Hi there. I posted this in the XP forum before I read the mod's request to post these issues here. I haven't received any responses, so I'm hoping to have better luck here. Anyway, my computer (P4, XP Home with all the patches I know of, with Norton AntiVirus 2002 with definitions less than a week old, and with SpyBot) woke up last week (I had surfed the net the night before) and decided it was missing several dll's and refused to run various programs. Now I don't think I had visited any sites that would cause this but who knows. I can't get on the internet, NAV is disabled, I can't use my CD burner (it still runs most CD-ROMs), I can't right click on MyComputer to pull up properties, I can't run Search, etc. The missing dlls (that I know of) are as follows: mso97.dll - possibly related to MS Office 97 that is on my puter rundll32.exe - apparently this one is real important for just about everything rtutils.dll - this one seems pretty important too shfolder.dll - norton related? msacm32.dll - norton related? ACTIVEDS.dll - this came up when I tried to print from regedit I have spent the last few days in my spare time trying to research this problem to find out how to fix it and came across this site. I ran SpyBot and it didn't come up with any bots so to speak. So here's my HijackThis log: Logfile of HijackThis v1.97.7 Scan saved at 10:08:56 PM, on 12/8/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\QUICKENW\QAGENT.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\WINDOWS\System32\mrtMngr.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\Program Files\Common Files\Sonic Shared\cinetray.exe C:\Program Files\Palm\HOTSYNC.exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ptools\SPYBOT~1.1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [CookieCop] C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.exe O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O4 - Global Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab Unfortunately, my computer came with XP preloaded, so I don't have the XP CDs, only two recovery disks by the manufacturer, VPR from BestBuy. Any help with this would be most appreciated. Joe PS FYI I ran Stinger and it didn't find anything either.

It looks pretty clean to me.... You may not be infected, it may be a conflict. Did you make ESPN your start page? If not fix this one.. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ And this has the spelling jitters; fix this one. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab There are other items that may be causing conflict or may be undesirable; without being serious malware...any of these may be one too many startups... O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: SoftStuff Wallpaper Changer.lnk = C:\Program Files\SoftStuff\softstrt.exe O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ? O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe [some others also, if that doesn't help fix the problem] Reboot and then, close all browsers, and rescan with HijackThis and repost here. Btw, for downloads http://www.dll-files.com/dllindex/index.shtml plus “dll world” for pretty much anything in dlls, http://dll.yaroslavl.ru/ including Russian brides…..

Thanks for the tips, Iceblue. I'll try them tonight. To "fix" them, do I just check the appropriate boxes in HijackThis? I don't think my wife would probably not be too thrilled if I came home with a Russian bride, though.

heh heh - give them a miss then. Yes, you simply check the box and click Fix Checked. Always check to see is Backups have been enabled. Click Config>>> and check the backups box. Often there are times you might want to restore an item.

Well, I didn't have time last night, so hopefully I'll have time this weekend to give it a shot. That Russian site does have just about every dll. One thing I realized, is why I don't just get the dll's off my computer here at work? All the ones I know I need, I found on here. If my home runs XP and my work runs 2000, but the dll is named the same, is that ok? Thanks for all the help, Iceblue.

looks good to me, but I'm not a .dll freak..