1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Read me please...Hijack log

Discussion in 'Virus & Other Malware Removal' started by sambojambo, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sambojambo

    sambojambo Thread Starter

    Joined:
    Nov 14, 2003
    Messages:
    29
    Have run the adaware and spybot and killed whatever they came across but when I return to normal mode there seems to be some new spyware / adware that gets detected. I read one of the other articles ("COOL WEB Keeps coming back" from palmas85) and deleted the same Registery keys etc that I had on my machine but it still comes back. Any help would be mcuh appreciated....


    Logfile of HijackThis v1.97.6
    Scan saved at 11:23:22 a.m., on 19/04/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\CFUSION\bin\cfserver.exe
    C:\CFUSION\bin\cfexec.exe
    C:\CFUSION\bin\CFRDSService.exe
    C:\WINNT\system32\crypserv.exe
    C:\WINNT\System32\svchost.exe
    D:\WSFTP\WS_FTP\ftpsched.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    D:\WSFTP\WS_FTP\ftpqueue.exe
    D:\Winamp 2\Winamp3\winampa.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Security\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Security\Hijack THis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ojnk.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.quikshield.com/security.html
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4CF2B00A-0657-472E-859E-60C88B2BA1B9} - C:\WINNT\system32\ojnk.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\WSFTP\WS_FTP\wsbho2k0.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ftpqueue] D:\WSFTP\WS_FTP\ftpqueue.exe -tray
    O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp 2\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [RegShave] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [FLSYFMSZG] C:\WINNT\FLSYFMSZG.exe
    O4 - HKLM\..\Run: [50426882.exe] C:\WINNT\System32\50426882.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Opps] C:\Documents and Settings\darren\Application Data\swoh.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = D:\FinePX_Home_Camera\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Research (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://127.0.0.1/CFIDE/classes/CFJava.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...ector/swdir.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://10.10.1.249/activex/AxisCamControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7844.7617361111
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/th...ownloadCtrl.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
     
  2. sambojambo

    sambojambo Thread Starter

    Joined:
    Nov 14, 2003
    Messages:
    29
    I have installed spywaregaurd on my machine as I am having the same problem with the about:blank page being made into my homepage and every time I open a window I get pop up messages where the program is trying to replace the changes I made to my IE. I used the hijack log to take off the registry keys that were changing my IE and now its trying to change the settings again. I read the article by HRGuru relating to this problem and downloaded the app that was suggested by flrman1 and now have a log file. I have posted it below and would appreciate any help as to where I go from here and what I need to delete.......
    Cheers


    Module information for 'Explorer.EXE'
    MODULE BASE SIZE PATH
    Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3502.5321 Windows Explorer
    ntdll.dll 77f80000 499712 C:\WINNT\system32\ntdll.dll 5.00.2195.6685 NT Layer DLL
    ADVAPI32.DLL 77db0000 372736 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.5992 Advanced Windows 32 Base API
    KERNEL32.dll 7c570000 733184 C:\WINNT\system32\KERNEL32.dll 5.00.2195.6794 Windows NT BASE API Client DLL
    RPCRT4.dll 77d30000 450560 C:\WINNT\system32\RPCRT4.dll 5.00.2195.6802 Remote Procedure Call Runtime
    GDI32.DLL 77f40000 233472 C:\WINNT\system32\GDI32.DLL 5.00.2195.6762 GDI Client DLL
    USER32.dll 77e10000 389120 C:\WINNT\system32\USER32.dll 5.00.2195.6799 Windows 2000 USER API Client DLL
    SHLWAPI.DLL 70a70000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
    msvcrt.dll 78000000 286720 C:\WINNT\system32\msvcrt.dll 6.10.9359.0 Microsoft (R) C Runtime Library
    COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library
    IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.4314 Windows 2000 IMM32 API Client DLL
    shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.5308 Shim Engine DLL
    AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.5308 Windows 2000 Shim Accessory DLL
    WS2_32.DLL 75030000 77824 C:\WINNT\system32\WS2_32.DLL 5.00.2195.4874 Windows Socket 2.0 32-Bit DLL
    WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT
    OLE32.DLL 77a50000 966656 C:\WINNT\system32\OLE32.DLL 5.00.2195.6810 Microsoft OLE for Windows
    SHELL32.dll 782f0000 2375680 C:\WINNT\system32\SHELL32.dll 5.00.3502.6144 Windows Shell Common Dll
    CLBCATQ.DLL 775a0000 544768 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3497.0
    OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4518
    cscui.dll 77840000 249856 C:\WINNT\system32\cscui.dll 5.00.2195.4104 Client Side Caching UI
    CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.5434 Offline Network Agent
    SHDOCVW.DLL e90000 1347584 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
    browseui.dll 71500000 1036288 C:\WINNT\System32\browseui.dll 6.00.2800.1400 Shell Browser UI Library
    MPR.DLL 76620000 65536 C:\WINNT\system32\MPR.DLL 5.00.2195.3649 Multiple Provider Router DLL
    USERENV.DLL 7c0f0000 397312 C:\WINNT\system32\USERENV.DLL 5.00.2195.6794 Userenv
    URLMON.DLL 1a400000 499712 C:\WINNT\system32\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
    VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2134.1 Version Checking and File Installation Libraries
    LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2134.1 LZ Expand/Compress API DLL
    mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL
    mshtml.dll 63580000 2818048 C:\WINNT\System32\mshtml.dll 6.00.2800.1400 Microsoft (R) HTML Viewer
    WININET.DLL 63000000 614400 C:\WINNT\system32\WININET.DLL 6.00.2800.1400 Internet Extensions for Win32
    CRYPT32.dll 77440000 483328 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6072 Crypto API32
    MSASN1.dll 77430000 65536 C:\WINNT\system32\MSASN1.dll 5.00.2195.6823 ASN.1 Runtime APIs
    RASAPI32.DLL 774e0000 204800 C:\WINNT\system32\RASAPI32.DLL 5.00.2195.5438 Remote Access API
    RASMAN.DLL 774c0000 69632 C:\WINNT\system32\RASMAN.DLL 5.00.2195.5292 Remote Access Connection Manager
    TAPI32.DLL 77530000 139264 C:\WINNT\system32\TAPI32.DLL 5.00.2182.1 Microsoft® Windows(TM) Telephony API Client DLL
    RTUTILS.DLL 77830000 57344 C:\WINNT\system32\RTUTILS.DLL 5.00.2168.1 Routing Utilities
    sensapi.dll 75ab0000 20480 C:\WINNT\system32\sensapi.dll 5.00.2163.1 SENS Connectivity API DLL
    netapi32.dll 75170000 323584 C:\WINNT\system32\netapi32.dll 5.00.2195.5979 Net Win32 API DLL
    Secur32.dll 77be0000 61440 C:\WINNT\system32\Secur32.dll 5.00.2195.4587 Security Support Provider Interface
    NETRAP.dll 751c0000 24576 C:\WINNT\system32\NETRAP.dll 5.00.2134.1 Net Remote Admin Protocol DLL
    SAMLIB.dll 75150000 65536 C:\WINNT\system32\SAMLIB.dll 5.00.2195.4827 SAM Library DLL
    WLDAP32.dll 77950000 163840 C:\WINNT\system32\WLDAP32.dll 5.00.2195.5944 Win32 LDAP API DLL
    DNSAPI.dll 77980000 147456 C:\WINNT\system32\DNSAPI.dll 5.00.2195.6012 DNS Client API DLL
    WSOCK32.dll 75050000 32768 C:\WINNT\system32\WSOCK32.dll 5.00.2195.4874 Windows Socket 32-Bit DLL
    shdoclc.dll 718c0000 540672 C:\WINNT\System32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library
    MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
    ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.5428 Microsoft® Lan Manager
    NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2195.4874 NT LM UI Common Code - GUI Classes
    NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes
    NETSHELL.dll 76f20000 479232 C:\WINNT\system32\NETSHELL.dll 5.00.2195.5431 Network Connections Shell
    MSI.DLL 770f0000 2084864 C:\WINNT\system32\MSI.DLL 2.0.2600.2 Windows Installer
    webcheck.dll 70340000 266240 C:\WINNT\System32\webcheck.dll 6.00.2800.1106 Web Site Monitor
    stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.4455 Systray shell service object
    BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.5305 Battery Meter Helper DLL
    SETUPAPI.DLL 77880000 577536 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.5400 Windows Setup API
    POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.5305 Power Profile Helper DLL
    WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL
    ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing
    ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
    wdmaud.drv 77560000 36864 C:\WINNT\system32\wdmaud.drv 5.00.2195.3649 WDM Audio driver mapper
    msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper
    MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter
    INDICDLL.dll 6e420000 24576 C:\WINNT\system32\INDICDLL.dll 5.00.2920.0000 Keyboard Language Indicator Shell Hook Extension
    CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL
    mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3315.4065 My Documents Folder UI
    browselc.dll 71960000 73728 C:\WINNT\System32\browselc.dll 6.00.2800.1106 Shell Browser UI Library
    olepro32.dll 695e0000 167936 C:\WINNT\system32\olepro32.dll 5.0.4518
    MSVCP60.dll 780c0000 397312 C:\WINNT\system32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
    LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking
    imgutil.dll 70510000 40960 C:\WINNT\system32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL
    CFSHEL~1.DLL 44a0000 188416 C:\WINNT\System32\CFSHEL~1.DLL 4, 5, 1, 0 CfShellFtpRds Module
    CFSSVR~1.DLL 44e0000 434176 C:\WINNT\System32\CFSSVR~1.DLL 4, 5, 1, 0 CFSSvrAdmin Module
    WINSPOOL.DRV 77800000 122880 C:\WINNT\System32\WINSPOOL.DRV 5.00.2195.6032 Windows Spooler Driver
    comdlg32.dll 76b30000 249856 C:\WINNT\system32\comdlg32.dll 5.00.3315.3727 Common Dialogs DLL
    CFFILE~1.DLL 4560000 147456 C:\WINNT\System32\CFFILE~1.DLL 4, 5, 1, 0 FileProxy Module
    MFC42.DLL 6ab10000 991232 C:\WINNT\System32\MFC42.DLL 6.00.8665.0 MFCDLL Shared Library - Retail Version
    USP10.DLL 66650000 344064 C:\WINNT\system32\USP10.DLL 1.0325.2195.4506 Uniscribe Unicode script processor
    thumbvw.dll 66d20000 200704 C:\WINNT\System32\thumbvw.dll 5.00.3315.4264 Thumbnail View Extension
    PRINTUI.DLL 75360000 393216 C:\WINNT\system32\PRINTUI.DLL 5.00.2195.6023 Print UI DLL
    ACTIVEDS.dll 773b0000 188416 C:\WINNT\system32\ACTIVEDS.dll 5.00.2195.5312 ADs Router Layer DLL
    ADSLDPC.DLL 77380000 139264 C:\WINNT\system32\ADSLDPC.DLL 5.00.2195.5781 ADs LDAP Provider C DLL
    mscms.dll 6b770000 77824 C:\WINNT\system32\mscms.dll 5.00.2180.1 Microsoft Color Matching System DLL
    scrauth.dll 9f30000 110592 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll 1, 1, 0, 126 ScriptBlocking Authenticator
    ScrBlock.dll a060000 122880 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll 1, 1, 0, 126 ScriptBlocking
    wintrust.dll 76930000 176128 C:\WINNT\system32\wintrust.dll 5.131.2195.3775 Microsoft Trust Verification APIs
    IMAGEHLP.dll 77920000 143360 C:\WINNT\system32\IMAGEHLP.dll 5.00.2195.5242 Windows NT Image Helper
    rsaenh.dll 7ca00000 143360 C:\WINNT\system32\rsaenh.dll 5.00.2195.3839 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
    cryptnet.dll 75a20000 57344 C:\WINNT\system32\cryptnet.dll 5.131.2195.3992 Crypto Network Related API
    jscript.dll a390000 589824 c:\winnt\system32\jscript.dll 5.6.0.8513 Microsoft (r) JScript
    WZSHLSTB.DLL 16200000 24576 D:\WINZIP8.1\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
    rarext.dll a970000 176128 C:\Program Files\WinRAR\rarext.dll
    NavShExt.dll 10000000 106496 C:\Program Files\Norton AntiVirus\NavShExt.dll 8.07.17 Norton AntiVirusNAVShellExt Module
    RASDLG.dll 75870000 536576 C:\WINNT\system32\RASDLG.dll 5.00.2195.5438 Remote Access Common Dialog API
    MPRAPI.dll 77320000 94208 C:\WINNT\system32\MPRAPI.dll 5.00.2181.1 Windows NT MP Router Administration DLL
    MSONSEXT.DLL 49090000 1396736 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL 11.0.5510.0 Microsoft Web Folders
    pkmws.dll 49970000 86016 C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll 11.0.5510.0 SharePoint Portal Server Windows API Stub Library
    hlink.dll 76b70000 81920 C:\WINNT\system32\hlink.dll 5.0.4513 Microsoft Hyperlink Library
    pkmres.dll 496d0000 671744 C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmres.dll 10.145.3722.0 Microsoft SharePoint Portal Server
    oledb32.dll 1f9c0000 483328 C:\Program Files\Common Files\System\Ole DB\oledb32.dll 2.53.6200.0 Microsoft Data Access - OLE DB Core Services
    MSDART32.DLL 6b740000 24576 C:\WINNT\system32\MSDART32.DLL 2.53.6200.0 Microsoft Data Access - OLE DB Runtime Routines
    OLEDB32R.DLL 1fa50000 65536 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL 2.53.6200.0 Microsoft Data Access - OLE DB Core Services Resources
    nsextint.dll 492e0000 49152 C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\nsextint.dll 11.0.5510.0 SharePoint Portal Server
    actxprxy.dll 703d0000 110592 C:\WINNT\System32\actxprxy.dll 6.00.2800.1106 ActiveX Interface Marshaling Library
    docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2
    MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2134.1 Microsoft Video for Windows DLL
    AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2134.1 Microsoft AVI File support library
    faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider
    MPRUI.DLL 75080000 65536 C:\WINNT\system32\MPRUI.DLL 5.00.2195.4874 Multiple Provider
    NETUI2.dll 75100000 299008 C:\WINNT\system32\NETUI2.dll 5.00.2134.1 NT LM UI Common Code - GUI Classes
    netmsg.dll 750a0000 163840 C:\WINNT\system32\netmsg.dll 5.00.2137.1 Net Messages DLL
    diskcopy.dll 72210000 28672 C:\WINNT\system32\diskcopy.dll 5.00.2195.5080 Windows DiskCopy
    spywareguard.dll 22200000 126976 C:\Security\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
    MSVBVM60.DLL 73420000 1388544 C:\WINNT\system32\MSVBVM60.DLL 6.00.9237 Visual Basic Virtual Machine
    wsbho2k0.dll 2aa0000 163840 D:\WSFTP\WS_FTP\wsbho2k0.dll 1, 0, 0, 1 wsbho2k0 Module
    powercfg.cpl 65050000 110592 C:\WINNT\system32\powercfg.cpl 5.00.3502.5305 Power Management Configuration Control Panel Applet
    AcroIEHelper.ocx 21c0000 32768 C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
    dlprotect.dll 11000000 192512 C:\Security\SpywareGuard\dlprotect.dll 2.02 SpywareGuard Download Protection
    ojnk.dll 380000 53248 C:\WINNT\system32\ojnk.dll
    SDHelper.dll 1df0000 733184 C:\Security\SPYBOT~1\SDHelper.dll
    msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
    webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Plea stick to one thread for this problem.

    I have merged your two threads.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    If you do not already have it Click here to download CWShredder. UnZip the file, but do not run it yet.

    Now download TheKillbox from here:

    http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip the files to the folder of your choice.

    Now go offline and Do Not go back online until these procedures are completed.

    Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINNT\system32\ojnk.dll

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The C:\WINNT\system32\ojnk.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to restart, go ahead and restart.


    Finally run CWShredder. Just click on the cwshredder.exe and then click "Fix" (Not "Scan only") and let it do it's thing.

    When it is finished restart your computer.


    When you're back in windows, check to see if there's any change in the search problem and report back. Please also post a new Hijack This log. along with a new explorer.bat log.



    IMPORTANT!: To help prevent this from happening again, I strongly recommend you install the patches for the vulnerabilities that this hijacker exploits.

    The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates and Service Packs"
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222083

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice