing at all...nor does Norton AntiVirus.

    You think it could be that driver? :/


    Sorry for bothering you guys again, heh. :)
     
  25. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    it looks like it could be a keyboard driver

    the way to test if it's needed is to rename the file C:\WINDOWS\HKNTDLL.dll to C:\WINDOWS\HKNTDLL.bak and if you find the keyboard has problems or special keys don't work, then rename it back

    otherwise leave it renamed for a few weeks and see if any program screams about missing the file
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.