Jump to content

curlyhoward

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by curlyhoward

    About Blank problem HJT Log

    in Resolved Malware Removal Logs

    Posted

    jwbirdsong -

    Thanks again for all the info. I ran Killbox as requested. Here's my post-Killbox HijackThis log:

    Logfile of HijackThis v1.99.1

    Scan saved at 10:33:55 PM, on 1/28/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\windows\system\hpsysdrv.exe

    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\WINDOWS\System32\hphmon05.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    C:\WINDOWS\LTMSG.exe

    C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Steve\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

    O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    My computer is running just fine - thanks to YOU!!!!!!!

    Assuming the above HijackThis log looks O.K., it appears that the problem is solved. Thank you so much for your time!

    About Blank problem HJT Log

    in Resolved Malware Removal Logs

    Posted

    jwbirdsong -

    Here's my ewido, panda, and hijackthis reports. Looks like there might still be some bad stuff in there, but here's the good news - I tried opening Explorer several times and each time my home page stayed on track on Google!!!!!!!!!!!!!!!!!! Thank you, thank you, thank you. Am I out of the woods? Do I need to get rid of anything else? One last question, how the heck did you figure out how to do all this?

    ---------------------------------------------------------

    ewido anti-malware - Scan report

    ---------------------------------------------------------

    + Created on: 9:52:26 PM, 1/25/2006

    + Report-Checksum: D813ACE0

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup

    :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

    :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

    :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

    :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

    :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

    :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

    :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup

    :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

    :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

    :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

    :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gkota2n8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

    ::Report End

    Incident Status Location

    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-18277250-1924dfda.zip[Dummy.class]

    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Default User\Cookies\owner@dist.belnk[2].txt

    Virus:Trj/Zerolin.D Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\I3FV8CQB\main[1].chm[main.htm]

    Spyware:Spyware/Petro-Line Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab

    Spyware:Spyware/Petro-Line Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab[inst2.dll]

    Spyware:Spyware/Petro-Line Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab[inst2.inf]

    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-18277250-1924dfda.zip[Dummy.class]

    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt

    Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe

    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\csrss.dll

    Possible Virus. Not disinfected C:\WINDOWS\iau.exe

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\lssas.exe

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\mservice.exe

    Possible Virus. Not disinfected C:\WINDOWS\msiau.dll

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\msqdevl.exe

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\smssa.dll

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\stisvsq.exe

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\svshost.exe

    Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-18277250-1924dfda.zip[Dummy.class]

    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@dist.belnk[2].txt

    Virus:Trj/Zerolin.D Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I3FV8CQB\main[1].chm[main.htm]

    Spyware:Spyware/Petro-Line Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab

    Spyware:Spyware/Petro-Line Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab[inst2.dll]

    Spyware:Spyware/Petro-Line Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IIF13938\enter[1].cab[inst2.inf]

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\taskmgr.dll

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\uvchost.dll

    Adware:Adware/EasySearch Not disinfected C:\WINDOWS\winlogon.dll

    Logfile of HijackThis v1.99.1

    Scan saved at 10:27:59 PM, on 1/25/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\windows\system\hpsysdrv.exe

    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    C:\WINDOWS\System32\hphmon05.exe

    C:\HP\KBD\KBD.EXE

    C:\WINDOWS\LTMSG.exe

    C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Steve\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

    O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Thank you again for your expertise and time!

    About Blank problem HJT Log

    in Resolved Malware Removal Logs

    Posted

    First of all, you will need to print out this post and/or save a copy as a text file in Notepad; that way you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.

      Under Main choose: Select All

      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    You will need to update ewido to the latest definition files:

    • On the left hand side of the main screen click update.

    • Then click on Start Update.

    • The update will start and a progress bar will show the updates being installed.

      (the status bar at the bottom will display "Update successful")

    • Close Ewido

    If you are having problems with the updater, you can use this link to manually update ewido.

    Ewido manual updates

    Please run HijackThis and click "Scan." Place checks next to the following entries:

    • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

    • O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    • O4 - HKLM\..\Run: [internet Connection Wizard] stisvsq.exe

    • O4 - HKLM\..\Run: [Games Acceleration] svshost.exe

    • O4 - HKLM\..\Run: [internet Mail and News] msqdevl.exe

    • O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe

    • O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe

    • O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    • O4 - HKCU\..\Run: [internet Connection Wizard] stisvsq.exe

    • O4 - HKCU\..\Run: [Games Acceleration] svshost.exe

    • O4 - HKCU\..\Run: [internet Mail and News] msqdevl.exe

    • O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe

    • O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe

    Close all browser and other windows except for HijackThis, and click "Fix Checked".

    Next, please reboot your computer in Safe Mode by doing the following:

    • Restart your computer

    • After hearing your computer beep once during startup, but before the Windows icon appears, tap F8.

    • Instead of Windows loading as normal, a menu should appear

    • Select the first option, to run Windows in Safe Mode.

    For additional help in booting into Safe Mode, see the following site:

    http://www.pchell.com/support/safemode.shtml

    Start Ewido Anti-Malware

    • Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)

    • Click on Complete System Scan, the scan will now begin.

    • While the scan is in progress you will be prompted to clean files, click OK.

    • When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.

    • Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.

    • Click Save Report.

    • Now save the report .txt file to your desktop.

    • Close Ewido

    When Ewido is finished scanning; reboot back to normal mode and run this online virus scan: ActiveScan

    • Once you are on the Panda site click the Scan your PC button

    • A new window will open...click the Check Now button

      - Enter your Country

      - Enter your State/Province

      - Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)

      - Select either Home User or Company

    • Click the big Scan Now button

    • If/when you get a notice that Panda wants to install an ActiveX component allow it

    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

    • When download is complete, click on Local Disks to start the scan

    • When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop.

    Post

    • The Ewido log

    • A new HijackThis log

    • Panda scan results

    in your next reply here.

    jwbirdsong -

    THANK YOU for your time. I will try the fix tonight and let you know how it turned out. I see a glimmer of hope!

    About Blank problem HJT Log

    in Resolved Malware Removal Logs

    Posted

    Hello - and thanks in advance for reading this. I've tried several ways to rid my computer of the About Blank hijack, can't get rid of it. Here's my HJT log, I can't seem to find the files that are most commonly listed as the culprits. I've had to switch to FireFox to use the Internet without redirects, slowdowns and the $!#*!! About Blank page taunting me. Please help!!!!!! Thanks again in advance, if you can figure this out you are a genius . . .

    Logfile of HijackThis v1.99.1

    Scan saved at 11:39:04 PM, on 1/24/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\windows\system\hpsysdrv.exe

    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    C:\WINDOWS\System32\hphmon05.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    C:\WINDOWS\LTMSG.exe

    C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    C:\WINDOWS\stisvsq.exe

    C:\WINDOWS\svshost.exe

    C:\WINDOWS\msqdevl.exe

    C:\WINDOWS\lssas.exe

    C:\WINDOWS\mservice.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\WINDOWS\iau.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Steve\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    O4 - HKLM\..\Run: [internet Connection Wizard] stisvsq.exe

    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe

    O4 - HKLM\..\Run: [internet Mail and News] msqdevl.exe

    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe

    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe

    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

    O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

    O4 - HKCU\..\Run: [internet Connection Wizard] stisvsq.exe

    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe

    O4 - HKCU\..\Run: [internet Mail and News] msqdevl.exe

    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe

    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.