Shortcut HJT log

Hi guys,
I'm having trouble with casinopalazzo. I keep getting disconnected and a 'default' shortcut comes up on my desktop. I click on its properties and it shows "C:\Program Files\Internet
Explorer\IEXPLORE.EXE"http://www.casinopalazzo.com/index.php?sourceid=101969.
I deleted it but it kept coming back, disconnecting me every time. Also, I've found a new connection in my dial up networking, called rst, with the User name rst*AU.
I've run adaware and spybot, and rebooted, checked again and it said my computer was clean, although I've left the shortcut on my desktop.
Can someone please help me?
TIA,
Lacey


Logfile of HijackThis v1.97.7
Scan saved at 5:12:35 PM, on 10/06/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ROXIO\WINONCD\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\HP INTERNET\SURFBOARD\SURFBRD.EXE
C:\MY DOWNLOADS\HIGHJACKTHIS LOG.EXE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\WinOnCD\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38045.7347916667
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photos.extrafilm.com.au/en/Photo/XUpload.ocx

 

Hi Lacey,

Can you look for a file called sexxx.exe ?

To block the traffic, download, unzip and run: http://members.aol.com/toadbee/hoster.zip

In the *Add to hosts file* window type:
127.0.0.1 www.casinopalazzo.com

Then click *Add to Hosts file* button and the *Make Hosts ReadOnly* button.

Then delete the shortcut. We will at least have accomplished that your computer can no longer contact their site.

Regards,

Pieter

 

Hi Pieter,
I just downloaded the file, but it says 'You do not appear to have a host file. Hoster will exit now'
Forgive my ignorance, but I have no idea what to do! (Sorry!)

Lacey

 

Hi Lacey,

Or download the attachment and save it as hosts (no extension) to the C:\WINDOWS folder
I have already included the casinopalazzo entry.

Regards,

Pieter

 

OK, I just did it. Thanks guys, I'll see how it goes.
Cheers,
Lacey

 

Hi Lacey,

Could you follow dvk01's advise please?
Not sure if you saw his last post.

Regards,

Pieter

 

Hi dvk01,
I did what you said, but the second one took me to my homepage, and when the log file came up there was nothing. Here's the first one though.

Module information for 'EXPLORER.EXE'
MODULE BASE SIZE PATH
RNAUI.DLL 7f7e0000 159744 C:\WINDOWS\SYSTEM\RNAUI.DLL 4.90.3000 Dial-Up Networking User Interface
SYNCUI.DLL 757d0000 180224 C:\WINDOWS\SYSTEM\SYNCUI.DLL 5.00.2136.1 Windows Briefcase
YMMAPI.DLL 1b90000 155648 C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL 2003, 4, 16, 1 YMMAPI Module
MSONSEXT.DLL 78990000 573440 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
AVGSE.DLL 1b60000 49152 C:\PROGRAM FILES\GRISOFT\AVG6\AVGSE.DLL 6, 0, 0, 153 AVG Shell Extension module
ASHSHELL.DLL 64f00000 24576 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSHELL.DLL 4, 1, 389, 0 avast! Shell Extension
MSVCP70.DLL 7c080000 487424 C:\WINDOWS\SYSTEM\MSVCP70.DLL 7.00.9466.0 Microsoft® C++ Runtime Library
MSVCR70.DLL 7c000000 344064 C:\WINDOWS\SYSTEM\MSVCR70.DLL 7.00.9466.0 Microsoft® C Runtime Library
WZSHLSTB.DLL 16200000 24576 C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
MSRATING.DLL 70400000 143360 C:\WINDOWS\SYSTEM\MSRATING.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
MSRATELC.DLL 30000000 69632 C:\WINDOWS\SYSTEM\MSRATELC.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
HHCTRL.OCX 5d300000 528384 C:\WINDOWS\SYSTEM\HHCTRL.OCX 4.74.8875 Microsoft® HTML Help Control
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
PLUGIN.OCX 3520000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX
DOCPROP2.DLL 7cb70000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
AVIFIL32.DLL 7e460000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI File support library
MSACM32.DLL 7a1e0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audio Compression Manager
CRTDLL.DLL 7fb20000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 356352 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.07.00.0700 Microsoft DirectDraw
FLASH.OCX 4460000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft (r) VBScript
MESSMOD2.DLL 64000000 61440 C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\MESSMOD2.DLL 2001, 4, 18, 1 Messenger Module for Yahoo! Companion
LINKINFO.DLL 7faa0000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.90.3000 Windows Volume Tracking
MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component
IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft (r) JScript
IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL
ES.DLL 22b0000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library
RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)
ESTIER2.DLL 22d0000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library
ESSHARED.DLL 39c0000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities
SDHELPER.DLL 2d20000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
OLEPRO32.DLL 77300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4515
MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
UPNP.DLL 75220000 114688 C:\WINDOWS\SYSTEM\UPNP.DLL 4.90.3000.1 Universal Plug and Play API
SSDPAPI.DLL 759a0000 49152 C:\WINDOWS\SYSTEM\SSDPAPI.DLL 4.90.3000.1 SSDP Client API DLL
AUHOOK.DLL 1460000 36864 C:\WINDOWS\SYSTEM\AUHOOK.DLL 5.4.1083.11 Microsoft AutoUpdate
UPNPUI.DLL 75200000 69632 C:\WINDOWS\SYSTEM\UPNPUI.DLL 4.90.3000.1 UPNP Tray Monitor and Folder
WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor
YCOMP5_3_12_0.DLL 68000000 315392 C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL 2004, 1, 7, 1 Yahoo! Companion 5.3 for Internet Explorer
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
SHDOCLC.DLL 1f50000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
MYDOCS.DLL 77b80000 81920 C:\WINDOWS\SYSTEM\MYDOCS.DLL 5.50.4134.100 My Documents Folder UI
MSI.DLL 22f0000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows(TM) Telephony API Client DLL
NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
ASWIDLE.DLL 64a00000 28672 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL 4, 0, 142, 0 avast! Idle Hook Library
WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1400 Internet Extensions for Win32
CRYPT32.DLL 7da90000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.3 Crypto API32
MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
MSHTML.DLL 63580000 2818048 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1400 Microsoft (R) HTML Viewer
MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
MSGPLUSH1.DLL 10000000 1097728 C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUSH1.DLL 2, 54, 0, 75 Hook DLL
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
AVCOMMEX.DLL 65800000 110592 C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
IADHIDE.DLL 1480000 24576 C:\WINDOWS\TEMP\IADHIDE.DLL Version 5.5 SP1 (Build 5870R) IAdHide
SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
EXPLORER.EXE 400000 225280 C:\WINDOWS\EXPLORER.EXE 5.50.4134.100 Windows Explorer
COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft (R) C Runtime Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component


I have NO idea on earth what that means! Geez, I'm glad you guys are here!!
Hope you can help.
Lacey.

 

No nasties in there that I can see.

That was the log for Explorer (option1)

Could you post the one for IE as well please?

Regards,

Pieter

 

To run option 2 in PV you need to have a Internet Explorer window open at the same time - Try that for the experts here please.

 

Sorry Pieter - did not see you about to post - hope I helped.

 

Hi Pieter,
All it said was no matching processes found, then opened my homepage, and opened a blank log page.
Regards,
Lacey.

 

Sorry Chris, didn't see yours, LOL. I'll go try that now.
Thanks,
Lacey

 

Okay, I just tried it, and it did the same thing.
Regards,
Lacey.

 

Hi Lacey,

-Open your homepage
-Double click on the runme.bat
A dos window will open. Please select option 2 internet explorer dll and post that log

Regards,

Pieter

 

Hey Pieter,
I did that, and it still hasn't changed. There's just a blank log page.
Lacey

 

Mighty strange, but maybe it's a sign we are on to something.

Can you go to:
http://www.turboware.com/WhatsHappening.htm
and download and unzip What's Happening
- Doubleclick Whatshappening.exe
- Select IEXPLORE.EXE in the top window
- Click Edit > Copy Branch to clipboard
- Rightclick in your next post and choose Paste to post the log.

Regards,

Pieter

 

Umm, there's no IEXPLORE.EXE. There's EXPLORER.EXE, but no IE...should I be getting worried now, or just puzzled?
Regards,
Lacey

 

That depends. If you have an IE window open, you can start to worry if nothing shows up.

Regards,

Pieter

 

Hey Pieter,
Okay, I have three windows open. There's my homepage, this one, and the Trojan page in What's Happening. (I got curious) Errr, now I'm worried, 'cause they're definitely running! What do you think?

Lacey

 

Hi Lacey,

Download unzip and run:
http://bagpuss.swan.ac.uk/comms/RKDetectorv0[1].62.zip

Let me know what it says.

Regards,

Pieter

 

Hi Pieter...I'm back.
I downloaded the file, but when I click on it, it only comes up for about two seconds, then disappears. I sent it to the desktop and tried again, but no luck. I have my avast antivirus running right now though, could that have something to do with it?
Computers...whaddya do with em?

Lacey

 

Try it like this:

-Open a explorer window that looks inside the RKDetectorv0[1].62 folder
- Start > Run > cmd > Ok
- Drag and drop rkdetector.exe behind the command prompt and hit Enter to run it

Then the window should stay open.

Regards,

Pieter

 

It says windows cannot find cmd. I did a search for it, and there were quite a few files. Sorry 'bout all this, my computer hates me!

Lacey

 

Hm. That last bit could be me expecting too much from Windows ME
Not sure if the drag and drop will work to the DOS prompt.
Try it Start > Programs > Accessories > MS-DOS Prompt

Regards,

Pieter