Rasautou.exe App Error
#16
Posted 16 September 2004 - 08:47 PM
Register to Remove
#17
Posted 16 September 2004 - 08:51 PM
#18
Posted 16 September 2004 - 08:54 PM
Go to:
Start > My Computer
<double click> on these things:
Local Disk (C:) > Windows (folder icon) > System32 (folder icon)
Then look for rasautou.exe in there.
BE CAREFUL NOT TO "DISTURB" ANYTHING ELSE IN THERE!
After renaming it, just close that window you are in.
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#19
Posted 16 September 2004 - 09:13 PM
#20
Posted 16 September 2004 - 10:23 PM
O4 - HKCU\..\Run: [Spyware Remover] C:\Program Files\PAL SPYREM\spyrem.exe
Reboot & let me know how things are going.
If that doesn't work, do this:
Go to: Start > Run > Type "services.msc<enter>" then scroll down to items that start with "Remote access".
Double-click them (one at a time if more than one entry starts with "Remote access" - I had two entries on my machine). Post back what is in the "Path to executable" box (for each one).
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#21
Posted 20 September 2004 - 08:03 PM
I don't know what this means, but I tried to go to services.msc<enter> and a box popped up that said "Windows cannot find 'services.msc<enter>'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search. -ok-
If it's not a big deal, then don't worry about it. If it's something that needs to be fixed, I'll gladly take any advice you give.
Thank you so, so, so much. Just for "grins and giggles", I'll post my last Hijack This log for you...thank you again.
Logfile of HijackThis v1.98.2
Scan saved at 8:47:48 PM, on 9/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D97BB5EB-884B-463F-905A-410DA7ABD4CC}: NameServer = 151.164.1.8 206.13.28.12
Thank you again!!
#22
Posted 20 September 2004 - 08:13 PM
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#23
Posted 20 September 2004 - 08:16 PM
#24
Posted 22 September 2004 - 05:43 PM
Here's my newest log. Also, when I got on tonight, it said there were updates available for my Norton Anti-Virus, so I updated. You don't think that had anything to do with it, do you?
Logfile of HijackThis v1.98.2
Scan saved at 6:38:03 PM, on 9/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D97BB5EB-884B-463F-905A-410DA7ABD4CC}: NameServer = 151.164.1.8 206.13.28.12
Please help if you can....thanks
deidre
#25
Posted 22 September 2004 - 06:01 PM
services.msc
Then click "OK"
In the window that comes up on the screen, scroll down to items that start with "Remote access".
Double-click them (one at a time if more than one entry starts with "Remote access" - I had two entries on my machine). Post back what is in the "Path to executable" box (for each one).
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
Register to Remove
#26
Posted 22 September 2004 - 06:26 PM
#27
Posted 22 September 2004 - 07:30 PM
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#28
Posted 23 September 2004 - 09:21 AM
#29
Posted 23 September 2004 - 04:20 PM
Answers That Work - Rasautou.exe
I don't think it should even be running.
If that starts being a problem, do this:
1. When you get ready to sign-off the internet, see if that task is running with the task manager. To do that press these 3 keys at the same time:
<Ctrl><Alt><Del>
Then click on the "Processes" tab, then click on "Image Name". This sorts the running tasks alphabetically. See if "rasautou.exe" is in the list of running processes.
2. If you find it in there, first close all other programs except your browser. Then click on "rasautou.exe" (in the running processes list) to highlight it, then click "End task".
Wait a minute or two, then go ahead and sign-off the Internet.
If everything on your machine works without it running (and it should), we'll just find out how that task is getting started, and keep it from running. I have a few leads on how to do that.
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#30
Posted 23 September 2004 - 08:46 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users