Jump to content


Photo

purple monkeys flying out of my...


  • Please log in to reply
5 replies to this topic

#1 davedelrio

davedelrio

    Member

  • New Member
  • Pip
  • 3 posts

Posted 18 June 2004 - 03:02 AM

...but I digress.
[hoping to catch someones eye for a little assistance]
I've been plagued with start page hijackings and search redirects. I run Ad-aware and Spybot regularly but am prone to 'relapses'.
(notvery-)coolwebsearch has been the primary offender.
sometimes my toolbars get changed ('links' and 'Yahoo! companion' get added and the layout changes)
why is this crap legal?!?!?!
HijackThis log copied below. Thanks for your time and interest.
now back to those monkeys...

peace,
David

-freedom shall perish in the absence of truth-




Logfile of HijackThis v1.97.7
Scan saved at 12:14:45 AM, on 6/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\cisvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\cidaemon.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
F:\WINDOWS\TPPALDR.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Documents and Settings\dR\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - F:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7F0F4B01-FCF3-4432-BBE6-8CBD6B2FD0D5} - F:\WINDOWS\System32\hajnb.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\DOCUME~1\dR\LOCALS~1\Temp\11265.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] F:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SpyHunter] F:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Remndr] "F:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [slmss] F:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [version] F:\WINDOWS\System32\manage.exe
O4 - HKLM\..\Run: [WinEssential] F:\WINDOWS\System32\keyword.exe
O4 - HKLM\..\Run: [MSN Manager] F:\WINDOWS\System32\tsmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://f:\windows\downloaded program files\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.co...22/ComCtl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho.../yinstmulti.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...,5/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cameras.thiba...sCamControl.ocx
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com...ActivexTest.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://www.talkingbu...cters/peedy.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab

#2 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 19 June 2004 - 10:19 PM

Download this zip.

http://tools.zerosrealm.com/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

Notepad will open with a log in it. Please copy and paste the log into this post.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#3 davedelrio

davedelrio

    Member

  • New Member
  • Pip
  • 3 posts

Posted 20 June 2004 - 03:42 AM

Module information for 'explorer.exe'
MODULE BASE SIZE PATH
explorer.exe 1000000 1011712 F:\WINDOWS\explorer.exe 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer
ntdll.dll 77f50000 679936 F:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL
kernel32.dll 77e60000 937984 F:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 F:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 569344 F:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 78000000 454656 F:\WINDOWS\system32\RPCRT4.dll 5.1.2600.135 (xpclnt_qfe.021108-2107) Remote Procedure Call Runtime
GDI32.dll 77c70000 253952 F:\WINDOWS\system32\GDI32.dll 5.1.2600.132 (xpclnt_qfe.021108-2107) GDI Client DLL
USER32.dll 77d40000 548864 F:\WINDOWS\system32\USER32.dll 5.1.2600.118 (xpclnt_qfe.021108-2107) Windows XP USER API Client DLL
SHLWAPI.dll 63180000 409600 F:\WINDOWS\system32\SHLWAPI.dll 6.00.2730.1200 Shell Light-weight Utility Library
SHELL32.dll 773d0000 8314880 F:\WINDOWS\system32\SHELL32.dll 6.00.2600.115 (xpclnt_qfe.021108-2107) Windows Shell Common Dll
ole32.dll 771b0000 1126400 F:\WINDOWS\system32\ole32.dll 5.1.2600.136 (xpclnt_qfe.021108-2107) Microsoft OLE for Windows
OLEAUT32.dll 77120000 569344 F:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
BROWSEUI.dll 71500000 1036288 F:\WINDOWS\System32\BROWSEUI.dll 6.00.2737.1600 Shell Browser UI Library
SHDOCVW.dll 71700000 1347584 F:\WINDOWS\System32\SHDOCVW.dll 6.00.2737.800 Shell Doc Object and Control Library
UxTheme.dll 5ad70000 212992 F:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
Secur32.dll 76f90000 65536 F:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
iphlpapi.dll 76d60000 86016 F:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API
netman.dll 76de0000 155648 F:\WINDOWS\System32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager
MPRAPI.dll 76d40000 90112 F:\WINDOWS\System32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
ACTIVEDS.dll 76e40000 192512 F:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 147456 F:\WINDOWS\System32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL
NETAPI32.dll 71c20000 315392 F:\WINDOWS\System32\NETAPI32.dll 5.1.2600.122 (xpclnt_qfe.021108-2107) Net Win32 API DLL
WLDAP32.dll 76f60000 180224 F:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
ATL.DLL 76b20000 86016 F:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
rtutils.dll 76e80000 53248 F:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
SAMLIB.dll 71bf0000 69632 F:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
SETUPAPI.dll 76670000 933888 F:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
RASAPI32.dll 790000 233472 F:\WINDOWS\System32\RASAPI32.dll 5.1.2600.28 (xpclnt_qfe.010827-1803) Remote Access API
rasman.dll 76e90000 69632 F:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
WS2_32.dll 71ab0000 86016 F:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 F:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
TAPI32.dll 76eb0000 172032 F:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows™ Telephony API Client DLL
WINMM.dll 76b40000 180224 F:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
WZCSvc.DLL 76da0000 196608 F:\WINDOWS\System32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service
WMI.dll 76d30000 16384 F:\WINDOWS\System32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality
DHCPCSVC.DLL 76d80000 106496 F:\WINDOWS\System32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service
DNSAPI.dll 76f20000 151552 F:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
CRYPT32.dll 762c0000 557056 F:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto API32
MSASN1.dll 762a0000 65536 F:\WINDOWS\system32\MSASN1.dll 5.1.2600.137 (xpclnt_qfe.021108-2107) ASN.1 Runtime APIs
WTSAPI32.dll 76f50000 32768 F:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 61440 F:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
comctl32.dll 71950000 933888 F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library
comctl32.dll 77340000 569344 F:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
MSCTF.dll 74720000 307200 F:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
appHelp.dll 75f40000 118784 F:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 7c620000 528384 F:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53
COMRes.dll 77050000 806912 F:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 F:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 76620000 319488 F:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI
CSCDLL.dll 76600000 110592 F:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
themeui.dll 5b630000 458752 F:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API
MSIMG32.dll 76380000 20480 F:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL
USERENV.dll 75a70000 667648 F:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
actxprxy.dll 71d40000 110592 F:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
wmpband.dll 7610000 94208 F:\PROGRA~1\WINDOW~3\wmpband.dll 9.00.00.2980 Windows Media Player
MPR.dll 71b20000 69632 F:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
LINKINFO.dll 76980000 28672 F:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76990000 147456 F:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
msi.dll 76400000 2076672 F:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
WININET.dll 63000000 610304 F:\WINDOWS\system32\WININET.dll 6.00.2737.800 Internet Extensions for Win32
mslbui.dll 605d0000 61440 F:\WINDOWS\System32\mslbui.dll 5.1.2600.0 (xpclient.010817-1148) LangageBar Add In
LgMousHk.dll 10000000 32768 F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll 9.42.66 Logitech Mouse Hook Library
urlmon.dll 1a400000 495616 F:\WINDOWS\system32\urlmon.dll 6.00.2736.2300 OLE32 Extensions for Win32
XAHook.dll f30000 57344 F:\Program Files\Pop-Up Stopper Free Edition\XAHook.dll 1, 0, 0, 1008 XAHook Dynamic Link Library
webcheck.dll 74b30000 266240 F:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor
stobject.dll 74b00000 131072 F:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object
BatMeter.dll 74af0000 36864 F:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 28672 F:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 F:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 F:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 F:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 F:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
NETSHELL.dll 75cf0000 1638400 F:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell
credui.dll 76c00000 184320 F:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface
browselc.dll 72430000 73728 F:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
ycomp5_1_5_0.dll 68000000 249856 F:\Program Files\Yahoo!\common\ycomp5_1_5_0.dll 2003, 5, 14, 1 Yahoo! Companion 5.1 for Internet Explorer
WSOCK32.dll 71ad0000 32768 F:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
bh304181.dll b50000 40960 F:\Program Files\Kontiki\bin\bh304181.dll 2.10.30418.1 ZodiacBho Module
SDHelper.dll 2ef0000 733184 F:\PROGRA~1\SPYBOT~1\SDHelper.dll
olepro32.dll 5edd0000 106496 F:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL
nndkkck.dll f90000 45056 F:\WINDOWS\System32\nndkkck.dll
KS304181.dll 2d50000 94208 F:\Program Files\Kontiki\bin\KS304181.dll 2.10.30418.1 KontikiServices Module
DUSER.dll 6c1b0000 274432 F:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine
msohev.dll 32520000 73728 F:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
printui.dll 74b80000 532480 F:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL
WINSPOOL.DRV 73000000 143360 F:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
CFGMGR32.dll 74ae0000 28672 F:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
drprov.dll 75f60000 24576 F:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 F:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 F:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 F:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 F:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 F:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
WINTRUST.dll 76c30000 176128 F:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 F:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
rsaenh.dll ffd0000 139264 F:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider
asfsipc.dll 70eb0000 28672 F:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 605f0000 53248 F:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 F:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host
comdlg32.dll 763b0000 282624 F:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
MCPS.DLL 365a0000 86016 F:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76080000 397312 F:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

#4 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 20 June 2004 - 01:08 PM

That didn't find what I was looking for, so can you
  • Download reglite
  • install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ into the address bar.
  • Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
  • You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
  • Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
  • Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
  • Rename the windows folder back to its original name "Windows".
  • Run SpyBot, Ad-Aware and CWShredder
  • Check the following three links for instructions on downloading and running the applications listed:
  • Next step will be to remove this dll file so make sure you have it noted down.
  • Procedure 1
    • Download KillBox
    • Unzip and start the application
    • Paste in the dir <path and name of dll as found in the appinit value box> e.g. C:\Windows\System32\nameofdll.dll
    • Menu Select Action => Delete on Reboot
    • Select File => Add file <It should add the path automatically>
    • <Same Window> Select Action => Process and Reboot
If there is no DLL file listed in the value textfield in Step 3 then run Steps 8 & 9 ONLY. Then post a fresh Hijackthis log.

Can you let me know if you
installed Casino Online
Have MSN Contacts Manager or use your pc as a server.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#5 davedelrio

davedelrio

    Member

  • New Member
  • Pip
  • 3 posts

Posted 22 June 2004 - 06:35 AM

Hi Scoff,
answers-
did not install Casino Online (but it has popped up at least once, I think)
do not have MSN Contacts Mgr.
do not use PC as server.
Many thanks! I will follow your instructions when I return from travels in a couple weeks.
Peace,
David

#6 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 28 June 2004 - 10:17 PM

Ok, if you go through that when you get back then post a fresh log to make sure the cws nasty got removed, then we'll do the follow up. I've got this topic tracked so i'll see it when you reply.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button