• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
davedelrio

purple monkeys flying out of my...

6 posts in this topic

...but I digress.

[hoping to catch someones eye for a little assistance]

I've been plagued with start page hijackings and search redirects. I run Ad-aware and Spybot regularly but am prone to 'relapses'.

(notvery-)coolwebsearch has been the primary offender.

sometimes my toolbars get changed ('links' and 'Yahoo! companion' get added and the layout changes)

why is this crap legal?!?!?!

HijackThis log copied below. Thanks for your time and interest.

now back to those monkeys...

 

peace,

David

 

-freedom shall perish in the absence of truth-

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:14:45 AM, on 6/18/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\System32\cisvc.exe

F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

F:\WINDOWS\System32\svchost.exe

F:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\System32\cidaemon.exe

F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

F:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

F:\WINDOWS\TPPALDR.EXE

F:\WINDOWS\System32\ctfmon.exe

F:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe

F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

F:\Documents and Settings\dR\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - F:\Program Files\Kontiki\bin\bh304181.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7F0F4B01-FCF3-4432-BBE6-8CBD6B2FD0D5} - F:\WINDOWS\System32\hajnb.dll (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [QuickTime Task] "F:\DOCUME~1\dR\LOCALS~1\Temp\11265.exe" -atboottime

O4 - HKLM\..\Run: [TPP Auto Loader] F:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [spyHunter] F:\Program Files\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [Remndr] "F:\Program Files\CasinoOnline\CsRemnd.exe"

O4 - HKLM\..\Run: [slmss] F:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [version] F:\WINDOWS\System32\manage.exe

O4 - HKLM\..\Run: [WinEssential] F:\WINDOWS\System32\keyword.exe

O4 - HKLM\..\Run: [MSN Manager] F:\WINDOWS\System32\tsmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate Page - res://f:\windows\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl...22/ComCtl32.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yse/yinstmulti.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...,5/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/09b3021f0cb8cce1e105/netzip/RdxIE2.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cameras.thibault.com/activex/AxisCamControl.ocx

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com/activex/src/KeyActivexTest.ocx

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://www.talkingbuddy.com/characters/peedy.exe

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

Share this post


Link to post
Share on other sites

Download this zip.

 

http://tools.zerosrealm.com/pv.zip

Please unzip it to the desktop. It will not work if you run it from inside the zip.

 

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

 

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

 

Notepad will open with a log in it. Please copy and paste the log into this post.

Share this post


Link to post
Share on other sites

Module information for 'explorer.exe'

MODULE BASE SIZE PATH

explorer.exe 1000000 1011712 F:\WINDOWS\explorer.exe 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer

ntdll.dll 77f50000 679936 F:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL

kernel32.dll 77e60000 937984 F:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL

msvcrt.dll 77c10000 339968 F:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL

ADVAPI32.dll 77dd0000 569344 F:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API

RPCRT4.dll 78000000 454656 F:\WINDOWS\system32\RPCRT4.dll 5.1.2600.135 (xpclnt_qfe.021108-2107) Remote Procedure Call Runtime

GDI32.dll 77c70000 253952 F:\WINDOWS\system32\GDI32.dll 5.1.2600.132 (xpclnt_qfe.021108-2107) GDI Client DLL

USER32.dll 77d40000 548864 F:\WINDOWS\system32\USER32.dll 5.1.2600.118 (xpclnt_qfe.021108-2107) Windows XP USER API Client DLL

SHLWAPI.dll 63180000 409600 F:\WINDOWS\system32\SHLWAPI.dll 6.00.2730.1200 Shell Light-weight Utility Library

SHELL32.dll 773d0000 8314880 F:\WINDOWS\system32\SHELL32.dll 6.00.2600.115 (xpclnt_qfe.021108-2107) Windows Shell Common Dll

ole32.dll 771b0000 1126400 F:\WINDOWS\system32\ole32.dll 5.1.2600.136 (xpclnt_qfe.021108-2107) Microsoft OLE for Windows

OLEAUT32.dll 77120000 569344 F:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 71500000 1036288 F:\WINDOWS\System32\BROWSEUI.dll 6.00.2737.1600 Shell Browser UI Library

SHDOCVW.dll 71700000 1347584 F:\WINDOWS\System32\SHDOCVW.dll 6.00.2737.800 Shell Doc Object and Control Library

UxTheme.dll 5ad70000 212992 F:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library

Secur32.dll 76f90000 65536 F:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface

iphlpapi.dll 76d60000 86016 F:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API

netman.dll 76de0000 155648 F:\WINDOWS\System32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager

MPRAPI.dll 76d40000 90112 F:\WINDOWS\System32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL

ACTIVEDS.dll 76e40000 192512 F:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL

adsldpc.dll 76e10000 147456 F:\WINDOWS\System32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL

NETAPI32.dll 71c20000 315392 F:\WINDOWS\System32\NETAPI32.dll 5.1.2600.122 (xpclnt_qfe.021108-2107) Net Win32 API DLL

WLDAP32.dll 76f60000 180224 F:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL

ATL.DLL 76b20000 86016 F:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)

rtutils.dll 76e80000 53248 F:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

SAMLIB.dll 71bf0000 69632 F:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL

SETUPAPI.dll 76670000 933888 F:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API

RASAPI32.dll 790000 233472 F:\WINDOWS\System32\RASAPI32.dll 5.1.2600.28 (xpclnt_qfe.010827-1803) Remote Access API

rasman.dll 76e90000 69632 F:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager

WS2_32.dll 71ab0000 86016 F:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71aa0000 32768 F:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT

TAPI32.dll 76eb0000 172032 F:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows Telephony API Client DLL

WINMM.dll 76b40000 180224 F:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL

WZCSvc.DLL 76da0000 196608 F:\WINDOWS\System32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service

WMI.dll 76d30000 16384 F:\WINDOWS\System32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality

DHCPCSVC.DLL 76d80000 106496 F:\WINDOWS\System32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service

DNSAPI.dll 76f20000 151552 F:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL

CRYPT32.dll 762c0000 557056 F:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32

MSASN1.dll 762a0000 65536 F:\WINDOWS\system32\MSASN1.dll 5.1.2600.137 (xpclnt_qfe.021108-2107) ASN.1 Runtime APIs

WTSAPI32.dll 76f50000 32768 F:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs

WINSTA.dll 76360000 61440 F:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library

comctl32.dll 71950000 933888 F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library

comctl32.dll 77340000 569344 F:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library

MSCTF.dll 74720000 307200 F:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL

appHelp.dll 75f40000 118784 F:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library

CLBCATQ.DLL 7c620000 528384 F:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53

COMRes.dll 77050000 806912 F:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77c00000 28672 F:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 76620000 319488 F:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI

CSCDLL.dll 76600000 110592 F:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent

themeui.dll 5b630000 458752 F:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API

MSIMG32.dll 76380000 20480 F:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL

USERENV.dll 75a70000 667648 F:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv

actxprxy.dll 71d40000 110592 F:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library

wmpband.dll 7610000 94208 F:\PROGRA~1\WINDOW~3\wmpband.dll 9.00.00.2980 Windows Media Player

MPR.dll 71b20000 69632 F:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL

LINKINFO.dll 76980000 28672 F:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

ntshrui.dll 76990000 147456 F:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing

msi.dll 76400000 2076672 F:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer

WININET.dll 63000000 610304 F:\WINDOWS\system32\WININET.dll 6.00.2737.800 Internet Extensions for Win32

mslbui.dll 605d0000 61440 F:\WINDOWS\System32\mslbui.dll 5.1.2600.0 (xpclient.010817-1148) LangageBar Add In

LgMousHk.dll 10000000 32768 F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll 9.42.66 Logitech Mouse Hook Library

urlmon.dll 1a400000 495616 F:\WINDOWS\system32\urlmon.dll 6.00.2736.2300 OLE32 Extensions for Win32

XAHook.dll f30000 57344 F:\Program Files\Pop-Up Stopper Free Edition\XAHook.dll 1, 0, 0, 1008 XAHook Dynamic Link Library

webcheck.dll 74b30000 266240 F:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor

stobject.dll 74b00000 131072 F:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object

BatMeter.dll 74af0000 36864 F:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL

POWRPROF.dll 74ad0000 28672 F:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

wdmaud.drv 72d20000 36864 F:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72d10000 32768 F:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper

MSACM32.dll 77be0000 81920 F:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter

midimap.dll 77bd0000 28672 F:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper

NETSHELL.dll 75cf0000 1638400 F:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell

credui.dll 76c00000 184320 F:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface

browselc.dll 72430000 73728 F:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library

ycomp5_1_5_0.dll 68000000 249856 F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll 2003, 5, 14, 1 Yahoo! Companion 5.1 for Internet Explorer

WSOCK32.dll 71ad0000 32768 F:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL

bh304181.dll b50000 40960 F:\Program Files\Kontiki\bin\bh304181.dll 2.10.30418.1 ZodiacBho Module

SDHelper.dll 2ef0000 733184 F:\PROGRA~1\SPYBOT~1\SDHelper.dll

olepro32.dll 5edd0000 106496 F:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL

nndkkck.dll f90000 45056 F:\WINDOWS\System32\nndkkck.dll

KS304181.dll 2d50000 94208 F:\Program Files\Kontiki\bin\KS304181.dll 2.10.30418.1 KontikiServices Module

DUSER.dll 6c1b0000 274432 F:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine

msohev.dll 32520000 73728 F:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component

printui.dll 74b80000 532480 F:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL

WINSPOOL.DRV 73000000 143360 F:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver

CFGMGR32.dll 74ae0000 28672 F:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

drprov.dll 75f60000 24576 F:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71c10000 53248 F:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager

NETUI0.dll 71cd0000 90112 F:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes

NETUI1.dll 71c90000 245760 F:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c80000 24576 F:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

davclnt.dll 75f70000 36864 F:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL

WINTRUST.dll 76c30000 176128 F:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs

IMAGEHLP.dll 76c90000 139264 F:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper

rsaenh.dll ffd0000 139264 F:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider

asfsipc.dll 70eb0000 28672 F:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object

MSISIP.DLL 605f0000 53248 F:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider

wshext.dll 74ea0000 65536 F:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host

comdlg32.dll 763b0000 282624 F:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL

MCPS.DLL 365a0000 86016 F:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub

MSVCP60.DLL 76080000 397312 F:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

Share this post


Link to post
Share on other sites

That didn't find what I was looking for, so can you

  1. Download reglite
     
  2. install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ into the address bar.
     
  3. Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
     
  4. You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
     
  5. Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
     
  6. Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
     
  7. Rename the windows folder back to its original name "Windows".
     
  8. Run SpyBot, Ad-Aware and CWShredder
     
  9. Check the following three links for instructions on downloading and running the applications listed:

[*]Next step will be to remove this dll file so make sure you have it noted down.

 

[*]Procedure 1

  • Download KillBox
  • Unzip and start the application
  • Paste in the dir <path and name of dll as found in the appinit value box> e.g. C:\Windows\System32\nameofdll.dll
  • Menu Select Action => Delete on Reboot
  • Select File => Add file <It should add the path automatically>
  • <Same Window> Select Action => Process and Reboot

If there is no DLL file listed in the value textfield in Step 3 then run Steps 8 & 9 ONLY. Then post a fresh Hijackthis log.

 

Can you let me know if you

installed Casino Online

Have MSN Contacts Manager or use your pc as a server.

Share this post


Link to post
Share on other sites

Hi Scoff,

answers-

did not install Casino Online (but it has popped up at least once, I think)

do not have MSN Contacts Mgr.

do not use PC as server.

Many thanks! I will follow your instructions when I return from travels in a couple weeks.

Peace,

David

Share this post


Link to post
Share on other sites

Ok, if you go through that when you get back then post a fresh log to make sure the cws nasty got removed, then we'll do the follow up. I've got this topic tracked so i'll see it when you reply.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0