Hello from Switzerland.
My start page has been changed to C:\spex\start.html
Duly, I have run CWS shredder (newest version, adaware and spybot)
Help would be apreciated

That's the hijackthis logfile:

Logfile of HijackThis v1.97.7
Scan saved at 22:19:03, on 24.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\WINDOWS\Dit.exe
C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\McAfee\McAfee VirusScan\VsStat.exe
C:\Programme\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\McAfee\McAfee VirusScan\Webscanx.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/atel/index_d.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O14 - IERESET.INF: START_PAGE_URL=http://dech7.hpwis.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7885.4300925926

First:
Please Download CoolWebShredder, from
http://www.merijn.org/files/cwshredder.zip
http://www.zerosrealm.com/downloads/CWShredder.zip

Extract CWShredder to its own folder,

Reboot in Safe Mode*** and run the program.

Be sure all open windows are closed.

Click the 'Fix ->' button.

Make sure you let it fix all CWS Remnants.

Afterwards Reboot.


Second:
Download the latest version of Adaware (get the free edition)
http://www.lavasoft.de/software/adaware/
(choose download from the lefthand menu)

Go to: Select Full Install and choose the download location of your choice (1.7mb)
Choose Download from http://fileforum.betanews.com/detail.php3?fid=965718306 <--(I found FileForum easiest)

Be sure to UPDATE BEFORE SCANNING FIRST!! That is a very important step and I have included easy directions.

After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # :01R323 20.06.2004 or higher listed.

Next, go to Settings (the gear icon at the top) and then *Scanning* and checkmark these items so they will be green:
Scan within archives
Scan my IE Favorites for banned URLS
Scan my hosts file

Then click *proceed* to save settings.

Click on *Tweak* next. And checkmark to make this green also:
Automatically try to unregister objects prior to deletion

Click on *proceed*

Next, from the main screen, click on *Start* (lower righthand corner) and put a dot in the box next to *use Custom scanning options*, then click *Next* to start your scan.

Checkmark any items found after scanning to remove (this will actually put them in quarantine and can recover from backup if any should not be removed).

Reboot your PC after cleaning with Adaware and scan again. Repeat the process until no further items are found as bad.

Run HiJackThis and post a new log in this thread.

I did all what you said.

The new hijack log file is
Logfile of HijackThis v1.97.7
Scan saved at 17:22:30, on 25.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\WINDOWS\Dit.exe
C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Nikon\NkView5\NkvMon.exe
C:\Programme\McAfee\McAfee VirusScan\VsStat.exe
C:\Programme\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programme\McAfee\McAfee VirusScan\Webscanx.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/atel/index_d.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O14 - IERESET.INF: START_PAGE_URL=http://dech7.hpwis.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7885.4300925926

What now?

Check the following items in HiJackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s


Close all open windows except HiJackThis and press 'Fix Checked'.

Reboot.

Run HiJackThis again and post a new log in this thread.

I scanned and fixed with Hijackthis the lines that you mentioned. Those lines disappear at a consecutive run of Hijackthis, but as soon as I open a second IE window those lines reappear again. That means they cannot be eliminated by Hijackthis. Do you have another idea?
When I eliminated those lines Spybot asked if it should allow the change from spex to blank for the start page. I told it yes and to remember.

Logfile of HijackThis v1.97.7
Scan saved at 19:31:20, on 26.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\WINDOWS\Dit.exe
C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Nikon\NkView5\NkvMon.exe
C:\Programme\McAfee\McAfee VirusScan\VsStat.exe
C:\Programme\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programme\McAfee\McAfee VirusScan\Webscanx.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/atel/index_d.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O14 - IERESET.INF: START_PAGE_URL=http://dech7.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/atel/index_d.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O14 - IERESET.INF: START_PAGE_URL=http://dech7.hpwis.com



Anymore good ideas against myexexex?

THe Myexexex infection is a variety of CoolWebSearch and the Shredder should remove it.

Run CWShredder again in Safe Mode, then post a new HiJackThis log in this thread.

Well, up to now we have not been extremely successful. I ran CWShredder in the safe mode (it only restored 3 Internet pages), than I ran hijackthis again (myexexex was gone), then I opened an IE window again and that is what the hijackthis log looks, now.

Logfile of HijackThis v1.97.7
Scan saved at 21:22:23, on 26.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programme\CyberLink\PowerVCRII\Agent.exe
C:\WINDOWS\Dit.exe
C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\DitExp.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Nikon\NkView5\NkvMon.exe
C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/atel/index_d.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O14 - IERESET.INF: START_PAGE_URL=http://dech7.hpwis.com

Is there still hope?
While doing this I deactivated McAfee. Should I also deactivat Spybot?

It would appear that sometihng is pulling the infection back. Time to go searching:

Download pv.zip from here:
www.zerosrealm.com/downloads/pv.zip


Unzip it and open the PV folder.
Double Click on runme.bat.

Select Option 2 and post the log in this thread.

Select Option 8, then Option 4 and post that log in this thread.

Select Option 8, then Option 6 and post that log in this thread.

I will watch for the logs.

Thank you for your help. Things are getting complicated. I hope I did everything alright.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER]

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{237AA178-C3BC-4f67-A8BB-D8BC14BA0B89}]
"clsid"="{237AA178-C3BC-4f67-A8BB-D8BC14BA0B89}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
"clsid"="{869EE607-5376-486d-8DAC-EDC8E239AD5F}"


Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Programme\Internet Explorer\IEXPLORE.EXE 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f40000 712704 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL für NT-Layer
kernel32.dll 77e40000 1015808 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Client-DLL für Windows NT-Basis-API
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Client-DLL für Windows XP USER-API
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77da0000 638976 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Erweitertes Windows 32 Base-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell Light-weight Utility Library
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Bibliothek für Shell-Dokumente und -Steuerelemente
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773a0000 8372224 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Allgemeine Windows-Shell-DLL
comctl32.dll 77310000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE für Windows
MSCTF.dll 746a0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF-Server-DLL
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser UI-Bibliothek
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI-Bbibliothek
appHelp.dll 75ee0000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 770f0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
COMRes.dll 77010000 864256 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
SETUPAPI.dll 76620000 950272 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup-API
UxTheme.dll 5b0f0000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme-Bibliothek
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Interneterweiterungen für Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Krypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Clientseitige Cachebenutzeroberfläche
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offlinenetzwerk-Agent
googletoolbar2.dll 10000000 786432 c:\programme\google\googletoolbar2.dll 2, 0, 111, 0 Google IE Client Toolbar
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-Erweiterung für Win32
WSOCK32.dll 71a30000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket-32-Bit-DLL
WS2_32.dll 71a10000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a00000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper für Windows NT
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Vertrauensverifizierungs-APIs
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API-DLL
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
RASAPI32.DLL 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71ba0000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows™ Telefonie-API-Client-DLL
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
sensapi.dll 72240000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a10000 684032 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
AcroIEHelper.dll 2060000 45056 C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SDHelper.dll 2240000 765952 C:\Programme\Spybot - Search & Destroy\SDHelper.dll 1, 3, 0, 12 Bad download blocker
olepro32.dll 5f1a0000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL
something.dll 2410000 61440 C:\WINDOWS\System32\something.dll
c_10230.dll 2530000 69632 C:\WINDOWS\System32\c_10230.dll
shdoclc.dll 76110000 581632 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Bibliothek für Shell-Dokumente und -Steuerelemente
mlang.dll 746f0000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Microsoft ® HTML Viewer
msi.dll 2f10000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SXS.DLL 75e30000 688128 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
msimtf.dll 74670000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
MSLS31.DLL 74640000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76330000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
msohev.dll 32520000 73728 C:\Programme\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
Wbhook32.dll 11c00000 253952 C:\Programme\McAfee\McAfee VirusScan\Wbhook32.dll 6.02.1019.1 Web Hook
WbhkRes.dll 21d0000 40960 C:\Programme\McAfee\McAfee VirusScan\Res00\WbhkRes.dll 6.02.1019.1 Resources for Web Hook
NAKRNL32.DLL 21e0000 73728 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAKRNL32.DLL 6.0.0.472 Kernel Services DLL
NAUTIL32.DLL 33c0000 196608 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAUTIL32.DLL 6.0.0.472 Utility Services DLL
MPR.dll 71a80000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Router-DLL für Mehrfachanbieter
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL für gemeinsame Dialoge
naUtlRes.dll 2220000 20480 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naUtlRes.dll 6.0.0.472 Core Resources DLL
MCSCAN32.DLL 12000000 1839104 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL 4.3.20 AV Scanning Engine
naARCHIV.DLL 35f0000 319488 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\naARCHIV.DLL 6.0.0.472 Compressed File Services DLL
LZ32.dll 73dc0000 12288 C:\WINDOWS\system32\LZ32.dll 5.1.2600.0 (xpclient.010817-1148) LZ Expand/Compress API DLL
NAEVENT.DLL 3750000 167936 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAEVENT.DLL 6.0.0.472 Client Event Interface DLL
MSWSOCK.dll 719b0000 245760 C:\WINDOWS\System32\MSWSOCK.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0-Dienstanbieter
naEvtRes.dll 3890000 28672 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naEvtRes.dll 6.0.0.472 Client Event Interface Resources
VsUtil.dll 11400000 233472 C:\Programme\McAfee\McAfee VirusScan\VsUtil.dll 6.02.1019.1 VirusScan Utilities
VsutlRes.dll 39b0000 77824 C:\Programme\McAfee\McAfee VirusScan\Res00\VsutlRes.dll 6.02.1019.1 Resources for VirusScan Utilities
NTClient.dll 11d00000 106496 C:\Programme\McAfee\McAfee VirusScan\NTClient.dll
Syncutil.dll 11a00000 274432 C:\Programme\McAfee\McAfee VirusScan\Syncutil.dll 6.02.1019.1 VirusScan Data Layer
ResDll.dll 11700000 475136 C:\Programme\McAfee\McAfee VirusScan\Res00\ResDll.dll 6.02.1019.1 VirusScan Resources
AvParam.dll 13000000 53248 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\AvParam.dll 4.3.20 AV Scanning Engine
MSJAVA.dll 7c000000 958464 C:\WINDOWS\System32\MSJAVA.dll 5.00.3810 Microsoft® VM
VMHELPER.DLL 7c520000 294912 C:\WINDOWS\System32\VMHELPER.DLL 5.00.3810 Microsoft® Virtual Machine Helper Library für Java
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Soundmapper
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM-Audiofilter
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-Mapper
wshtcpip.dll 719f0000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76ee0000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76f70000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP-API-DLL
rasadhlp.dll 76f80000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll 5.6.0.8513 Microsoft ® JScript
mshtmled.dll 74c30000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft ® HTML Editing Component
actxprxy.dll 71cc0000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
dispex.dll 6d140000 45056 C:\WINDOWS\System32\dispex.dll 5.6.0.6626 Microsoft ® DispEx
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Programme\Internet Explorer\IEXPLORE.EXE 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f40000 712704 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL für NT-Layer
kernel32.dll 77e40000 1015808 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Client-DLL für Windows NT-Basis-API
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Client-DLL für Windows XP USER-API
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77da0000 638976 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Erweitertes Windows 32 Base-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell Light-weight Utility Library
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Bibliothek für Shell-Dokumente und -Steuerelemente
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773a0000 8372224 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Allgemeine Windows-Shell-DLL
comctl32.dll 77310000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE für Windows
MSCTF.dll 746a0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF-Server-DLL
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser UI-Bibliothek
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI-Bbibliothek
appHelp.dll 75ee0000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 770f0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
COMRes.dll 77010000 864256 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
SETUPAPI.dll 76620000 950272 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup-API
UxTheme.dll 5b0f0000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme-Bibliothek
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Interneterweiterungen für Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Krypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
googletoolbar2.dll 10000000 786432 c:\programme\google\googletoolbar2.dll 2, 0, 111, 0 Google IE Client Toolbar
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-Erweiterung für Win32
WSOCK32.dll 71a30000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket-32-Bit-DLL
WS2_32.dll 71a10000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a00000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper für Windows NT
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Vertrauensverifizierungs-APIs
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API-DLL
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
RASAPI32.DLL 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71ba0000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows™ Telefonie-API-Client-DLL
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
sensapi.dll 72240000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a10000 684032 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
AcroIEHelper.dll 2060000 45056 C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SDHelper.dll 2240000 765952 C:\Programme\Spybot - Search & Destroy\SDHelper.dll 1, 3, 0, 12 Bad download blocker
olepro32.dll 5f1a0000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL
something.dll 2410000 61440 C:\WINDOWS\System32\something.dll
c_10230.dll 2530000 69632 C:\WINDOWS\System32\c_10230.dll
shdoclc.dll 76110000 581632 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Bibliothek für Shell-Dokumente und -Steuerelemente
mlang.dll 746f0000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Microsoft ® HTML Viewer
msi.dll 2e10000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SXS.DLL 75e30000 688128 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
MSLS31.DLL 74640000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76330000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
msohev.dll 32520000 73728 C:\Programme\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
Wbhook32.dll 11c00000 253952 C:\Programme\McAfee\McAfee VirusScan\Wbhook32.dll 6.02.1019.1 Web Hook
WbhkRes.dll 21d0000 40960 C:\Programme\McAfee\McAfee VirusScan\Res00\WbhkRes.dll 6.02.1019.1 Resources for Web Hook
NAKRNL32.DLL 21e0000 73728 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAKRNL32.DLL 6.0.0.472 Kernel Services DLL
NAUTIL32.DLL 32c0000 196608 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAUTIL32.DLL 6.0.0.472 Utility Services DLL
MPR.dll 71a80000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Router-DLL für Mehrfachanbieter
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL für gemeinsame Dialoge
naUtlRes.dll 2220000 20480 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naUtlRes.dll 6.0.0.472 Core Resources DLL
MCSCAN32.DLL 12000000 1839104 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL 4.3.20 AV Scanning Engine
naARCHIV.DLL 34f0000 319488 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\naARCHIV.DLL 6.0.0.472 Compressed File Services DLL
LZ32.dll 73dc0000 12288 C:\WINDOWS\system32\LZ32.dll 5.1.2600.0 (xpclient.010817-1148) LZ Expand/Compress API DLL
NAEVENT.DLL 3650000 167936 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAEVENT.DLL 6.0.0.472 Client Event Interface DLL
MSWSOCK.dll 719b0000 245760 C:\WINDOWS\System32\MSWSOCK.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0-Dienstanbieter
naEvtRes.dll 3790000 28672 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naEvtRes.dll 6.0.0.472 Client Event Interface Resources
VsUtil.dll 11400000 233472 C:\Programme\McAfee\McAfee VirusScan\VsUtil.dll 6.02.1019.1 VirusScan Utilities
VsutlRes.dll 38b0000 77824 C:\Programme\McAfee\McAfee VirusScan\Res00\VsutlRes.dll 6.02.1019.1 Resources for VirusScan Utilities
NTClient.dll 11d00000 106496 C:\Programme\McAfee\McAfee VirusScan\NTClient.dll
Syncutil.dll 11a00000 274432 C:\Programme\McAfee\McAfee VirusScan\Syncutil.dll 6.02.1019.1 VirusScan Data Layer
ResDll.dll 11700000 475136 C:\Programme\McAfee\McAfee VirusScan\Res00\ResDll.dll 6.02.1019.1 VirusScan Resources
AvParam.dll 13000000 53248 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\AvParam.dll 4.3.20 AV Scanning Engine
MSJAVA.dll 7c000000 958464 C:\WINDOWS\System32\MSJAVA.dll 5.00.3810 Microsoft® VM
VMHELPER.DLL 7c520000 294912 C:\WINDOWS\System32\VMHELPER.DLL 5.00.3810 Microsoft® Virtual Machine Helper Library für Java
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Soundmapper
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM-Audiofilter
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-Mapper
wshtcpip.dll 719f0000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76ee0000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76f70000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP-API-DLL
rasadhlp.dll 76f80000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
jscript.dll 6b700000 589824 C:\WINDOWS\System32\jscript.dll 5.6.0.8513 Microsoft ® JScript
MSRATING.DLL 60320000 143360 C:\WINDOWS\System32\MSRATING.DLL 6.00.2800.1106 (xpsp1.020828-1920) Bibliothekdatei für Internetfilter und Verwaltung lokaler Benutzer
msratelc.dll 60350000 73728 C:\WINDOWS\System32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Bibliothekdatei für Internetfilter und Verwaltung lokaler Benutzer
actxprxy.dll 71cc0000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
imgutil.dll 66d10000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2800.1106 (xpsp1.020828-1920) IE plugin image decoder support DLL
pngfilt.dll 5e6e0000 45056 C:\WINDOWS\System32\pngfilt.dll 6.00.2800.1106 (xpsp1.020828-1920) IE PNG plugin image decoder
inetcpl.cpl 58d90000 319488 C:\WINDOWS\System32\inetcpl.cpl 6.00.2800.1106 (xpsp1.020828-1920) Internetsystemsteuerung
inetcplc.dll 66c50000 131072 C:\WINDOWS\System32\inetcplc.dll 6.00.2600.0000 (xpclient.010817-1148) Internetsystemsteuerung
dispex.dll 6d140000 45056 C:\WINDOWS\System32\dispex.dll 5.6.0.6626 Microsoft ® DispEx
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Programme\Internet Explorer\IEXPLORE.EXE 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f40000 712704 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL für NT-Layer
kernel32.dll 77e40000 1015808 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Client-DLL für Windows NT-Basis-API
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) Client-DLL für Windows XP USER-API
GDI32.dll 7e180000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77da0000 638976 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Erweitertes Windows 32 Base-API
RPCRT4.dll 78000000 552960 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell Light-weight Utility Library
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Bibliothek für Shell-Dokumente und -Steuerelemente
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773a0000 8372224 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Allgemeine Windows-Shell-DLL
comctl32.dll 77310000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 7ccc0000 1196032 C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE für Windows
MSCTF.dll 746a0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) MSCTF-Server-DLL
BROWSEUI.dll 71500000 1036288 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser UI-Bibliothek
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI-Bbibliothek
appHelp.dll 75ee0000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 7a170000 528384 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
OLEAUT32.dll 770f0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
COMRes.dll 77010000 864256 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
SETUPAPI.dll 76620000 950272 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup-API
UxTheme.dll 5b0f0000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme-Bibliothek
WININET.dll 63000000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Interneterweiterungen für Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Krypto-API32
MSASN1.dll 76240000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Clientseitige Cachebenutzeroberfläche
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offlinenetzwerk-Agent
googletoolbar2.dll 10000000 786432 c:\programme\google\googletoolbar2.dll 2, 0, 111, 0 Google IE Client Toolbar
urlmon.dll 1a400000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-Erweiterung für Win32
WSOCK32.dll 71a30000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket-32-Bit-DLL
WS2_32.dll 71a10000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a00000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper für Windows NT
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Vertrauensverifizierungs-APIs
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API-DLL
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
RASAPI32.DLL 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71ba0000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows™ Telefonie-API-Client-DLL
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
sensapi.dll 72240000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a10000 684032 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
AcroIEHelper.dll 2060000 45056 C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SDHelper.dll 2240000 765952 C:\Programme\Spybot - Search & Destroy\SDHelper.dll 1, 3, 0, 12 Bad download blocker
olepro32.dll 5f1a0000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL
something.dll 2410000 61440 C:\WINDOWS\System32\something.dll
c_10230.dll 2530000 69632 C:\WINDOWS\System32\c_10230.dll
shdoclc.dll 76110000 581632 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Bibliothek für Shell-Dokumente und -Steuerelemente
mlang.dll 746f0000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
mshtml.dll 63580000 2818048 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Microsoft ® HTML Viewer
msi.dll 2e10000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
SXS.DLL 75e30000 688128 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
msimtf.dll 74670000 155648 C:\WINDOWS\System32\msimtf.dll 5.1.2600.1106 (xpsp1.020828-1920) Active IMM Server DLL
MSLS31.DLL 74640000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76330000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
msohev.dll 32520000 73728 C:\Programme\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
Wbhook32.dll 11c00000 253952 C:\Programme\McAfee\McAfee VirusScan\Wbhook32.dll 6.02.1019.1 Web Hook
WbhkRes.dll 21d0000 40960 C:\Programme\McAfee\McAfee VirusScan\Res00\WbhkRes.dll 6.02.1019.1 Resources for Web Hook
NAKRNL32.DLL 21e0000 73728 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAKRNL32.DLL 6.0.0.472 Kernel Services DLL
NAUTIL32.DLL 32c0000 196608 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAUTIL32.DLL 6.0.0.472 Utility Services DLL
MPR.dll 71a80000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Router-DLL für Mehrfachanbieter
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL für gemeinsame Dialoge
naUtlRes.dll 2220000 20480 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naUtlRes.dll 6.0.0.472 Core Resources DLL
MCSCAN32.DLL 12000000 1839104 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\MCSCAN32.DLL 4.3.20 AV Scanning Engine
naARCHIV.DLL 34f0000 319488 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\naARCHIV.DLL 6.0.0.472 Compressed File Services DLL
LZ32.dll 73dc0000 12288 C:\WINDOWS\system32\LZ32.dll 5.1.2600.0 (xpclient.010817-1148) LZ Expand/Compress API DLL
NAEVENT.DLL 3650000 167936 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\NAEVENT.DLL 6.0.0.472 Client Event Interface DLL
MSWSOCK.dll 719b0000 245760 C:\WINDOWS\System32\MSWSOCK.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0-Dienstanbieter
naEvtRes.dll 3790000 28672 C:\Programme\Gemeinsame Dateien\Network Associates\McPal\Res0901\naEvtRes.dll 6.0.0.472 Client Event Interface Resources
VsUtil.dll 11400000 233472 C:\Programme\McAfee\McAfee VirusScan\VsUtil.dll 6.02.1019.1 VirusScan Utilities
VsutlRes.dll 38b0000 77824 C:\Programme\McAfee\McAfee VirusScan\Res00\VsutlRes.dll 6.02.1019.1 Resources for VirusScan Utilities
NTClient.dll 11d00000 106496 C:\Programme\McAfee\McAfee VirusScan\NTClient.dll
Syncutil.dll 11a00000 274432 C:\Programme\McAfee\McAfee VirusScan\Syncutil.dll 6.02.1019.1 VirusScan Data Layer
ResDll.dll 11700000 475136 C:\Programme\McAfee\McAfee VirusScan\Res00\ResDll.dll 6.02.1019.1 VirusScan Resources
AvParam.dll 13000000 53248 C:\Programme\Gemeinsame Dateien\Network Associates\VirusScan Engine\4.0.xx\AvParam.dll 4.3.20 AV Scanning Engine
MSJAVA.dll 7c000000 958464 C:\WINDOWS\System32\MSJAVA.dll 5.00.3810 Microsoft® VM
VMHELPER.DLL 7c520000 294912 C:\WINDOWS\System32\VMHELPER.DLL 5.00.3810 Microsoft® Virtual Machine Helper Library für Java
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71b90000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® LAN-Manager
NETUI0.dll 71c50000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT-LM-Benutzerschnittstellen-Standardcode - GUI-Klassen
NETUI1.dll 71c10000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c00000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71b70000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Client-DLL für Web DAV
MSGINA.dll 75910000 999424 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Windows-Anmeldungs-GINA-DLL
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
ODBC32.dll 4b50000 204800 C:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Ressourcen
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Soundmapper
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM-Audiofilter
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-Mapper
wshtcpip.dll 719f0000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76ee0000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76f70000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP-API-DLL
rasadhlp.dll 76f80000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
plugin.ocx 72a90000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shellerweiterungen für Freigaben
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking



Thank you once more


By the way, when I try to clean up the temporary internet files. The IE crashes. What should I do there?

Forget the last sentence. I managed to clean those files up manually. Thank you anyway.

Please zip and email these two file to me:
C:\WINDOWS\System32\something.dll
C:\WINDOWS\System32\c_10230.dll

mail to: Submit AT LoPhatPhuud.com (replace AT with @)

I sent you the requested files. Thank you so much.

I have the files and thank you.

Could you please do the following and post the results in this thread:

Please copy the text in the box below to Notepad and save it to your desktop as spex.bat.

Regedit /e spex.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions"
Start notepad.exe spex.txt
Exit

Double-click on the spex.bat file, and it will run and create a text document (spad.txt) on your desktop which will open in Notepad.
Copy and paste the contents of that entire file in this thread.


Also please search you hard drive for four files and advise if found and where.
c_10230.dll
hpcmdty.dll


Finally, if the folder c:\spex\ is on your hard drive, would you please zip and email it to me. Same address as before.
something.dll

I won't have time for 3 days to mess with that computer. You mentioned to look for four files but indicated only two. What are the others?

Sorry, started with four and ended up with two.