1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Quick

Discussion in 'Virus & Other Malware Removal' started by cubz, Feb 9, 2005.

Thread Status:
Not open for further replies.
  1. cubz

    cubz Thread Starter

    Joined:
    Mar 24, 2004
    Messages:
    268
    Infected by about:blank and it's taking over everything..
    this is one of 4 id's HJT logs that I will need help with please.
    Logfile of HijackThis v1.99.0
    Scan saved at 7:06:01 PM, on 02/09/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee\QuickClean\Plguni.exe
    C:\WINDOWS\System32\hpha2mon.exe
    C:\WINDOWS\System32\sm.exe
    C:\WINDOWS\System32\HPHipm08.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\System32\dddd.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\Program Files\America Online 7.0\aoltray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\WINDOWS\system32\winmr32.exe
    C:\WINDOWS\netyk32.exe
    C:\WINDOWS\system32\netys.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\Kristie\LOCALS~1\Temp\28.tmp
    C:\WINDOWS\System32\cmd.exe
    C:\Program Files\WebSiteViewer\127062.dlr
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HIJACK THIS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gsyxc.dll/sp.html#14044
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {88278391-118B-BCB6-E08A-964AA5FEF26D} - C:\WINDOWS\javane.dll
    O2 - BHO: (no name) - {8E89AA21-A95A-5173-6D61-BCC74041EE55} - C:\WINDOWS\system32\ipbm32.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
    O4 - HKLM\..\Run: [HPHA2MON] C:\WINDOWS\System32\hpha2mon.exe
    O4 - HKLM\..\Run: [winmr32.exe] C:\WINDOWS\system32\winmr32.exe
    O4 - HKLM\..\Run: [21.tmp] C:\DOCUME~1\Rich\LOCALS~1\Temp\21.tmp.exe 4 10001
    O4 - HKLM\..\Run: [23.tmp] C:\DOCUME~1\Rich\LOCALS~1\Temp\23.tmp.exe 0 10001
    O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
    O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
    O4 - HKLM\..\Run: [21.tmp.exe] C:\DOCUME~1\Rich\LOCALS~1\Temp\21.tmp.exe 5 10001
    O4 - HKLM\..\Run: [23.tmp.exe] C:\DOCUME~1\Rich\LOCALS~1\Temp\23.tmp.exe 0 10001
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexuc32.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [pzelvwn] c:\windows\system32\pzelvwn.exe
    O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O4 - HKLM\..\Run: [28.tmp] C:\DOCUME~1\Kristie\LOCALS~1\Temp\28.tmp.exe 1 10001
    O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\netyk32.exe
    O4 - HKLM\..\RunOnce: [netys.exe] C:\WINDOWS\system32\netys.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dddd.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\netjy.exe (file missing)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328699

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice