[HijackThis log] -
HijackThis log
Discuss HijackThis log
Posted by: baugh40272
Below is a copy of our Hijack this log. Would someone look our log over and tell me what to delete so that I can get rid of the About:blank malware.
thanks,
Susan
Logfile of HijackThis v1.97.7
Scan saved at 11:18:06 AM, on 5/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\IPUG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\EN60PTB.EXE
C:\WINDOWS\SYSTEM\IJ75P2PS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PCSYNC\QDCTRAY.EXE
C:\PROGRAM FILES\PHOTOWISE\QUICKLNK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\D3BS32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B51D9877-B89F-AF85-6260-D52F509B1F43} - C:\WINDOWS\WINJB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EN60P TaskBar] C:\WINDOWS\SYSTEM\en60ptb.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [IJ75P2PSERVER] IJ75P2PS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [D3BS32.EXE] C:\WINDOWS\SYSTEM\D3BS32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [SDKSU32.EXE] C:\WINDOWS\SYSTEM\SDKSU32.EXE /s
O4 - HKLM\..\RunServices: [IPUG.EXE] C:\WINDOWS\IPUG.EXE /s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Adaware Bootup] C:\PROGRAM FILES\AD-AWARE 4.0\AD-AWARE.EXE /Auto /Log C:\PROGRAM FILES\AD-AWARE 4.0\
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Adaware Bootup] C:\PROGRAM FILES\AD-AWARE 4.0\AD-AWARE.EXE /Auto /Log C:\PROGRAM FILES\AD-AWARE 4.0\
O4 - HKCU\..\RunServices: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\RunServices: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PC sync Quick Data Copy.lnk = C:\PCSYNC\QDCTRAY.EXE
O4 - Startup: Camio Viewer.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Microsoft AntiSpyware helper (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://active.macromedia.com/director/cabs/sw.cab[/url]
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url]
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - [url]http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab[/url]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://download.yahoo.com/dl/installs/yinst.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4024.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://209.12.57.24/activex/AxisCamControl.ocx[/url]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38369.6738541667[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/2370177f14ad3f458804/netzip/RdxIE601.cab[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - [url]http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - [url]https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab[/url]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]https://www-secure.symantec.com/techsupp/activedata/SymAData.dll[/url]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url]http://support.fastaccess.com/sdccommon/download/tgctlcm.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - [url]http://www.pestscan.com/scanner/ppctlcab.cab[/url]
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - [url]http://www.pestscan.com/scanner/axscanner.cab[/url]
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - [url]http://download.abacast.com/download/files/abasetup145.cab[/url]
O16 - DPF: YExplorer1_8US.CAB - [url]http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab[/url]
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - [url]http://photo.walmart.com/photo/uploads/WebUploadClient.cab[/url]
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht![url]http://www.awmdabest.com/bltd/114.chm::/file.exe[/url]
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - [url]http://www.sidestep.com/get/k42037/sb02a.cab[/url]
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - [url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url]
Posted by: Warez Monster
Remove at your own risk
C:\WP.EXE running process. (WP.EXE)
O4 - HKCU..Run: [WindowsFY] C:WP.EXE This is a nasty process! You should fix it and try to delete it manually!
C:\PCSYNC\QDCTRAY.EXE This is a unknown process.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdehy.dll/sp.html#28129 This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hdehy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://start.earthlink.net/AL/Search[/url] This entry should be fixed by HijackThis!
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll Entries found in this registry zone are potentially nasty. This application ([4E7BD74F-2B8D-469E-C0FF-FD60B590A87D] - Result: 4E7BD74F-2B8D-469E-C0FF-FD60B590A87D) has been checked. Must be fixed!
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe WORM_SDBOT.FO Must be fixed!