Another Chinapet.com siting.

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Another Chinapet.com siting., Internet Explorer Pops up Windows Occassionally

Options

Fred johns View Member Profile	Aug 21 2008, 07:08 AM Post #1
New Member Group: New Member Posts: 1 Joined: 21-August 08 Member No.: 81,115 Operating System: WindowsXP	I'll echo the comments of another user here that I've seen internet Explorer semi-randomly pop up a window that points to a Chinese website - something that has only started happening since my last reboot. I should add that I don't often reboot. This isn't the only Chinese website I've seen displayed (by Internet Explorer 6.) I use Zone Alarm and have turned it up to a high paranoia level but I haven't yet been able to associate any specific action(s) or DLLs with the pages that open. (ZoneAlarm lets me say "no, RegRun, you cannot modify my registry to start on boot." RegRun is gone because it wasn't savvy enough to know about SFU processes/files.) What led me to this website was searching for information on what skypecomm.dll is. There is but what concerns me more is how it got to where it is and where it came from. I don't use Skype or any VOIP products. I don't use HiJackThis and don't want to because all of the threads I see have "experts" recommending "strange" things.. But what i will include is the output from DllList for iexplore.com: iexplore.exe pid: 960 Command line: "E:\Program Files\Internet Explorer\iexplore.exe" Base Size Version Path 0x00400000 0x19000 6.00.2900.2180 E:\Program Files\Internet Explorer\iexplore.exe 0x7c900000 0xb0000 5.01.2600.2180 E:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf5000 5.01.2600.3119 E:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 7.00.2600.2180 E:\WINDOWS\system32\msvcrt.dll 0x7e410000 0x90000 5.01.2600.3099 E:\WINDOWS\system32\USER32.dll 0x77f10000 0x47000 5.01.2600.3316 E:\WINDOWS\system32\GDI32.dll 0x77f60000 0x76000 6.00.2900.3395 E:\WINDOWS\system32\SHLWAPI.dll 0x77dd0000 0x9b000 5.01.2600.2180 E:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x92000 5.01.2600.3173 E:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 0x11000 5.01.2600.2180 E:\WINDOWS\system32\Secur32.dll 0x7e290000 0x16f000 6.00.2900.3395 E:\WINDOWS\system32\SHDOCVW.dll 0x77a80000 0x94000 5.131.2600.2180 E:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 5.01.2600.2180 E:\WINDOWS\system32\MSASN1.dll 0x754d0000 0x80000 5.131.2600.2180 E:\WINDOWS\system32\CRYPTUI.dll 0x76c30000 0x2e000 5.131.2600.2180 E:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 5.01.2600.2180 E:\WINDOWS\system32\IMAGEHLP.dll 0x77120000 0x8b000 5.01.2600.3266 E:\WINDOWS\system32\OLEAUT32.dll 0x774e0000 0x13d000 5.01.2600.2726 E:\WINDOWS\system32\ole32.dll 0x5b860000 0x54000 5.01.2600.2976 E:\WINDOWS\system32\NETAPI32.dll 0x771b0000 0xa6000 6.00.2900.3395 E:\WINDOWS\system32\WININET.dll 0x76f60000 0x2c000 5.01.2600.2180 E:\WINDOWS\system32\WLDAP32.dll 0x77c00000 0x8000 5.01.2600.2180 E:\WINDOWS\system32\VERSION.dll 0x76390000 0x1d000 5.01.2600.2180 E:\WINDOWS\system32\IMM32.DLL 0x629c0000 0x9000 5.01.2600.2180 E:\WINDOWS\system32\LPK.DLL 0x74d90000 0x6b000 1.420.2600.2180 E:\WINDOWS\system32\USP10.dll 0x773d0000 0x103000 6.00.2900.2982 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x7c9c0000 0x816000 6.00.2900.3241 E:\WINDOWS\system32\SHELL32.dll 0x5d090000 0x9a000 5.82.2900.2982 E:\WINDOWS\system32\comctl32.dll 0x5ad70000 0x38000 6.00.2900.2180 E:\WINDOWS\system32\uxtheme.dll 0x75f80000 0xfd000 6.00.2900.3395 E:\WINDOWS\system32\BROWSEUI.dll 0x20000000 0x12000 6.00.2900.2180 E:\WINDOWS\system32\browselc.dll 0x77b40000 0x22000 5.01.2600.2180 E:\WINDOWS\system32\appHelp.dll 0x76fd0000 0x7f000 2001.12.4414.0308 E:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0258 E:\WINDOWS\system32\COMRes.dll 0x755c0000 0x2e000 5.01.2600.2180 E:\WINDOWS\system32\msctfime.ime 0x7e1e0000 0xa1000 6.00.2900.3395 E:\WINDOWS\system32\urlmon.dll 0x77a20000 0x54000 5.01.2600.2180 E:\WINDOWS\System32\cscui.dll 0x76600000 0x1d000 5.01.2600.2180 E:\WINDOWS\System32\CSCDLL.dll 0x77920000 0xf3000 5.01.2600.2180 E:\WINDOWS\system32\SETUPAPI.dll 0x10000000 0x37f000 4.00.1601.4978 e:\program files\google\googletoolbar1.dll 0x7d1e0000 0x2be000 3.01.4000.4039 E:\WINDOWS\system32\msi.dll 0x76b40000 0x2d000 5.01.2600.2180 E:\WINDOWS\system32\WINMM.dll 0x71ad0000 0x9000 5.01.2600.2180 E:\WINDOWS\system32\WSOCK32.dll 0x71ab0000 0x17000 5.01.2600.2180 E:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 5.01.2600.2180 E:\WINDOWS\system32\WS2HELP.dll 0x76380000 0x5000 5.01.2600.2180 E:\WINDOWS\system32\MSIMG32.dll 0x74980000 0x113000 8.90.1101.0000 E:\WINDOWS\System32\msxml3.dll 0x59a60000 0xa1000 5.01.2600.2180 E:\WINDOWS\system32\DBGHELP.DLL 0x76ee0000 0x3c000 5.01.2600.2180 E:\WINDOWS\system32\RASAPI32.DLL 0x76e90000 0x12000 5.01.2600.2180 E:\WINDOWS\system32\rasman.dll 0x76eb0000 0x2f000 5.01.2600.2180 E:\WINDOWS\system32\TAPI32.dll 0x76e80000 0xe000 5.01.2600.2180 E:\WINDOWS\system32\rtutils.dll 0x77c70000 0x23000 5.01.2600.2180 E:\WINDOWS\system32\msv1_0.dll 0x76d60000 0x19000 5.01.2600.2912 E:\WINDOWS\system32\iphlpapi.dll 0x76990000 0x25000 5.01.2600.2180 E:\WINDOWS\system32\ntshrui.dll 0x76b20000 0x11000 3.05.2284.0000 E:\WINDOWS\system32\ATL.DLL 0x769c0000 0xb3000 5.01.2600.2180 E:\WINDOWS\system32\USERENV.dll 0x722b0000 0x5000 5.01.2600.2180 E:\WINDOWS\system32\sensapi.dll 0x71b20000 0x12000 5.01.2600.2180 E:\WINDOWS\system32\MPR.dll 0x75f60000 0x7000 5.01.2600.2180 E:\WINDOWS\System32\drprov.dll 0x71c10000 0xe000 5.01.2600.2180 E:\WINDOWS\System32\ntlanman.dll 0x71cd0000 0x17000 5.01.2600.2180 E:\WINDOWS\System32\NETUI0.dll 0x71c90000 0x40000 5.01.2600.2180 E:\WINDOWS\System32\NETUI1.dll 0x71c80000 0x7000 5.01.2600.2180 E:\WINDOWS\System32\NETRAP.dll 0x71bf0000 0x13000 5.01.2600.2180 E:\WINDOWS\System32\SAMLIB.dll 0x75f70000 0x9000 5.01.2600.2180 E:\WINDOWS\System32\davclnt.dll 0x02320000 0xd000 8.00.1969.0001 E:\WINDOWS\system32\nfsnp.dll 0x02330000 0x15000 8.00.1969.0001 E:\WINDOWS\system32\nfsccfg.dll 0x75970000 0xf7000 5.01.2600.2180 E:\WINDOWS\system32\MSGINA.dll 0x76360000 0x10000 5.01.2600.2180 E:\WINDOWS\system32\WINSTA.dll 0x74320000 0x3d000 3.525.1117.0000 E:\WINDOWS\system32\ODBC32.dll 0x763b0000 0x49000 6.00.2900.2180 E:\WINDOWS\system32\comdlg32.dll 0x02450000 0x17000 3.525.1117.0000 E:\WINDOWS\system32\odbcint.dll 0x02480000 0x10000 8.00.0000.0456 E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x78130000 0x9b000 8.00.50727.1433 E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x024b0000 0x17000 1.08.0004.1007 E:\Program Files\FlashGet\jccatch.dll 0x024d0000 0x187000 1.06.0000.0012 E:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x69450000 0x16000 5.01.2600.2180 E:\WINDOWS\system32\faultrep.dll 0x76f50000 0x8000 5.01.2600.2180 E:\WINDOWS\system32\WTSAPI32.dll 0x5edd0000 0x17000 5.01.2600.2180 E:\WINDOWS\system32\olepro32.dll 0x65af0000 0x7000 6.00.2900.3395 E:\WINDOWS\system32\jsproxy.dll 0x6d7c0000 0x79000 6.00.0030.0005 E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 0x7c340000 0x56000 7.10.3052.0004 E:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll 0x02900000 0x28000 1.00.0001.0006 E:\WINDOWS\system32\SkypeComm.dll 0x02b40000 0x29000 1.08.0004.1003 E:\Program Files\FlashGet\getflash.dll 0x7dc30000 0x2f1000 6.00.2900.3395 E:\WINDOWS\System32\mshtml.dll 0x746c0000 0x27000 3.10.0349.0000 E:\WINDOWS\System32\msls31.dll 0x76bf0000 0xb000 5.01.2600.2180 E:\WINDOWS\System32\PSAPI.DLL 0x75e90000 0xb0000 5.01.2600.3019 E:\WINDOWS\system32\SXS.DLL 0x02fc0000 0x88000 6.00.2900.2180 E:\WINDOWS\system32\shdoclc.dll 0x03050000 0x2c5000 5.01.2600.2180 E:\WINDOWS\system32\xpsp2res.dll 0x75cf0000 0x91000 6.00.2900.2180 E:\WINDOWS\system32\MLANG.dll 0x71a50000 0x3f000 5.01.2600.3394 E:\WINDOWS\system32\mswsock.dll 0x662b0000 0x58000 5.01.2600.2180 E:\WINDOWS\system32\hnetcfg.dll 0x71a90000 0x8000 5.01.2600.2180 E:\WINDOWS\System32\wshtcpip.dll 0x76f20000 0x27000 5.01.2600.3394 E:\WINDOWS\system32\DNSAPI.dll 0x746f0000 0x2a000 5.01.2600.2180 E:\WINDOWS\System32\msimtf.dll 0x74720000 0x4b000 5.01.2600.2180 E:\WINDOWS\System32\MSCTF.dll 0x325c0000 0x12000 11.00.5510.0000 E:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x76fc0000 0x6000 5.01.2600.2938 E:\WINDOWS\system32\rasadhlp.dll 0x03c30000 0x15000 1.01.0050.0000 E:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll 0x03c50000 0x5b000 8.01.0000.0000 E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 0x75c50000 0x6f000 5.06.0000.8835 E:\WINDOWS\System32\jscript.dll 0x30000000 0x3ae000 9.00.0115.0000 E:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 0x72d20000 0x9000 5.01.2600.2180 E:\WINDOWS\system32\wdmaud.drv 0x72d10000 0x8000 5.01.2600.0000 E:\WINDOWS\system32\msacm32.drv 0x77be0000 0x15000 5.01.2600.2180 E:\WINDOWS\system32\MSACM32.dll 0x77bd0000 0x7000 5.01.2600.2180 E:\WINDOWS\system32\midimap.dll 0x73300000 0x67000 5.06.0000.8835 E:\WINDOWS\System32\vbscript.dll 0x73dd0000 0xfe000 6.02.4131.0000 E:\WINDOWS\System32\MFC42.DLL 0x767f0000 0x27000 5.01.2600.3126 E:\WINDOWS\system32\schannel.dll 0x6d430000 0xa000 5.03.2600.2180 E:\WINDOWS\System32\ddrawex.dll 0x73760000 0x49000 5.03.2600.2180 E:\WINDOWS\System32\DDRAW.dll 0x73bc0000 0x6000 5.01.2600.2180 E:\WINDOWS\System32\DCIMAN32.dll 0x76200000 0x71000 6.00.2900.3395 E:\WINDOWS\System32\mshtmled.dll What led me to suspecting skypecomm.dll was when I fired up Process Explorer and found SkypeComm.dll close to the top of the stack of an Internet Explorer thread that was trying to open the chinapet page (I run with "ask me" for all javascript, so IE stopped after loading the page and before rendering it), so for now I've renamed the dll, but that doesn't answer how it got there or where it came from. And unlike other virus/trojan dll's that I've had to deal with, it was too easy to rename for me to be convinced that it is the source of the problem (A reboot into Linux is often in order.) That said, I'm not 100% satisfied that the problem is licked, especially the root cause, only that something strange has been changed... Comments appreciated... p.s. spybot is also gone because that proved to be next to useless too. I need to remember what the worthwhile free registry auditting programs are... This post has been edited by Fred johns: Aug 21 2008, 07:11 AM

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

		Topic Title	Replies	Topic Starter	Views	Last Action
		HijackThis™ Logs and Infections Removal IE7 launches http://pic.chinapet.com (HiJackThis.log)	0	TomCat1955	382	9th August 2008 - 06:06 AM Last post by: TomCat1955