Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Please help this poor soul!!!!!! HijackThis log for about:blank problem Please help this poor soul!!!!!! HijackThis log for about:blank problem
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 06-30-2004, 03:50 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2004
Posts: 28
OS: XP


Confused Please help this poor soul!!!!!! HijackThis log for about:blank problem
Logfile of HijackThis v1.97.7
Scan saved at 5:47:12 PM, on 6/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MONSTER SOUND II\FREECTRL.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {1E744131-FC8E-4C66-ABC4-D90BBB55C378} - C:\WINDOWS\M.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [MonsterSoundTray] C:\Program Files\Monster Sound II\FreeCtrl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/250d35fd1e5ed2f...p/RdxIE601.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...938.7708796296
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gcyrrufc.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
steepler is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-30-2004, 10:46 PM   #2 (permalink)
Troubled
 
Lobos's Avatar
 
Join Date: Apr 2004
Location: California
Posts: 943
OS: Windows XP


Hi steepler



Download this zip.

http://tools.zerosrealm.com/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

Notepad will open with a log in it. Please copy and paste the log into this post.


Lobos
Lobos is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-01-2004, 05:43 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2004
Posts: 28
OS: XP


Thanks so much for your help!!!


Module information for 'EXPLORER.EXE'
MODULE BASE SIZE PATH
WSHEXT.DLL 1890000 65536 C:\WINDOWS\SYSTEM\WSHEXT.DLL 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
MSISIP.DLL 1880000 53248 C:\WINDOWS\SYSTEM\MSISIP.DLL 2.0.2600.2 MSI Signature SIP Provider
ASFSIPC.DLL 41f00000 28672 C:\WINDOWS\SYSTEM\ASFSIPC.DLL 1.1.00.3917 ASFSipc Object
MSONSEXT.DLL 78990000 573440 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
WEBVW.DLL 7f1b0000 2138112 C:\WINDOWS\SYSTEM\WEBVW.DLL 5.50.4134.100 Shell WebView Content & Control Library
WZSHLSTB.DLL 16200000 24576 C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
SWSUPPORT.DLL 69000000 57344 C:\WINDOWS\SYSTEM\MACROMED\COMMON\SWSUPPORT.DLL 8.5.1r102 Shockwave Remote Support
MSRATING.DLL 70400000 143360 C:\WINDOWS\SYSTEM\MSRATING.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
MSRATELC.DLL 30000000 69632 C:\WINDOWS\SYSTEM\MSRATELC.DLL 6.00.2800.1106 Internet Ratings and Local User Management DLL
IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects
SDHELPER.DLL 2ec0000 765952 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
OLEPRO32.DLL 77300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4515
M.DLL 1830000 53248 C:\WINDOWS\M.DLL
ACROIEHELPER.DLL 1820000 45056 C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL 6.0.0.2003051500 Adobe Acrobat IE Helper Version 6.0 for ActivieX
JAVACYPT.DLL 7c480000 192512 C:\WINDOWS\SYSTEM\JAVACYPT.DLL 5.00.3810 MS Crypt Dll for Java
MSAWT.DLL 1db0000 167936 C:\WINDOWS\SYSTEM\MSAWT.DLL 5.00.3810 Microsoft AWT Library for Java
JAVART.DLL ad10000 417792 C:\WINDOWS\SYSTEM\JAVART.DLL 5.00.3810 Microsoft® Runtime Library for Java
JIT.DLL 7c400000 180224 C:\WINDOWS\SYSTEM\JIT.DLL 5.00.3810 Microsoft® Just-in-Time Compiler for Java
MSJAVA.DLL 7c000000 958464 C:\WINDOWS\SYSTEM\MSJAVA.DLL 5.00.3810 Microsoft® VM
VMHELPER.DLL 7c520000 294912 C:\WINDOWS\SYSTEM\VMHELPER.DLL 5.00.3810 Microsoft® VM Helper Library
DXTMSFT.DLL 35cb0000 364544 C:\WINDOWS\SYSTEM\DXTMSFT.DLL 6.00.2800.1106 DirectX Media -- Image DirectX Transforms
DXTRANS.DLL 35c50000 208896 C:\WINDOWS\SYSTEM\DXTRANS.DLL 6.00.2800.1106 DirectX Media -- DirectX Transform Core
ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)
AVSHLEXT.DLL 18d0000 49152 C:\WINDOWS\AVSHLEXT.DLL
PLUGIN.OCX 18b0000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX
DOCPROP2.DLL 7cb70000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
AVIFIL32.DLL 7e460000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI File support library
MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
CRTDLL.DLL 7fb20000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft (R) HTML Editing Component
MSCORLD.DLL 79480000 98304 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL 1.1.4322.573 Microsoft Remote object loader
MSCORIE.DLL 79410000 86016 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL 1.1.4322.573 Microsoft .NET IE MIME Filter
MSVCR71.DLL 7c340000 352256 C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL 7.10.3052.4 Microsoft® C Runtime Library
MSCOREE.DLL 79170000 155648 C:\WINDOWS\SYSTEM\MSCOREE.DLL 1.1.4322.573 Microsoft .NET Runtime Execution Engine
FLASH.OCX 3920000 1732608 C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX 7,0,19,0 Macromedia Flash Player 7.0 r19
WIASHEXT.DLL 742f0000 454656 C:\WINDOWS\SYSTEM\WIASHEXT.DLL 4.90.3000.1 Imaging Devices Shell Folder UI
STI.DLL 75910000 114688 C:\WINDOWS\SYSTEM\STI.DLL 4.90.3000.1 Still Image Devices client DLL
IPROP.DLL 7b5f0000 114688 C:\WINDOWS\SYSTEM\IPROP.DLL 4.00 OLE PropertySet Implementation
WIASTATD.DLL 742e0000 24576 C:\WINDOWS\SYSTEM\WIASTATD.DLL 4.90.3000.1 WIA Status Dialog
INETCPLC.DLL 71950000 118784 C:\WINDOWS\SYSTEM\INETCPLC.DLL 6.00.2800.1106 Internet Control Panel
INETCPL.CPL 4970000 319488 C:\WINDOWS\SYSTEM\INETCPL.CPL 6.00.2800.1106 Internet Control Panel
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 389120 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0900 Microsoft DirectDraw
VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft (r) VBScript
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL
KEYLIMIT.DLL 8000000 20480 C:\WINDOWS\SYSTEM\KEYLIMIT.DLL 5.00.2133.2 International Cryptographic Key Size Limits
SCHANNEL.DLL 77400000 131072 C:\WINDOWS\SYSTEM\SCHANNEL.DLL 5.00.2133.2 TLS / SSL Security Provider
RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
MSADP32.ACM 73330000 32768 C:\WINDOWS\SYSTEM\MSADP32.ACM 4.90.3000 Microsoft ADPCM CODEC for MSACM
MSACM32.DLL 7a1e0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audio Compression Manager
JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.8513 Microsoft (r) JScript
RSAENH.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.2133.2 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
GOOGLETOOLBAR2.DLL 2bf0000 753664 C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL 2, 0, 111, 0 Google IE Client Toolbar
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library
LINKINFO.DLL 7faa0000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.90.3000 Windows Volume Tracking
MSI.DLL 27f0000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
MYDOCS.DLL 77b80000 81920 C:\WINDOWS\SYSTEM\MYDOCS.DLL 5.50.4134.100 My Documents Folder UI
SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
AUHOOK.DLL 1e00000 53248 C:\WINDOWS\SYSTEM\AUHOOK.DLL 5.4.5681.0 Microsoft AutoUpdate
WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor
ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
SHDOCLC.DLL 23a0000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library
IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows(TM) Telephony API Client DLL
NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
WININET.DLL 63000000 614400 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1405 Internet Extensions for Win32
CRYPT32.DLL 5cf00000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.6 Crypto API32
MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
MSHTML.DLL 63580000 2818048 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1400 Microsoft (R) HTML Viewer
MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL
URLMON.DLL 1a400000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1400 OLE32 Extensions for Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
BROWSEUI.DLL 71500000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
SHDOCVW.DLL 71700000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library
TEMPIADHIDE3.DLL 10000000 24576 C:\WINDOWS\TEMPIADHIDE3.DLL Version 6.1.4 (Build 37R) IAdHide
SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
EXPLORER.EXE 400000 225280 C:\WINDOWS\EXPLORER.EXE 5.50.4134.100 Windows Explorer
COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 70a70000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft (R) C Runtime Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
steepler is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-01-2004, 03:02 PM   #4 (permalink)
Troubled
 
Lobos's Avatar
 
Join Date: Apr 2004
Location: California
Posts: 943
OS: Windows XP


I dont see what im looking for so do this and see if this works

Click here to down load CWShredder by Merijn Bellekom, the creator of Hijack This
If you have it already then make sure it is v1.59.1

Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")


--------------------------------------------------------------------------

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\M.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

O2 - BHO: (no name) - {1E744131-FC8E-4C66-ABC4-D90BBB55C378} - C:\WINDOWS\M.DLL

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/250d35fd1e5ed2...ip/RdxIE601.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gcyrrufc.exe


-----------------------------------------------------------------------------------------------------------------------------------
To enable the viewing of Hidden files follow these steps:

How to see Hidden files and Folders

reboot into safe mode

How to boot into safe mode

delete

this file

C:\WINDOWS\M.DLL
---------------------------------------------------------------------------
Cwshredder
Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")

empty your recyle bin
reboot to normal

----------------------------------------------------------------
Set your homepage the way you want it

Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R325 27.06.2004
 by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files

Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.

and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them

Restart your computer

come back and post a fresh log and tell me how you computers running


Lobos
Lobos is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-01-2004, 09:17 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2004
Posts: 28
OS: XP


So far it seems to be working alright. My homepage hasn't changed to about:blank yet. In my previous attempts it usually changed back after a little bit.

Logfile of HijackThis v1.97.7
Scan saved at 11:13:22 PM, on 7/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MONSTER SOUND II\FREECTRL.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.antsmarching.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [MonsterSoundTray] C:\Program Files\Monster Sound II\FreeCtrl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...938.7708796296
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
steepler is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-02-2004, 08:24 AM   #6 (permalink)
Old Timer
 
jgvernonco's Avatar
 
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,957
OS: Vista Home Premium, SP 27


The beast is history...

Good work!
jgvernonco is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-02-2004, 11:10 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2004
Posts: 28
OS: XP


Thanks for all your help, everything is working fine!

:D
steepler is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-02-2004, 11:43 AM   #8 (permalink)
Troubled
 
Lobos's Avatar
 
Join Date: Apr 2004
Location: California
Posts: 943
OS: Windows XP


you are welcome

good job

Also try spyware guard and spyware blaster
spyware blaster will block spyware from comming in when you surf the net(compatible with IE, mozilla and firefox) and spyware guard is a resident scanner.


Lobos
Lobos is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:50 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81