HJT Log - Britton

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

HJT Log - Britton, About:Blank infection

Options

DeadheadDuke View Member Profile	Dec 18 2004, 05:36 PM Post #1
New Member Group: Members Posts: 8 Joined: 18-December 04 Member No.: 7,363	I posted my HJT log earlier on the AumHa forum and was answered by "mowgreen" who analyzed my problem and sent me to this forum for instructions on removal of the About:blank exploit. I ran the removal instructions without success. The last instruction was to repost the latest HJT log file if I didn't have success in the removal. In short, no .dll filename shows up in the registry search for the offending culprit file. Also, none of the spyware removal tools finds anything nor does CWShredder. I posted this same version of the HJT file over in the AumHa forum just a minute ago. I am not trying to double team anyone or to be intentionally obtuse. I just wasn't sure which place was appropriate so I took the easy way out. Here is the file and thanks in advance for any help anyone can offer: Logfile of HijackThis v1.99.0 Scan saved at 2:08:21 PM, on 12/18/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINNT\system32\LckFldService.exe E:\Program Files\Norton Systemworks\Norton AntiVirus\navapsvc.exe E:\Program Files\Norton Systemworks\Norton Utilities\NPROTECT.EXE C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\ups.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SymTray.exe C:\WINNT\system32\ntvdm.exe C:\WINNT\system32\sstray.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe E:\Program Files\American Systems\Print Screen Deluxe\prntscrn.exe E:\PROGRA~1\ZONEAL~1\zlclient.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe E:\program files\Iomega\DriveIcons\ImgIcon.exe E:\Program Files\Ahead\In CD\InCD.exe E:\Program Files\OmniPagePro 10\opware32.exe C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe E:\Program Files\SSC Service Utility\ssc_serv.exe E:\Program Files\ClipCache\clipc.exe E:\Program Files\Eraser\eraser.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe e:\progra~1\popfile\popfileib.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe J:\Hijack This\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet F3 - REG:win.ini: load= E:\SKW\remind.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Systemworks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Print Screen] E:\Program Files\American Systems\Print Screen Deluxe\prntscrn.exe /m O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] e:\program files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] e:\program files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\In CD\InCD.exe O4 - HKLM\..\Run: [OmniPage] E:\Program Files\OmniPagePro 10\opware32.exe O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [ClipCache] E:\Program Files\ClipCache\clipc.exe /wait 3 O4 - HKCU\..\Run: [Eraser] E:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [PalMail] "J:\Pal Mail\PalMail.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Startup: MRU-Blaster Silent Clean.lnk = E:\Program Files\MRU-Blaster\mrublaster.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Run POPFile.lnk = E:\Program Files\POPFile\runpopfile.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no file) O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup154.cab O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LckFldService - Unknown - C:\WINNT\system32\LckFldService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - E:\Program Files\Norton Systemworks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - E:\Program Files\Norton Systemworks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe Thanks, Cec Britton

Grinler View Member Profile	Dec 23 2004, 03:03 PM Post #2
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3	Can you tell me if you have a file c:\windows\system32\ms0b920b.dll -------------------- Lawrence

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 05:42 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides