1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HIjackThis log regarding CWS about:blank

Discussion in 'Virus & Other Malware Removal' started by Captain Morg, Apr 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    If you do not already have it Click here to download CWShredder. UnZip the file, but do not run it yet.

    Now download TheKillbox from here:

    http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip the files to the folder of your choice.

    Now go offline and Do Not go back online until these procedures are completed.

    Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    c:\winnt\system32\sqlfkn.dll

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The c:\winnt\system32\sqlfkn.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.


    Finally run CWShredder. Just click on the cwshredder.exe and then click "Fix" (Not "Scan only") and let it do it's thing.

    When it is finished restart your computer.


    When you're back in windows, check to see if there's any change in the search problem and report back. Please also post a new Hijack This log. along with a new explorer.bat log.



    IMPORTANT!: To help prevent this from happening again, I strongly recommend you install the patches for the vulnerabilities that this hijacker exploits.

    The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates and Service Packs"
     
  2. ultima

    ultima

    Joined:
    Apr 8, 2004
    Messages:
    12
    I have the same problem with the about:blank hijack. It just keep coming back. Do know what to do at all.
     
  3. ultima

    ultima

    Joined:
    Apr 8, 2004
    Messages:
    12
    I have the same problem with About:blank problem too. I did the log and I find that there is a dll file with a Base number 61c00000(which is the random generated dll file and I notice another file name called (clbcatq.dll) which looks suspicious to me because I have another computer that runs with WIN2K that doesn't have this file in system32. This file also load itself to the system32/dllcache as well.
    I don't know if this is the hijack page loading file. Any people have any ideas? I don't want to delete something important.

    Thanks
     
  4. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Killbox done and every relevant program used (ad-aware, cwshredder, etc). CWS became very very aggressive the last few days, appearing less than 5 minutes after removal. We'll see what happens...



    Logfile of HijackThis v1.97.2
    Scan saved at 6:53:42 PM, on 04/21/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\VirusScan\Avsynmgr.exe
    C:\Program Files\VirusScan\VsStat.exe
    C:\Program Files\VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Temp\Jason's Transfered Stuff\WallMaster\wallmast.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HIJACKTH.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\oceecib.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {935EA03F-3766-4DCA-AD80-58945CDE6D65} - C:\WINNT\system32\oceecib.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: wallmast.exe.lnk = C:\Temp\Jason's Transfered Stuff\WallMaster\wallmast.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://63.251.53.205/SpeedTests/245
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4EBD0320-3FA7-4234-9461-638469C74E25} - http://www.pinksandsmediagroup.com/external/cabs/packages/cab_4.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38039.4529513889
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3EB7CAF-1938-4CC4-B5D5-EE3C3713A359}: NameServer = 130.65.3.1,130.65.25.1
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Sorry I haven't gotten back to you before now Cap, but my son is in the hospital and I haven't had much time to be on lately. I'm checking on some new developments on removing this sucker. I'll post back soon.
     
  6. shadowwar

    shadowwar

    Joined:
    Apr 16, 2004
    Messages:
    11
    can we see another pv log please?

    Also please update your hijackthis. its an old version. also update your cwshredder. latest version is 156.3 i believe.

    when you run shredder close EVERYTHing. the only thing open should be your desktop and shredder. click fix/next and let it do its work.
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I didn't even notice the version of HJT was outdated! :eek:

    Ty shadowwar! (y)
     
  8. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Thanks shadowwar for the heads-up, I've updated every relevant program. flrman1, I hope your son is ok! I don't mind the delayed response, so long as there is one. :)

    Interestingly enough, CWS does not appeared to have returned (knocksonwood) before the latest version of CWShredder removed Searchx. I'm going through the Ad-Aware-Spybot-Hijackthis-CWShredder-PVlog routine, here's hoping I won't have to do this again for a while. :rolleyes:
     
  9. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    Here are the logs:


    HIJACKTHIS LOG:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:01:50 PM, on 04/25/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\VirusScan\Avsynmgr.exe
    C:\Program Files\VirusScan\VsStat.exe
    C:\Program Files\VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Temp\Jason's Transfered Stuff\WallMaster\wallmast.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\WINNT\system32\cmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Profiles\Captain Morgan\Desktop\Movie Transfers\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: wallmast.exe.lnk = C:\Temp\Jason's Transfered Stuff\WallMaster\wallmast.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://63.251.53.205/SpeedTests/245
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4EBD0320-3FA7-4234-9461-638469C74E25} - http://www.pinksandsmediagroup.com/external/cabs/packages/cab_4.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38039.4529513889
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3EB7CAF-1938-4CC4-B5D5-EE3C3713A359}: NameServer = 130.65.3.1,130.65.25.1



    PV LOG:

    Module information for 'Explorer.EXE'
    MODULE BASE SIZE PATH
    Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3700.6690 Windows Explorer
    ntdll.dll 77f80000 503808 C:\WINNT\system32\ntdll.dll 5.00.2195.6685 NT Layer DLL
    ADVAPI32.DLL 7c2d0000 401408 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.6710 Advanced Windows 32 Base API
    KERNEL32.DLL 7c570000 733184 C:\WINNT\system32\KERNEL32.DLL 5.00.2195.6794 Windows NT BASE API Client DLL
    RPCRT4.DLL 77d30000 450560 C:\WINNT\system32\RPCRT4.DLL 5.00.2195.6802 Remote Procedure Call Runtime
    GDI32.DLL 77f40000 233472 C:\WINNT\system32\GDI32.DLL 5.00.2195.6762 GDI Client DLL
    USER32.dll 77e10000 389120 C:\WINNT\system32\USER32.dll 5.00.2195.6799 Windows 2000 USER API Client DLL
    SHLWAPI.DLL 70a70000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft (R) C Runtime Library
    COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
    shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.6717 Shim Engine DLL
    AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.6717 Windows 2000 Shim Accessory DLL
    SHELL32.dll 782f0000 2392064 C:\WINNT\system32\SHELL32.dll 5.00.3700.6705 Windows Shell Common Dll
    OLE32.DLL 77a50000 966656 C:\WINNT\system32\OLE32.DLL 5.00.2195.6810 Microsoft OLE for Windows
    CLBCATQ.DLL 775a0000 548864 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3504.0
    OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522
    SHDOCVW.DLL e30000 1347584 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    browseui.dll 71500000 1036288 C:\WINNT\system32\browseui.dll 6.00.2800.1400 Shell Browser UI Library
    USERENV.DLL 7c0f0000 397312 C:\WINNT\system32\USERENV.DLL 5.00.2195.6794 Userenv
    ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
    ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    NETAPI32.DLL 75170000 323584 C:\WINNT\system32\NETAPI32.DLL 5.00.2195.6601 Net Win32 API DLL
    SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL 5.00.2195.6695 Security Support Provider Interface
    NETRAP.DLL 751c0000 24576 C:\WINNT\system32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL
    SAMLIB.DLL 75150000 61440 C:\WINNT\system32\SAMLIB.DLL 5.00.2195.6666 SAM Library DLL
    WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL 5.00.2195.6601 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
    WLDAP32.DLL 77950000 172032 C:\WINNT\system32\WLDAP32.DLL 5.00.2195.6666 Win32 LDAP API DLL
    DNSAPI.DLL 77980000 147456 C:\WINNT\system32\DNSAPI.DLL 5.00.2195.6680 DNS Client API DLL
    WSOCK32.DLL 75050000 32768 C:\WINNT\system32\WSOCK32.DLL 5.00.2195.6603 Windows Socket 32-Bit DLL
    mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3502.6601 My Documents Folder UI
    MPR.DLL 76620000 69632 C:\WINNT\system32\MPR.DLL 5.00.2195.6611 Multiple Provider Router DLL
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.6601 Microsoft® Lan Manager
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2195.6601 NT LM UI Common Code - GUI Classes
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
    NETSHELL.dll 76f20000 487424 C:\WINNT\system32\NETSHELL.dll 5.00.2195.6604 Network Connections Shell
    webcheck.dll 70340000 266240 C:\WINNT\system32\webcheck.dll 6.00.2800.1106 Web Site Monitor
    stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.6601 Systray shell service object
    BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.6601 Battery Meter Helper DLL
    SETUPAPI.DLL 77880000 581632 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.6622 Windows Setup API
    POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.6601 Power Profile Helper DLL
    WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL
    MSI.DLL 12d0000 2113536 C:\WINNT\system32\MSI.DLL 2.0.2600.1183 Windows Installer
    cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI
    CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent
    wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv 5.00.2195.6673 WDM Audio driver mapper
    msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
    MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
    WININET.dll 63000000 614400 C:\WINNT\system32\WININET.dll 6.00.2800.1400 Internet Extensions for Win32
    CRYPT32.dll 77440000 491520 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6661 Crypto API32
    MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2195.6823 ASN.1 Runtime APIs
    shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
    CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
    dsquery.dll 717f0000 172032 C:\WINNT\system32\dsquery.dll 5.00.2195.6622 Directory Service Find
    comdlg32.dll 76b30000 253952 C:\WINNT\system32\comdlg32.dll 5.00.3700.6693 Common Dialogs DLL
    dsuiext.dll 717c0000 122880 C:\WINNT\system32\dsuiext.dll 5.00.2195.6611 Directory Service Common UI
    NTDSAPI.dll 77bf0000 69632 C:\WINNT\system32\NTDSAPI.dll 5.00.2195.6666 NT5DS
    ACTIVEDS.dll 773b0000 192512 C:\WINNT\system32\ACTIVEDS.dll 5.00.2195.6601 ADs Router Layer DLL
    ADSLDPC.DLL 77380000 143360 C:\WINNT\system32\ADSLDPC.DLL 5.00.2195.6701 ADs LDAP Provider C DLL
    WINSPOOL.DRV 77800000 122880 C:\WINNT\system32\WINSPOOL.DRV 5.00.2195.6659 Windows Spooler Driver
    LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
    dsp_enh.dll 10000000 1953792 C:\Program Files\Winamp\Plugins\dsp_enh.dll 0, 1, 7, 0 dsp PlugIn for Winamp 2.xx
    browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
    urlmon.dll 1a400000 499712 C:\WINNT\system32\urlmon.dll 6.00.2800.1400 OLE32 Extensions for Win32
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL
    WINTRUST.dll 76930000 176128 C:\WINNT\system32\WINTRUST.dll 5.131.2195.6624 Microsoft Trust Verification APIs
    IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll 5.00.2195.6613 Windows NT Image Helper
    rarext.dll 2d00000 167936 C:\Program Files\WinRAR\rarext.dll
    CmdLineExt02.dll 3130000 90112 C:\Temp\CmdLineExt02.dll
    actxprxy.dll 703d0000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2800.1106 ActiveX Interface Marshaling Library
    docprop2.dll 71f00000 315392 C:\WINNT\system32\docprop2.dll 5.00.2178.1 DocProp2
    MSVFW32.DLL 6a8f0000 131072 C:\WINNT\system32\MSVFW32.DLL 5.00.2195.6612 Microsoft Video for Windows DLL
    AVIFIL32.DLL 74870000 90112 C:\WINNT\system32\AVIFIL32.DLL 5.00.2195.6612 Microsoft AVI File support library
    faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Everything looks OK now. You see anything in the Explorer log shadow?
     
  11. Captain Morg

    Captain Morg Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    37
    (Tentatively) Good news, after over 24 hours it appears that sneaky little piece has been outsourced from my computer! If it comes back I will let the mods here know asap.

    Moderators, hopefully you can use pertinent info from this and similar threads to make an about:blank hijack FAQ if desired. :)
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Well that is good news! (y) Let's hope it stays that way. :)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - HIjackThis regarding blank
  1. migolfergirl
    Replies:
    31
    Views:
    2,077
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218970

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice