Shortcut HJT log

Discussion in 'adware, spyware & hijack cleaning' started by Lacey, Jun 10, 2004.

Thread Status:
Not open for further replies.
  1. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hi guys,
    I'm having trouble with casinopalazzo. I keep getting disconnected and a 'default' shortcut comes up on my desktop. I click on its properties and it shows "C:\Program Files\Internet
    Explorer\IEXPLORE.EXE"http://www.casinopalazzo.com/index.php?sourceid=101969.
    I deleted it but it kept coming back, disconnecting me every time. Also, I've found a new connection in my dial up networking, called rst, with the User name rst*AU.
    I've run adaware and spybot, and rebooted, checked again and it said my computer was clean, although I've left the shortcut on my desktop.
    Can someone please help me?
    TIA,
    Lacey


    Logfile of HijackThis v1.97.7
    Scan saved at 5:12:35 PM, on 10/06/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\ROXIO\WINONCD\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\DELAYRUN.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\HP INTERNET\SURFBOARD\SURFBRD.EXE
    C:\MY DOWNLOADS\HIGHJACKTHIS LOG.EXE\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\WinOnCD\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38045.7347916667
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photos.extrafilm.com.au/en/Photo/XUpload.ocx
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Lacey,

    Can you look for a file called sexxx.exe ?

    To block the traffic, download, unzip and run: http://members.aol.com/toadbee/hoster.zip

    In the *Add to hosts file* window type:
    127.0.0.1 www.casinopalazzo.com

    Then click *Add to Hosts file* button and the *Make Hosts ReadOnly* button.

    Then delete the shortcut. We will at least have accomplished that your computer can no longer contact their site.

    Regards,

    Pieter
     
  3. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hi Pieter,
    I just downloaded the file, but it says 'You do not appear to have a host file. Hoster will exit now'
    Forgive my ignorance, but I have no idea what to do! (Sorry!)

    Lacey o_O
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Lacey,

    Or download the attachment and save it as hosts (no extension) to the C:\WINDOWS folder
    I have already included the casinopalazzo entry.

    Regards,

    Pieter
     

    Attached Files:

  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    lets see if we can try and track down what might be installing it, there's no guarantees this will work but it's a chance we might fiind a hiodden file

    Download this file: http://tools.zerosrealm.com/pv.zip
    Please unzip it to the desktop. It will not work if you run it from inside the zip.
    After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat
    A dos window will open. Please select option 1 exploreer dlls and make and post thye log it makes, then please repeat with option 2 internet explorer dll and post that log

    Hopefully we might see the file that is causing this
     
  6. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    OK, I just did it. Thanks guys, I'll see how it goes.
    Cheers,
    Lacey :D
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Lacey,

    Could you follow dvk01's advise please?
    Not sure if you saw his last post.

    Regards,

    Pieter
     
  8. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hi dvk01,
    I did what you said, but the second one took me to my homepage, and when the log file came up there was nothing. Here's the first one though.

    Module information for 'EXPLORER.EXE'
    MODULE BASE SIZE PATH
    RNAUI.DLL 7f7e0000 159744 C:\WINDOWS\SYSTEM\RNAUI.DLL 4.90.3000 Dial-Up Networking User Interface
    SYNCUI.DLL 757d0000 180224 C:\WINDOWS\SYSTEM\SYNCUI.DLL 5.00.2136.1 Windows Briefcase
    YMMAPI.DLL 1b90000 155648 C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL 2003, 4, 16, 1 YMMAPI Module
    MSONSEXT.DLL 78990000 573440 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
    AVGSE.DLL 1b60000 49152 C:\PROGRAM FILES\GRISOFT\AVG6\AVGSE.DLL 6, 0, 0, 153 AVG Shell Extension module
    ASHSHELL.DLL 64f00000 24576 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSHELL.DLL 4, 1, 389, 0 avast! Shell Extension
    MSVCP70.DLL 7c080000 487424 C:\WINDOWS\SYSTEM\MSVCP70.DLL 7.00.9466.0 Microsoft® C++ Runtime Library
    MSVCR70.DLL 7c000000 344064 C:\WINDOWS\SYSTEM\MSVCR70.DLL 7.00.9466.0 Microsoft® C Runtime Library
    WZSHLSTB.DLL 16200000 24576 C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
    MSRATING.DLL 70400000 143360 C:\WINDOWS\SYSTEM\MSRATING.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
    MSRATELC.DLL 30000000 69632 C:\WINDOWS\SYSTEM\MSRATELC.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
    HHCTRL.OCX 5d300000 528384 C:\WINDOWS\SYSTEM\HHCTRL.OCX 4.74.8875 Microsoft® HTML Help Control
    IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
    PLUGIN.OCX 3520000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX
    DOCPROP2.DLL 7cb70000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
    AVIFIL32.DLL 7e460000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI File support library
    MSACM32.DLL 7a1e0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audio Compression Manager
    CRTDLL.DLL 7fb20000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
    MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
    WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
    DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
    DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
    DDRAW.DLL baaa0000 356352 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.07.00.0700 Microsoft DirectDraw
    FLASH.OCX 4460000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
    VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft (r) VBScript
    MESSMOD2.DLL 64000000 61440 C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\MESSMOD2.DLL 2001, 4, 18, 1 Messenger Module for Yahoo! Companion
    LINKINFO.DLL 7faa0000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.90.3000 Windows Volume Tracking
    MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component
    IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
    JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft (r) JScript
    IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
    DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
    ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
    SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
    ES.DLL 22b0000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library
    RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
    SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)
    ESTIER2.DLL 22d0000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library
    ESSHARED.DLL 39c0000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities
    SDHELPER.DLL 2d20000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
    OLEPRO32.DLL 77300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4515
    MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
    UPNP.DLL 75220000 114688 C:\WINDOWS\SYSTEM\UPNP.DLL 4.90.3000.1 Universal Plug and Play API
    SSDPAPI.DLL 759a0000 49152 C:\WINDOWS\SYSTEM\SSDPAPI.DLL 4.90.3000.1 SSDP Client API DLL
    AUHOOK.DLL 1460000 36864 C:\WINDOWS\SYSTEM\AUHOOK.DLL 5.4.1083.11 Microsoft AutoUpdate
    UPNPUI.DLL 75200000 69632 C:\WINDOWS\SYSTEM\UPNPUI.DLL 4.90.3000.1 UPNP Tray Monitor and Folder
    WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor
    YCOMP5_3_12_0.DLL 68000000 315392 C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL 2004, 1, 7, 1 Yahoo! Companion 5.3 for Internet Explorer
    WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
    SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
    WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
    IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
    CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
    NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
    CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
    WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
    LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
    ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
    IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
    MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
    SHDOCLC.DLL 1f50000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
    BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
    MYDOCS.DLL 77b80000 81920 C:\WINDOWS\SYSTEM\MYDOCS.DLL 5.50.4134.100 My Documents Folder UI
    MSI.DLL 22f0000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
    RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
    WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
    MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
    WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
    SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
    SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
    MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
    MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
    TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows(TM) Telephony API Client DLL
    NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
    NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
    MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
    ASWIDLE.DLL 64a00000 28672 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL 4, 0, 142, 0 avast! Idle Hook Library
    WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1400 Internet Extensions for Win32
    CRYPT32.DLL 7da90000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.3 Crypto API32
    MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
    MSHTML.DLL 63580000 2818048 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1400 Microsoft (R) HTML Viewer
    MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
    URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
    RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
    BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
    SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    MSGPLUSH1.DLL 10000000 1097728 C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUSH1.DLL 2, 54, 0, 75 Hook DLL
    COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
    AVCOMMEX.DLL 65800000 110592 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL
    OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
    OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
    IADHIDE.DLL 1480000 24576 C:\WINDOWS\TEMP\IADHIDE.DLL Version 5.5 SP1 (Build 5870R) IAdHide
    SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
    EXPLORER.EXE 400000 225280 C:\WINDOWS\EXPLORER.EXE 5.50.4134.100 Windows Explorer
    COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
    SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft (R) C Runtime Library
    USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
    GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
    ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
    KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component


    I have NO idea on earth what that means! Geez, I'm glad you guys are here!!
    Hope you can help.
    Lacey.
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    No nasties in there that I can see.

    That was the log for Explorer (option1)

    Could you post the one for IE as well please?

    Regards,

    Pieter
     
  10. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    To run option 2 in PV you need to have a Internet Explorer window open at the same time - Try that for the experts here please.
     
  11. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    Sorry Pieter - did not see you about to post - hope I helped.
     
  12. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hi Pieter,
    All it said was no matching processes found, then opened my homepage, and opened a blank log page.
    Regards,
    Lacey.
     
  13. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Sorry Chris, didn't see yours, LOL. I'll go try that now.
    Thanks,
    Lacey
     
  14. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Okay, I just tried it, and it did the same thing. o_O
    Regards,
    Lacey.
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Lacey,

    -Open your homepage
    -Double click on the runme.bat
    A dos window will open. Please select option 2 internet explorer dll and post that log

    Regards,

    Pieter
     
  16. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hey Pieter,
    I did that, and it still hasn't changed. There's just a blank log page. :doubt:
    Lacey
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Mighty strange, but maybe it's a sign we are on to something.

    Can you go to:
    http://www.turboware.com/WhatsHappening.htm
    and download and unzip What's Happening
    - Doubleclick Whatshappening.exe
    - Select IEXPLORE.EXE in the top window
    - Click Edit > Copy Branch to clipboard
    - Rightclick in your next post and choose Paste to post the log.

    Regards,

    Pieter
     
  18. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Umm, there's no IEXPLORE.EXE. There's EXPLORER.EXE, but no IE...should I be getting worried now, or just puzzled? ;)
    Regards,
    Lacey
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    That depends. If you have an IE window open, you can start to worry if nothing shows up.

    Regards,

    Pieter
     
  20. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hey Pieter,
    Okay, I have three windows open. There's my homepage, this one, and the Trojan page in What's Happening. (I got curious) Errr, now I'm worried, 'cause they're definitely running! What do you think?

    Lacey
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  22. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    Hi Pieter...I'm back.
    I downloaded the file, but when I click on it, it only comes up for about two seconds, then disappears. I sent it to the desktop and tried again, but no luck. I have my avast antivirus running right now though, could that have something to do with it?
    Computers...whaddya do with em?

    Lacey
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Try it like this:

    -Open a explorer window that looks inside the RKDetectorv0[1].62 folder
    - Start > Run > cmd > Ok
    - Drag and drop rkdetector.exe behind the command prompt and hit Enter to run it

    Then the window should stay open.

    Regards,

    Pieter
     
  24. Lacey

    Lacey Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    23
    Location:
    SA, Australia
    It says windows cannot find cmd. :doubt: I did a search for it, and there were quite a few files. Sorry 'bout all this, my computer hates me! :'(

    Lacey
     
  25. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hm. That last bit could be me expecting too much from Windows ME
    Not sure if the drag and drop will work to the DOS prompt.
    Try it Start > Programs > Accessories > MS-DOS Prompt

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.