- This topic has 4 replies, 5 voices, and was last updated 20 years, 5 months ago by
.
-
Posts
-
I just re-installed Windows XP Pro SP2, after the installation was complete I started to do my normal thing of downloading programs off sites, I always use. Somewhere along the way some type of virus or spyware was downloaded. Everytime I start up IE now, it has my homepage set to C:WINDOWSsystem32msblank.html I’ve deleted this file several times and it just keeps coming back, hopefully someone knows of a way to get rid of this, I used Ad-aware to try and get rid of it, no luck. I also tried using Norton, but after installation it makes the computer run very slowly. Anyway, if anyone knows how I can get rid of this IE problem (every time I start up it wants me to download some type of dialer or whatever), I’d very much appreciate it.
You need to download HijackThis and run it, then copy your logfile here so we can look at and tell you what to fix.
Would you take a look at my hijack file? We stumbled on to some sort of bug.Logfile of HijackThis v1.99.1
Scan saved at 8:22:24 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesYahoo!AntivirusISafe.exe
C:WINDOWSSystem32gearsec.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWindows Media Connectmswmcls.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWindows Media Connectmswmc.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre1.5.0_04binjusched.exe
C:windowssystemhpsysdrv.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32hphmon05.exe
C:HPKBDKBD.EXE
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesBroadJumpClient FoundationCFD.exe
C:Program FilesYahoo!browserybrwicon.exe
C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
C:Program FilesYahoo!AntivirusCAVTray.exe
C:Program FilesYahoo!AntivirusCAVRID.exe
C:PROGRA~1Yahoo!browserycommon.exe
C:PROGRA~1Yahoo!YOPyop.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe
C:Program FilesSBC Self Support Toolbinmpbtn.exe
C:Program FilesAIMaim.exe
C:WINDOWSsystem32windir32.exe
C:Program FilesYahoo!AntivirusVetMsg.exe
C:PROGRA~1Yahoo!browserYBrowser.exe
C:DOCUME~1OwnerLOCALS~1TempTemporary Directory 1 for hijackthis.zipHijackThis.exeR1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:DOCUME~1OwnerLOCALS~1Temp\xx.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://yahoo.sbc.com/dsl
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: UberButton Class – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:Program FilesYahoo!commonyiesrvc.dll
O2 – BHO: YahooTaggedBM Class – {65D886A2-7CA7-479B-BB95-14D1EFB7946A} – C:Program FilesYahoo!commonYIeTagBm.dll
O2 – BHO: LinkTracker Class – {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} – C:WINDOWSsystem32qlink32.dll
O2 – BHO: BAHelper Class – {A3FDD654-A057-4971-9844-4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: Viewpoint Toolbar BHO – {A7327C09-B521-4EDB-8509-7D2660C9EC98} – C:Program FilesViewpointViewpoint ToolbarViewBarBHO.dll
O3 – Toolbar: HP view – {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} – c:Program FilesHPDigital Imagingbinhpdtlk02.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O3 – Toolbar: Viewpoint Toolbar – {F8AD5AA5-D966-4667-9DAF-2561D68B2012} – C:Program FilesViewpointViewpoint ToolbarViewBar.dll
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe
O4 – HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 – HKLM..Run: [HP Component Manager] “C:Program FilesHPhpcoretechhpcmpmgr.exe”
O4 – HKLM..Run: [HPHUPD05] c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 – HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe
O4 – HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 – HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 – HKLM..Run: [VTTimer] VTTimer.exe
O4 – HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 – HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 – HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM..Run: [BJCFD] C:Program FilesBroadJumpClient FoundationCFD.exe
O4 – HKLM..Run: [YBrowser] C:Program FilesYahoo!browserybrwicon.exe
O4 – HKLM..Run: [Motive SmartBridge] C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
O4 – HKLM..Run: [CaAvTray] “C:Program FilesYahoo!AntivirusCAVTray.exe”
O4 – HKLM..Run: [CAVRID] “C:Program FilesYahoo!AntivirusCAVRID.exe”
O4 – HKLM..Run: [YOP] C:PROGRA~1Yahoo!YOPyop.exe /autostart
O4 – HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 – HKLM..Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
O4 – HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe
O4 – HKLM..Run: [MsgCenterExe] “C:Program FilesCommon FilesRealUpdate_OBRealOneMessageCenter.exe” -osboot
O4 – HKLM..Run: [Microsoft System DLL Services Configuration] windir32.exe
O4 – HKLM..RunServices: [Microsoft System DLL Services Configuration] windir32.exe
O4 – HKLM..RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 “C:Program FilesYourSiteBarysb.dll”
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 – Global Startup: SBC Self Support Tool.lnk = C:Program FilesSBC Self Support Toolbinmatcli.exe
O4 – Global Startup: Updates from HP.lnk = C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZSzeb058YYUS_ZNxmk762YYUS
O8 – Extra context menu item: &Viewpoint Search – res://C:Program FilesViewpointViewpoint ToolbarViewBar.dll/CXTSEARCH.HTML
O8 – Extra context menu item: &Yahoo! Search – file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:Program FilesYahoo!Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:Program FilesYahoo!Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///C:Program FilesYahoo!Common/ycsms.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 – Extra button: SideFind – {10E42047-DEB9-4535-A118-B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:Program FilesYahoo!commonyiesrvc.dll
O9 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:Program FilesAIMaim.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) – https://signup.msn.com/pages/MsnInstC.cab
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 – DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) – C:Program FilesYahoo!commonyucconfig.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) – C:Program FilesYahoo!commonyinsthelper.dll
O16 – DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) – http://www.snapfish.com/SnapfishActivia.cab
O16 – DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123853937296
O16 – DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) – http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 – DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) – http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 – DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) – http://chat.yahoo.com/cab/yuplapp.cab
O16 – DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) – http://www.180searchassistant.com/180saax.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) – http://www.imgag.com/cp/install/Crusher.cab
O16 – DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) – http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 – DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) – http://chat.msn.com/controls/msnchat45.cab
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – “C:PROGRA~1MSNMES~1msgrapp.dll” (file missing)
O18 – Filter: text/html – {3551784B-E99A-474f-B782-3EC814442918} – C:WINDOWSsystem32qlink32.dll
O20 – Winlogon Notify: igfxcui – C:WINDOWSSYSTEM32igfxsrvc.dll
O23 – Service: CAISafe – Computer Associates International, Inc. – C:Program FilesYahoo!AntivirusISafe.exe
O23 – Service: Gear Security Service (GEARSecurity) – GEAR Software – C:WINDOWSSystem32gearsec.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:Program FilesiPodbiniPodService.exe
O23 – Service: PhoneTray – Unknown owner – C:Program FilesTraySoftPhoneTrayPhoneTray.exe
O23 – Service: VET Message Service (VETMSGNT) – Computer Associates International, Inc. – C:Program FilesYahoo!AntivirusVetMsg.exeThank You.
Hi, zemoxmomz and PanteraOpeth:) Welcome to BBB, Here is a link to a spyware removel guide, follow instructions given in it. Hope so your problem will be solved:)
PanteraOpeth, it seems you are infected with “msblank.html” hijacker. you should paste your hijackthis log on one of the following forums: http://www.spywareinfo.com/~merijn/forums.html.
zemoxmomz, next time please start your own topic for your own problems. this forum doesn’t specialize in hijackthis log analysis but it seems you are infected with “SDBOT.BHF” says: http://startup.iamnotageek.com/srch-windir32.exe.html. again, you should paste your log in a forum that specializes in this stuff: http://www.spywareinfo.com/~merijn/forums.html
- You must be logged in to reply to this topic.