myexexex.com and spad. please help

Discussion in 'adware, spyware & hijack cleaning' started by printerman, Jun 3, 2004.

Thread Status:
Not open for further replies.
  1. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Hi,
    I'm hoping someone will help me (like the other 90% of people on here!).
    My browser went beserk on saturday morning, lots of popups (i use freesurfer) which was unusual. Then my firewall asked do you want to connect to myexexex.com...which i said no!
    Then when going through explorer i found a C:spad directory (which i deleted), looked further found my internet options pointing to this file as my homepage. I've since had a casino site trying to redrect me....Its not going there 'cos of my firewall, and i've got my homepage locked to google with freesurfer. I've been reading on this forum(VVV Informative) but i'm a little out my depth here. I've got spybot (been using for a while),AVG which can now find two dialer 8.U trojans but everytime i take them off they re-apear.
    I've pre-downloaded the registry patch for the spad.reg clean up ('cos im 99.9% sure i'm going to need it!).
    SO, sorry for the waffle, what do i do now.....?
    Here is my log and thanks in advance for any help!!

    Logfile of HijackThis v1.97.7
    Scan saved at 17:40:54, on 03/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222B)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\FREE SURFER\FS20.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\E_SICN03.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\HIGHJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
    O4 - HKLM\..\Run: [KDA 2.0] C:\PROGRAM FILES\IRCPING KDA\KDA21.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [rundll] c:\windows\system32\info\rundll.bat
    O4 - HKLM\..\Run: [winenhancer] c:\windows\system32\info\smss.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  2. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Hello Printerman !

    Welcome to Wilders ! :)

    CAn you please download the file Pv.Zip from here..

    http://www.zerosrealm.com/downloads/pv.zip

    Unzip to folder and make sure you are online and have one explorer windows open (like startpage)

    Then doubleclick runme.bat, choose option 2 and post the log in a reply to be checked.

    With Thanks !
    Newkid !

    Cheers,
     
  3. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    WOW! Very impressed with the speedy response.

    Here's my log.


    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    MYDOCS.DLL 792f0000 69632 C:\WINDOWS\SYSTEM\MYDOCS.DLL 4.72.3510.2300 My Documents Folder UI
    MSI.DLL 3500000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
    MSONSEXT.DLL 79e60000 544768 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
    COMDLG32.DLL 7fe10000 184320 C:\WINDOWS\SYSTEM\COMDLG32.DLL 4.72.3510.2300 Common Dialogs DLL
    PLUGIN.OCX 1e10000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX
    ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
    WINMM.DLL bfdf0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.03.1998 System APIs for Multimedia
    IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
    WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.10.1998 Win32 WINSPOOL core component
    MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
    MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component
    JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.8513 Microsoft (r) JScript
    IMM32.DLL bfe20000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.10.1998 Win32 IMM32 core component
    MSHTML.DLL 63580000 2818048 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1400 Microsoft (R) HTML Viewer
    RNR20.DLL 783c0000 61440 C:\WINDOWS\SYSTEM\RNR20.DLL 4.10.2222 Windows Socket2 NameSpace DLL
    FSMO.DLL 48b0000 28672 C:\PROGRAM FILES\FREE SURFER\FSMO.DLL 1, 2, 0, 2 Mouse Hook
    SSSENSOR.DLL 6330000 86016 C:\WINDOWS\SYSTEM\SSSENSOR.DLL 5. 5. 0. 5 ScreenSaver Sensor
    SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
    MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider
    WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows
    MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs
    WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98
    MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
    SHDOCLC.DLL 1e30000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    C_10230.DLL 1790000 69632 C:\WINDOWS\SYSTEM\C_10230.DLL
    URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    SDHELPER.DLL ea0000 733184 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL
    OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518
    VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component
    SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service
    WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1405 Internet Extensions for Win32
    OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518
    CRYPT32.DLL 5cf00000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1878.12 Crypto API32
    RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL
    MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs
    BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
    BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
    AVGOERUN.DLL 10000000 45056 C:\PROGRAM FILES\GRISOFT\AVG6\AVGOERUN.DLL 6, 0, 0, 286 AVG extension for Outlook Express 5 helper
    OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT
    SHELL32.DLL 66800000 1396736 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3812.600 Windows Shell Common Dll
    IEXPLORE.EXE 400000 102400 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.00.2800.1106 Internet Explorer
    SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
    SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    USER32.DLL bff50000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2222 Win32 USER32 core component
    GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component
    ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component
    MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8924.0 Microsoft (R) C Runtime Library
    KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component
     
  4. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Hello Printerman !

    Please close down all window instances and have hijackthis fix the following entries :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [rundll] c:\windows\system32\info\rundll.bat
    O4 - HKLM\..\Run: [winenhancer] c:\windows\system32\info\smss.exe

    O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=


    The entry in blue color is optional to remove. It's associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system.

    Reboot your machine and boot into safe mode by tapping F8 key(8-9 times) at bootup.

    This may happen that file is hidden so first unhide the files using following instructions...
    http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=

    Search and If present, delete all the following file(s)..

    C:\Windows\system32\info\ <--- this folder
    C:\WINDOWS\SYSTEM\C_10230.DLL
    C:/Spad/ <- this folder

    Also do additional search for this file, and remove if present :

    HPCMDTY.DLL <-- this dll

    Reboot your machine and boot into normal mode. Rescan your machine with hijackthis and please show us a fresh log..

    With Thanks !
    Newkid !
     
  5. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Thats fantastic NewKid!!!

    To me the log file looks much better but i think you know a damn sight more about this than me!!!

    Here it is and thansk again.

    Logfile of HijackThis v1.97.7
    Scan saved at 15:12:50, on 04/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222B)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\FREE SURFER\FS20.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\E_SICN03.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HIGHJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
    O4 - HKLM\..\Run: [KDA 2.0] C:\PROGRAM FILES\IRCPING KDA\KDA21.EXE
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    Cheers

    Any tips an software for stopping this happening rather than fixing problems?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  7. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    I know you guys have got much better things to do than read this stuff, but cheers!!!! If i ever get the chance to get you a beer!!!

    P
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    You're wrong. We rather read a "thank you note" then another unhappy victims log. ;)

    Regards,

    Pieter
     
  9. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    hi,
    just tonight, browsing...locking at ebay actually. and then bang a redirection to myexexex.com.....bastard thing........i clicked to shut down explorer as soon as i saw the address....checked log file....there it is under c/ some dodgy dat file again....
    please help i can't handle this every week. Why does it happen.. i've got spybot 1.3 avg upto date sygate running, and spyblaster.
    Looking in the windows temp again there are a couple of dat progs, which i'm convinced are the problem as i have to block with my firewall

    Cheers.P
     
  10. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    sorry forgot the log

    Logfile of HijackThis v1.97.7
    Scan saved at 18:51:43, on 08/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222B)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\FREE SURFER\FS20.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\E_SICN03.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMP\JNBE.DAT
    C:\PROGRAM FILES\HIGHJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
    O4 - HKLM\..\Run: [KDA 2.0] C:\PROGRAM FILES\IRCPING KDA\KDA21.EXE
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    and from pv.


    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    MSHTMLER.DLL 70f10000 65536 C:\WINDOWS\SYSTEM\MSHTMLER.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component's Resource DLL
    WINMM.DLL bfdf0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.03.1998 System APIs for Multimedia
    IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
    WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.10.1998 Win32 WINSPOOL core component
    MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component
    MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
    JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.8513 Microsoft (r) JScript
    IMM32.DLL bfe20000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.10.1998 Win32 IMM32 core component
    MSHTML.DLL 63580000 2818048 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1400 Microsoft (R) HTML Viewer
    FSMO.DLL 48b0000 28672 C:\PROGRAM FILES\FREE SURFER\FSMO.DLL 1, 2, 0, 2 Mouse Hook
    RNR20.DLL 783c0000 61440 C:\WINDOWS\SYSTEM\RNR20.DLL 4.10.2222 Windows Socket2 NameSpace DLL
    MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider
    SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
    SSSENSOR.DLL 6330000 86016 C:\WINDOWS\SYSTEM\SSSENSOR.DLL 5. 5. 0. 5 ScreenSaver Sensor
    WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows
    MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs
    WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98
    MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
    SHDOCLC.DLL 2260000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    SDHELPER.DLL ea0000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
    OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518
    VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component
    SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service
    WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1405 Internet Extensions for Win32
    OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518
    CRYPT32.DLL 5cf00000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1878.12 Crypto API32
    RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL
    MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs
    BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
    BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
    AVGOERUN.DLL 10000000 45056 C:\PROGRAM FILES\GRISOFT\AVG6\AVGOERUN.DLL 6, 0, 0, 286 AVG extension for Outlook Express 5 helper
    OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT
    SHELL32.DLL 66800000 1396736 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3812.600 Windows Shell Common Dll
    IEXPLORE.EXE 400000 102400 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.00.2800.1106 Internet Explorer
    SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
    SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    USER32.DLL bff50000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2222 Win32 USER32 core component
    GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component
    ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component
    MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8924.0 Microsoft (R) C Runtime Library
    KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component
     
  11. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Printerman,

    Sorry to hear that hijacker is back again on your machine. :eek:

    Please go http://tools.zerosrealm.com/dllfix.exe and download the dllfix.

    Now, doubleclick on it and install in folder of choice but on the root drive, most likely C:\

    Now, Run start.bat and press option 1. A search will start, let it allow to finish. At the end, output.txt will be created in the newly made folder.

    Now, Copy and paste the complete contents of output.txt in a reply to be checked.

    With Thanks !
    Newkid !
     
  12. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Thanks again!

    It only operates with XP or 2000 i have 98!
     
  13. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    OOps... ;)

    Above all, before deleting the dat file which is present at your root drive(c:\) please send it at newkid01@hotmail.com

    Reboot your machine and boot into safe mode by tapping F8 key(8-9 times) at bootup.

    Now, Un-hide hidden files, Search and If present, delete all the instances of the following file(s)..

    C_10230.DLL
    HPCMDTY.DLL


    Also clean your Internet Cache( Temp, Temp. Internet folder and other ) and Empty your recyle bin.

    After doing so copypaste the text in the quote box into an empty notepad window :

    Now, Hit save as and save it as filename: solution.reg under the filename set to all types. Save it to the desktop.

    Doubleclick on solution.reg and click yes when asked to merge with registry!

    Restart again in normal mode.

    Hope this helps !

    With Thanks !
    Newkid !
     
  14. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    myexexex.com

    Hi,
    i've had this prob for a whiles noe,,,newkid has been helping but again tonight....redirection to myexexex.com and my firewall saying do i want to allow access with higm.dato_O WTF
     
  15. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  16. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Re: myexexex.com

    Yeah, i've been through all of that....i'm convinced its throu' an email....seems to happen whenever i get a mail off the girlfriends mother!
     
  17. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: myexexex.com

    Please do not start new threads for the same problem

    I've merged both threads so we can se what is happening more easily
     
  18. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: myexexex.com

    first do this to close trhe security hole that is letting these hijackers on
    go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    then run the pv file you used earlier again and this time I want to see the logs from both option 1 & option 2

    hopefully we might see the bad file

    make sure you don't let anything access the net


    let your firewal block any unknown entries
     
  19. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Sorry about the new thread!

    Okay here is log one and two.

    I checked for updates..no critical, i've also checked on spyblaster,avg,spybot S&D1.3, no updates.
    The dat file when scanned does say no virus...but i am honestly being redirected!

    Here is log 1 and two. I blocked all with sygate after the update check, and i do block anything that is untowrard.That is how i discovered the strange dat file in the first place! it was in the list!

    Thanks for your time!!

    P
     
  20. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Re: myexexex.com

    An extra note. I don't have any spad files anymore,,but i am redirected every 30mins of online activity.

    P
     
  21. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    Sorry again! Just to let you know i sent a copy of the dat file to newkid....but i deleted it before you started to help me so i can't resend.
     
  22. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    the logs sem to have gone missing,

    either copy & paste or attach as tewxt files, copy &n paste is easier though please
     
  23. printerman

    printerman Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    13
    opps!

    Module information for 'EXPLORER.EXE'
    MODULE BASE SIZE PATH
    SDHELPER.DLL 19e0000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
    OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518
    SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
    OCCACHE.DLL 1de0000 98304 C:\WINDOWS\SYSTEM\OCCACHE.DLL 6.00.2800.1106 Object Control Viewer
    NVSHELL.DLL 2c30000 446464 C:\WINDOWS\SYSTEM\NVSHELL.DLL 4.14.10.5304 NVIDIA Desktop Explorer, Version 53.04
    WINMM.DLL bfdf0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.03.1998 System APIs for Multimedia
    CRYPTEXT.DLL 7ed10000 57344 C:\WINDOWS\SYSTEM\CRYPTEXT.DLL 5.131.1877.3 Crypto Shell Extensions
    CRYPTUI.DLL 7ec80000 475136 C:\WINDOWS\SYSTEM\CRYPTUI.DLL 5.131.1877.4 Microsoft Trust UI Provider
    WINTRUST.DLL 18c0000 57344 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.1877.5 Microsoft Trust Verification APIs
    DOCPROP.DLL 7dae0000 77824 C:\WINDOWS\SYSTEM\DOCPROP.DLL 5.00.1897.1 OLE DocFile Property Page
    AVGSE.DLL 18b0000 49152 C:\PROGRAM FILES\GRISOFT\AVG6\AVGSE.DLL 6, 0, 0, 153 AVG Shell Extension module
    RAREXT.DLL 1930000 167936 C:\PROGRAM FILES\WINRAR\RAREXT.DLL
    QSFVSHLL.DLL 1890000 102400 C:\PROGRAM FILES\QUICKSFV\QSFVSHLL.DLL 2, 2, 2, 0 QuickSFV Shell Extension
    SHDOCLC.DLL 22c0000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    CFGMGR32.DLL 7f810000 45056 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.10.1998 Configuration Manager Win32 Interface
    NTDLL.DLL bfee0000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.10.1998 Win32 NTDLL core component
    URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component
    BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
    SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service
    FSMO.DLL 1970000 28672 C:\PROGRAM FILES\FREE SURFER\FSMO.DLL 1, 2, 0, 2 Mouse Hook
    IPHLPAPI.DLL 7c8e0000 32768 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 5.00.1717.2 IP Helper API
    MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider
    IPCFGDLL.DLL 7c900000 28672 C:\WINDOWS\SYSTEM\IPCFGDLL.DLL 5.00.1717.2 Ipconfig API DLL
    DHCPCSVC.DLL 7dd90000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
    ICMP.DLL 7ce10000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
    WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows
    MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs
    WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL
    WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1405 Internet Extensions for Win32
    CRYPT32.DLL 5cf00000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1878.12 Crypto API32
    MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs
    WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98
    SSSENSOR.DLL 6330000 86016 C:\WINDOWS\SYSTEM\SSSENSOR.DLL 5. 5. 0. 5 ScreenSaver Sensor
    NETAPI32.DLL 7f990000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.10.1998 32-bit network API DLL
    NETBIOS.DLL 7f840000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
    ES.DLL fc0000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library
    OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518
    SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)
    AVGOERUN.DLL 10000000 45056 C:\PROGRAM FILES\GRISOFT\AVG6\AVGOERUN.DLL 6, 0, 0, 286 AVG extension for Outlook Express 5 helper
    ESTIER2.DLL db0000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library
    ESSHARED.DLL dc0000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities
    LINKINFO.DLL 7fb80000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.10.1998 Windows Volume Tracking
    MPR.DLL 7fbf0000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.10.1998 WIN32 Network Interface DLL
    WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor
    MSI.DLL 950000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
    RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL
    MYDOCS.DLL 792f0000 69632 C:\WINDOWS\SYSTEM\MYDOCS.DLL 4.72.3510.2300 My Documents Folder UI
    SHD401LC.DLL 880000 61440 C:\WINDOWS\SYSTEM\SHD401LC.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat
    BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
    SHDOC401.DLL 50000000 503808 C:\WINDOWS\SYSTEM\SHDOC401.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat
    OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT
    SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    SHELL32.DLL 66800000 1396736 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3812.600 Windows Shell Common Dll
    EXPLORER.EXE 400000 180224 C:\WINDOWS\EXPLORER.EXE 4.72.3110.1 Windows Explorer
    COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
    SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8924.0 Microsoft (R) C Runtime Library
    USER32.DLL bff50000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2222 Win32 USER32 core component
    GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component
    ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component
    KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component


    Module information for 'IEXPLORE.EXE'
    MODULE BASE SIZE PATH
    MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider
    RNR20.DLL 783c0000 61440 C:\WINDOWS\SYSTEM\RNR20.DLL 4.10.2222 Windows Socket2 NameSpace DLL
    SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
    FSMO.DLL 1970000 28672 C:\PROGRAM FILES\FREE SURFER\FSMO.DLL 1, 2, 0, 2 Mouse Hook
    SSSENSOR.DLL 6330000 86016 C:\WINDOWS\SYSTEM\SSSENSOR.DLL 5. 5. 0. 5 ScreenSaver Sensor
    WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows
    MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs
    WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98
    MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
    SHDOCLC.DLL 22c0000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    SDHELPER.DLL 19e0000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
    OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518
    VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component
    SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service
    WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1405 Internet Extensions for Win32
    OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518
    CRYPT32.DLL 5cf00000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1878.12 Crypto API32
    RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL
    MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs
    BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
    BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
    AVGOERUN.DLL 10000000 45056 C:\PROGRAM FILES\GRISOFT\AVG6\AVGOERUN.DLL 6, 0, 0, 286 AVG extension for Outlook Express 5 helper
    OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT
    SHELL32.DLL 66800000 1396736 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3812.600 Windows Shell Common Dll
    IEXPLORE.EXE 400000 102400 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 6.00.2800.1106 Internet Explorer
    SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
    SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    USER32.DLL bff50000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2222 Win32 USER32 core component
    GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component
    ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component
    MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8924.0 Microsoft (R) C Runtime Library
    KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component
     
  24. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    there is nothing showing in either log, I'm a bit baffled

    we jaust need to wait for shadowwar to look in, I've sent him a few messages
     
Thread Status:
Not open for further replies.