Jump to content


Photo

Google search results hijacked - no specific redir


  • Please log in to reply
8 replies to this topic

#1 swoodcoc

swoodcoc

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 May 2004 - 11:00 AM

The first page of my Google search results is being hijacked. The results contain some legitimate websites related to the search topic and some that do not. Google's mirror site at www2.google.com works fine.

The first results page from Google has a slightly different URL:
http://www.google.co...oe=UTF-8&q=test

Hitting "Next" takes me to the actual first page of Google results:
http://www.google.co...-8&start=0&sa=N

I cleaned some "Time Sychronization" spyware, along with n-case and a few others with SpyBot, so the massive amounts of Pop-Ups I was getting are not appearing anymore. But even though SpyBot says that everything is clean, I still get this Google re-direction.

Here's the log:

-----------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 10:19:23 AM, on 5/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Quest Software\Stat! 4.1\stat.exe
C:\temp\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epa.gov/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://government.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://government.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [UpdateHRPro] C:\hrpro\hrproupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Shortcut to mapo.bat.lnk = C:\Documents and Settings\swoodcoc\My Documents\mapo.bat
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.ritzpix.c...oad/XUpload.ocx

Edited by swoodcoc, 21 May 2004 - 11:15 AM.


#2 swoodcoc

swoodcoc

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 May 2004 - 01:31 PM

buehler?

#3 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 21 May 2004 - 01:40 PM

Download this zip.

http://tools.zerosrealm.com/pv.zip

unzip it to the desktop.

Be sure to have at least 1 internet explorer open.

Double click on the runme.bat
A dos box will open with a menu it it.

Select option 2 for internet explorer dll's
Notepad will open with a log in it. Please copy and paste the log into this post.



#4 swoodcoc

swoodcoc

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 May 2004 - 02:17 PM

The link to the zip file isn't working for me. Getting Page Not Found error. Also tried right-clicking and "Save Target As..." but that gave me an error also ("The site was not found. Make sure the address was correct and try again.")

#5 swoodcoc

swoodcoc

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 May 2004 - 02:37 PM

OK - Kept trying and eventually got the zip to download. Here are the results of the runme.bat:


Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IEXPLORE.EXE 400000 102400 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer
ntdll.dll 77f50000 684032 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) NT Layer DLL
kernel32.dll 77e60000 942080 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
USER32.dll 77d40000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows XP USER API Client DLL
GDI32.dll 7e090000 266240 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL
ADVAPI32.dll 77dd0000 577536 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Advanced Windows 32 Base API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1254 (xpsp2.030801-1834) Remote Procedure Call Runtime
SHLWAPI.dll 70a70000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Doc Object and Control Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
SHELL32.dll 773d0000 8351744 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
ole32.dll 771b0000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1263 (xpsp2.030819-2129) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft UxTheme Library
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser UI Library
appHelp.dll 75f40000 126976 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 622592 C:\WINDOWS\system32\WININET.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet Extensions for Win32
CRYPT32.dll 762c0000 557056 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1152 (xpsp2.021217-1051) Crypto API32
MSASN1.dll 762a0000 65536 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
SETUPAPI.dll 76670000 946176 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
googletoolbar1.dll 10000000 786432 c:\program files\google\googletoolbar1.dll 2, 0, 111, 0 Google IE Client Toolbar
urlmon.dll 760f0000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32 Extensions for Win32
WSOCK32.dll 71ad0000 32768 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
NETAPI32.dll 71c20000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL
TAPI32.dll 76eb0000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Windows™ Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
USERENV.dll 75a70000 675840 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
AcroIEHelper.dll 1670000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
SDHelper.dll 1740000 765952 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1, 3, 0, 12 Bad download blocker
olepro32.dll 5edd0000 106496 C:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL
SXS.DLL 75e90000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
mlang.dll 74770000 585728 C:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
NWWS2NDS.DLL 66210000 36864 C:\WINDOWS\system32\netware\NWWS2NDS.DLL v4.83 Novell Winsock2 NDS NSP
NETWIN32.DLL 50d50000 282624 C:\WINDOWS\System32\NETWIN32.DLL 5.5.8 NetWare® Net Library
CLNWIN32.DLL 50d00000 86016 C:\WINDOWS\System32\CLNWIN32.DLL 5.5.8 NetWare® Client Library
LOCWIN32.DLL 50df0000 131072 C:\WINDOWS\System32\LOCWIN32.DLL 5.4.20 NetWare® Localization Library
NCPWIN32.dll 50db0000 167936 C:\WINDOWS\System32\NCPWIN32.dll 5.5.8 NetWare® Core Protocol Library
NWWS2SLP.DLL 66220000 49152 C:\WINDOWS\system32\netware\NWWS2SLP.DLL v4.83 Novell Service Location NSP
NWSRVLOC.dll 1c000000 28672 C:\WINDOWS\System32\NWSRVLOC.dll v4.83 Novell Service Location API
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
msi.dll 20d0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
msdhmd.dll 23f0000 237568 C:\WINDOWS\System32\msdhmd.dll 1.0.0.1 TODO: <File description>
mshtml.dll 74810000 2846720 C:\WINDOWS\System32\mshtml.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft ® HTML Viewer
idle.dll 2c30000 28672 C:\Program Files\Yahoo!\Messenger\idle.dll 1, 0, 0, 1 idle
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76390000 114688 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows XP IMM32 API Client DLL
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft ® JScript
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
MSGINA.dll 75970000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Windows NT Logon GINA DLL
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) Common Dialogs DLL
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2800.1106 (xpsp1.020828-1920) Microsoft ® HTML Editing Component
vbscript.dll 73300000 479232 C:\WINDOWS\System32\vbscript.dll 5.6.0.7426 Microsoft ® VBScript
ddrawex.dll 65000000 36864 C:\WINDOWS\System32\ddrawex.dll 5.3.0000000.900 built by: DIRECTX Direct Draw Ex
DDRAW.dll 51000000 315392 C:\WINDOWS\System32\DDRAW.dll 5.3.0000000.900 built by: DIRECTX Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2800.1106 (xpsp1.020828-1920) IE plugin image decoder support DLL
ACTXPRXY.DLL 71d40000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
Flash.ocx 5420000 1732608 C:\WINDOWS\System32\macromed\flash\Flash.ocx 7,0,19,0 Macromedia Flash Player 7.0 r19
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spooler Driver
msratelc.dll 5ff50000 69632 C:\WINDOWS\System32\msratelc.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Ratings and Local User Management DLL
UNIDRVUI.DLL 76840000 208896 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL 5.1.2600.1106 (xpsp1.020828-1920) UniDriver User Interface
UNIDRV.DLL 76880000 262144 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL 5.1.2600.1106 (xpsp1.020828-1920) Unidrv Printer Driver
printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) Print UI DLL
ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
HLINK.DLL 76820000 77824 C:\WINDOWS\System32\HLINK.DLL 5.0.4513 Microsoft Hyperlink Library
MSRATING.DLL 5ff20000 143360 C:\WINDOWS\System32\MSRATING.DLL 6.00.2800.1106 (xpsp1.020828-1920) Internet Ratings and Local User Management DLL
NOVNPNT.DLL 2b80000 565248 C:\WINDOWS\System32\NOVNPNT.DLL v4.83 Novell NetWare Provider
CALWIN32.DLL 50d20000 163840 C:\WINDOWS\System32\CALWIN32.DLL 5.5.8 NetWare® Calls Library
CLXWIN32.DLL 50da0000 45056 C:\WINDOWS\System32\CLXWIN32.DLL 5.5.8 NetWare® Connection Library
MAPBASE.dll 30e0000 229376 C:\WINDOWS\System32\MAPBASE.dll v4.83 Novell NetWare Provider
NWSHLXNT.dll 3120000 196608 C:\WINDOWS\System32\NWSHLXNT.dll
MAPBASER.DLL 6a400000 110592 C:\WINDOWS\System32\NLS\ENGLISH\MAPBASER.DLL v4.83 Novell NetWare Provider
NWSHLXNR.DLL 33a0000 65536 C:\WINDOWS\System32\NLS\ENGLISH\NWSHLXNR.DLL
NOVNPNTR.DLL 33c0000 225280 C:\WINDOWS\System32\NLS\ENGLISH\NOVNPNTR.DLL v4.83 Novell NetWare Provider
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell extensions for sharing
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

#6 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 22 May 2004 - 08:24 AM

Hmm ok lets take care of the search hijacker.

Copy the contents of the quote box to notepad:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC905FF6-B553-496C-9DFA-CFF65ADCD0FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\searchrep.SearchRepPP\CLSID]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\searchrep.SearchRepPP.1\CLSID]

Hit save as
save as filename:
clear.reg
under the filename set to all types.
save it to the desktop.
Close all IE's
double click the clear.reg
when asked to merge say yes.

Then go and delete this file:

C:\WINDOWS\System32\msdhmd.dll
If it wont delete than reboot and delete it.

Edited by shadowwar, 22 May 2004 - 08:24 AM.




#7 swoodcoc

swoodcoc

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 May 2004 - 09:18 AM

Shadowwar, you are the bomb, my friend. Search hijacker eliminated.

Another question: There are several other dll's in my system32 folder with similar names and the exact same Created and Modified dates as that "msdhmd.dll" you asked me to delete. And the date, 5/20/2004 8:12AM, is the same time as a bunch of the other hijacker files that I removed manually and with Spybot. Should I get rid of those files also? Here is the list of the files:

mscjjn.dll
msdaim.dll
msdhmd.dll
msdjgk.dll
msedah.dll
msiaih.dll
msibkd.dll
msjfbl.dll
msjpok.dll
mskhhe.dll
mskpkc.dll
mskplb.dll
msnkmi.dll
cfg.dat <- (contains references to searchrep, sidesearch, and other hijackers)

#8 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 24 May 2004 - 09:55 AM

as long as you are sure go ahead and delete them. if not cut and paste them to a backup folder.



#9 lauralikestoboogie

lauralikestoboogie

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 06 June 2004 - 06:48 AM

To the original poster, did you end up deleting those extra files, and did it have any effect? I followed the instructions here and the hijack seems to be fixed for me now. I have those extra files but the created date is from three years ago; I've never had any problem with them until now. I'm trying to work out whether they're legit files or not.

I also had a dialogue box appearing every minute or so, saying that...

"The application or DLL C:\WINDOWS\System32\msdjgk.dll is not a valid
Windows image. Please check this against your installation diskette."

I followed the instructions here and it stopped. I couldn't find any mention here of the error message I had, so I thought I'd mention it in case anyone else had the same thing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button