Read me please...Hijack log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sambojambo

Thread Starter
Joined
Nov 14, 2003
Messages
29
Have run the adaware and spybot and killed whatever they came across but when I return to normal mode there seems to be some new spyware / adware that gets detected. I read one of the other articles ("COOL WEB Keeps coming back" from palmas85) and deleted the same Registery keys etc that I had on my machine but it still comes back. Any help would be mcuh appreciated....


Logfile of HijackThis v1.97.6
Scan saved at 11:23:22 a.m., on 19/04/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\CFUSION\bin\cfserver.exe
C:\CFUSION\bin\cfexec.exe
C:\CFUSION\bin\CFRDSService.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
D:\WSFTP\WS_FTP\ftpsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
D:\WSFTP\WS_FTP\ftpqueue.exe
D:\Winamp 2\Winamp3\winampa.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\wuauclt.exe
C:\Security\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Security\Hijack THis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.quikshield.com/security.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4CF2B00A-0657-472E-859E-60C88B2BA1B9} - C:\WINNT\system32\ojnk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\WSFTP\WS_FTP\wsbho2k0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ftpqueue] D:\WSFTP\WS_FTP\ftpqueue.exe -tray
O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp 2\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RegShave] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLSYFMSZG] C:\WINNT\FLSYFMSZG.exe
O4 - HKLM\..\Run: [50426882.exe] C:\WINNT\System32\50426882.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Opps] C:\Documents and Settings\darren\Application Data\swoh.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = D:\FinePX_Home_Camera\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Research (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://127.0.0.1/CFIDE/classes/CFJava.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...ector/swdir.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://10.10.1.249/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7844.7617361111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/th...ownloadCtrl.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
 

sambojambo

Thread Starter
Joined
Nov 14, 2003
Messages
29
I have installed spywaregaurd on my machine as I am having the same problem with the about:blank page being made into my homepage and every time I open a window I get pop up messages where the program is trying to replace the changes I made to my IE. I used the hijack log to take off the registry keys that were changing my IE and now its trying to change the settings again. I read the article by HRGuru relating to this problem and downloaded the app that was suggested by flrman1 and now have a log file. I have posted it below and would appreciate any help as to where I go from here and what I need to delete.......
Cheers


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3502.5321 Windows Explorer
ntdll.dll 77f80000 499712 C:\WINNT\system32\ntdll.dll 5.00.2195.6685 NT Layer DLL
ADVAPI32.DLL 77db0000 372736 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.5992 Advanced Windows 32 Base API
KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll 5.00.2195.6794 Windows NT BASE API Client DLL
RPCRT4.dll 77d30000 450560 C:\WINNT\system32\RPCRT4.dll 5.00.2195.6802 Remote Procedure Call Runtime
GDI32.DLL 77f40000 233472 C:\WINNT\system32\GDI32.DLL 5.00.2195.6762 GDI Client DLL
USER32.dll 77e10000 389120 C:\WINNT\system32\USER32.dll 5.00.2195.6799 Windows 2000 USER API Client DLL
SHLWAPI.DLL 70a70000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
msvcrt.dll 78000000 286720 C:\WINNT\system32\msvcrt.dll 6.10.9359.0 Microsoft (R) C Runtime Library
COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.4314 Windows 2000 IMM32 API Client DLL
shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.5308 Shim Engine DLL
AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.5308 Windows 2000 Shim Accessory DLL
WS2_32.DLL 75030000 77824 C:\WINNT\system32\WS2_32.DLL 5.00.2195.4874 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
OLE32.DLL 77a50000 966656 C:\WINNT\system32\OLE32.DLL 5.00.2195.6810 Microsoft OLE for Windows
SHELL32.dll 782f0000 2375680 C:\WINNT\system32\SHELL32.dll 5.00.3502.6144 Windows Shell Common Dll
CLBCATQ.DLL 775a0000 544768 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3497.0
OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4518
cscui.dll 77840000 249856 C:\WINNT\system32\cscui.dll 5.00.2195.4104 Client Side Caching UI
CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.5434 Offline Network Agent
SHDOCVW.DLL e90000 1347584 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
browseui.dll 71500000 1036288 C:\WINNT\System32\browseui.dll 6.00.2800.1400 Shell Browser UI Library
MPR.DLL 76620000 65536 C:\WINNT\system32\MPR.DLL 5.00.2195.3649 Multiple Provider Router DLL
USERENV.DLL 7c0f0000 397312 C:\WINNT\system32\USERENV.DLL 5.00.2195.6794 Userenv
URLMON.DLL 1a400000 499712 C:\WINNT\system32\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2134.1 Version Checking and File Installation Libraries
LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2134.1 LZ Expand/Compress API DLL
mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
mshtml.dll 63580000 2818048 C:\WINNT\System32\mshtml.dll 6.00.2800.1400 Microsoft (R) HTML Viewer
WININET.DLL 63000000 614400 C:\WINNT\system32\WININET.DLL 6.00.2800.1400 Internet Extensions for Win32
CRYPT32.dll 77440000 483328 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6072 Crypto API32
MSASN1.dll 77430000 65536 C:\WINNT\system32\MSASN1.dll 5.00.2195.6823 ASN.1 Runtime APIs
RASAPI32.DLL 774e0000 204800 C:\WINNT\system32\RASAPI32.DLL 5.00.2195.5438 Remote Access API
RASMAN.DLL 774c0000 69632 C:\WINNT\system32\RASMAN.DLL 5.00.2195.5292 Remote Access Connection Manager
TAPI32.DLL 77530000 139264 C:\WINNT\system32\TAPI32.DLL 5.00.2182.1 Microsoft® Windows(TM) Telephony API Client DLL
RTUTILS.DLL 77830000 57344 C:\WINNT\system32\RTUTILS.DLL 5.00.2168.1 Routing Utilities
sensapi.dll 75ab0000 20480 C:\WINNT\system32\sensapi.dll 5.00.2163.1 SENS Connectivity API DLL
netapi32.dll 75170000 323584 C:\WINNT\system32\netapi32.dll 5.00.2195.5979 Net Win32 API DLL
Secur32.dll 77be0000 61440 C:\WINNT\system32\Secur32.dll 5.00.2195.4587 Security Support Provider Interface
NETRAP.dll 751c0000 24576 C:\WINNT\system32\NETRAP.dll 5.00.2134.1 Net Remote Admin Protocol DLL
SAMLIB.dll 75150000 65536 C:\WINNT\system32\SAMLIB.dll 5.00.2195.4827 SAM Library DLL
WLDAP32.dll 77950000 163840 C:\WINNT\system32\WLDAP32.dll 5.00.2195.5944 Win32 LDAP API DLL
DNSAPI.dll 77980000 147456 C:\WINNT\system32\DNSAPI.dll 5.00.2195.6012 DNS Client API DLL
WSOCK32.dll 75050000 32768 C:\WINNT\system32\WSOCK32.dll 5.00.2195.4874 Windows Socket 32-Bit DLL
shdoclc.dll 718c0000 540672 C:\WINNT\System32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.5428 Microsoft® Lan Manager
NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2195.4874 NT LM UI Common Code - GUI Classes
NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
NETSHELL.dll 76f20000 479232 C:\WINNT\system32\NETSHELL.dll 5.00.2195.5431 Network Connections Shell
MSI.DLL 770f0000 2084864 C:\WINNT\system32\MSI.DLL 2.0.2600.2 Windows Installer
webcheck.dll 70340000 266240 C:\WINNT\System32\webcheck.dll 6.00.2800.1106 Web Site Monitor
stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.4455 Systray shell service object
BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.5305 Battery Meter Helper DLL
SETUPAPI.DLL 77880000 577536 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.5400 Windows Setup API
POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.5305 Power Profile Helper DLL
WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL
ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
wdmaud.drv 77560000 36864 C:\WINNT\system32\wdmaud.drv 5.00.2195.3649 WDM Audio driver mapper
msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
INDICDLL.dll 6e420000 24576 C:\WINNT\system32\INDICDLL.dll 5.00.2920.0000 Keyboard Language Indicator Shell Hook Extension
CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3315.4065 My Documents Folder UI
browselc.dll 71960000 73728 C:\WINNT\System32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
olepro32.dll 695e0000 167936 C:\WINNT\system32\olepro32.dll 5.0.4518
MSVCP60.dll 780c0000 397312 C:\WINNT\system32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
imgutil.dll 70510000 40960 C:\WINNT\system32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL
CFSHEL~1.DLL 44a0000 188416 C:\WINNT\System32\CFSHEL~1.DLL 4, 5, 1, 0 CfShellFtpRds Module
CFSSVR~1.DLL 44e0000 434176 C:\WINNT\System32\CFSSVR~1.DLL 4, 5, 1, 0 CFSSvrAdmin Module
WINSPOOL.DRV 77800000 122880 C:\WINNT\System32\WINSPOOL.DRV 5.00.2195.6032 Windows Spooler Driver
comdlg32.dll 76b30000 249856 C:\WINNT\system32\comdlg32.dll 5.00.3315.3727 Common Dialogs DLL
CFFILE~1.DLL 4560000 147456 C:\WINNT\System32\CFFILE~1.DLL 4, 5, 1, 0 FileProxy Module
MFC42.DLL 6ab10000 991232 C:\WINNT\System32\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version
USP10.DLL 66650000 344064 C:\WINNT\system32\USP10.DLL 1.0325.2195.4506 Uniscribe Unicode script processor
thumbvw.dll 66d20000 200704 C:\WINNT\System32\thumbvw.dll 5.00.3315.4264 Thumbnail View Extension
PRINTUI.DLL 75360000 393216 C:\WINNT\system32\PRINTUI.DLL 5.00.2195.6023 Print UI DLL
ACTIVEDS.dll 773b0000 188416 C:\WINNT\system32\ACTIVEDS.dll 5.00.2195.5312 ADs Router Layer DLL
ADSLDPC.DLL 77380000 139264 C:\WINNT\system32\ADSLDPC.DLL 5.00.2195.5781 ADs LDAP Provider C DLL
mscms.dll 6b770000 77824 C:\WINNT\system32\mscms.dll 5.00.2180.1 Microsoft Color Matching System DLL
scrauth.dll 9f30000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 0, 126 ScriptBlocking Authenticator
ScrBlock.dll a060000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 0, 126 ScriptBlocking
wintrust.dll 76930000 176128 C:\WINNT\system32\wintrust.dll 5.131.2195.3775 Microsoft Trust Verification APIs
IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll 5.00.2195.5242 Windows NT Image Helper
rsaenh.dll 7ca00000 143360 C:\WINNT\system32\rsaenh.dll 5.00.2195.3839 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
cryptnet.dll 75a20000 57344 C:\WINNT\system32\cryptnet.dll 5.131.2195.3992 Crypto Network Related API
jscript.dll a390000 589824 c:\winnt\system32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
WZSHLSTB.DLL 16200000 24576 D:\WINZIP8.1\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
rarext.dll a970000 176128 C:\Program Files\WinRAR\rarext.dll
NavShExt.dll 10000000 106496 C:\Program Files\Norton AntiVirus\NavShExt.dll 8.07.17 Norton AntiVirusNAVShellExt Module
RASDLG.dll 75870000 536576 C:\WINNT\system32\RASDLG.dll 5.00.2195.5438 Remote Access Common Dialog API
MPRAPI.dll 77320000 94208 C:\WINNT\system32\MPRAPI.dll 5.00.2181.1 Windows NT MP Router Administration DLL
MSONSEXT.DLL 49090000 1396736 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL 11.0.5510.0 Microsoft Web Folders
pkmws.dll 49970000 86016 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll 11.0.5510.0 SharePoint Portal Server Windows API Stub Library
hlink.dll 76b70000 81920 C:\WINNT\system32\hlink.dll 5.0.4513 Microsoft Hyperlink Library
pkmres.dll 496d0000 671744 C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll 10.145.3722.0 Microsoft SharePoint Portal Server
oledb32.dll 1f9c0000 483328 C:\Program Files\Common Files\System\Ole DB\oledb32.dll 2.53.6200.0 Microsoft Data Access - OLE DB Core Services
MSDART32.DLL 6b740000 24576 C:\WINNT\system32\MSDART32.DLL 2.53.6200.0 Microsoft Data Access - OLE DB Runtime Routines
OLEDB32R.DLL 1fa50000 65536 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL 2.53.6200.0 Microsoft Data Access - OLE DB Core Services Resources
nsextint.dll 492e0000 49152 C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\nsextint.dll 11.0.5510.0 SharePoint Portal Server
actxprxy.dll 703d0000 110592 C:\WINNT\System32\actxprxy.dll 6.00.2800.1106 ActiveX Interface Marshaling Library
docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2134.1 Microsoft Video for Windows DLL
AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2134.1 Microsoft AVI File support library
faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
MPRUI.DLL 75080000 65536 C:\WINNT\system32\MPRUI.DLL 5.00.2195.4874 Multiple Provider
NETUI2.dll 75100000 299008 C:\WINNT\system32\NETUI2.dll 5.00.2134.1 NT LM UI Common Code - GUI Classes
netmsg.dll 750a0000 163840 C:\WINNT\system32\netmsg.dll 5.00.2137.1 Net Messages DLL
diskcopy.dll 72210000 28672 C:\WINNT\system32\diskcopy.dll 5.00.2195.5080 Windows DiskCopy
spywareguard.dll 22200000 126976 C:\Security\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73420000 1388544 C:\WINNT\system32\MSVBVM60.DLL 6.00.9237 Visual Basic Virtual Machine
wsbho2k0.dll 2aa0000 163840 D:\WSFTP\WS_FTP\wsbho2k0.dll 1, 0, 0, 1 wsbho2k0 Module
powercfg.cpl 65050000 110592 C:\WINNT\system32\powercfg.cpl 5.00.3502.5305 Power Management Configuration Control Panel Applet
AcroIEHelper.ocx 21c0000 32768 C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
dlprotect.dll 11000000 192512 C:\Security\SpywareGuard\dlprotect.dll 2.02 SpywareGuard Download Protection
ojnk.dll 380000 53248 C:\WINNT\system32\ojnk.dll
SDHelper.dll 1df0000 733184 C:\Security\SPYBOT~1\SDHelper.dll
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library
 
Joined
Jul 26, 2002
Messages
46,349
Plea stick to one thread for this problem.

I have merged your two threads.
 
Joined
Jul 26, 2002
Messages
46,349
If you do not already have it Click here to download CWShredder. UnZip the file, but do not run it yet.

Now download TheKillbox from here:

http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip the files to the folder of your choice.

Now go offline and Do Not go back online until these procedures are completed.

Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINNT\system32\ojnk.dll

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The C:\WINNT\system32\ojnk.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to restart, go ahead and restart.


Finally run CWShredder. Just click on the cwshredder.exe and then click "Fix" (Not "Scan only") and let it do it's thing.

When it is finished restart your computer.


When you're back in windows, check to see if there's any change in the search problem and report back. Please also post a new Hijack This log. along with a new explorer.bat log.



IMPORTANT!: To help prevent this from happening again, I strongly recommend you install the patches for the vulnerabilities that this hijacker exploits.

The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates and Service Packs"
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top