Options
about.blank has taken over
I have been trying to determine which files in my HJT log need fixing with the
tools on this site. However, when I select some links it kicks me back to the
hijack site. I think all of the R0, R1 and R3 files here are bad. I also think the 02 BHO is bad. I am not sure on the 03 and 04 files. Could you please
advise me on what I should do? Thank you.
Logfile of HijackThis v1.99.0
Scan saved at 8:59:14 AM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Intel\LDCM\bin\IIDS.exe
D:\WINDOWS\system32\cba\pds.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
D:\WINDOWS\system32\cba\xfr.exe
D:\WINDOWS\system32\MsgSys.EXE
D:\Program Files\Intel\LDCM\bin\ssm.exe
D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
D:\PROGRA~1\Intel\LDCM\CI\CIMGR\CIMGR.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\Intel\LDCM\Bin\USM.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\4D Browser Mouse\Scw64.exe
D:\Program Files\Microsoft Office\Office\Osa.exe
D:\Program Files\Microsoft Office\Office\Findfast.exe
D:\Program Files\Microsoft Office\Office\Msoffice.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\System32\HPZipm12.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINDOWS\System32\wuauclt.exe
D:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6986D64B-5E89-BD6C-8E95-2AC44907B1ED} - D:\WINDOWS\system32\d3ly.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [User Space Manager] D:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE"
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Reminder-hpc41001.lnk = D:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Global Startup: 4D Browser Mouse.lnk = D:\Program Files\4D Browser Mouse\Scw64.exe
O4 - Global Startup: Forget Me Not.lnk = D:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = D:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Alert on LAN 2 Agent - Intel Corporation - D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel CI Manager - Intel Corporation - D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel File Transfer - Intel Corporation - D:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - D:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - D:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - D:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: McAfee.com McShield - Unknown - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TMA Distribution - Unknown - D:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: win32sl - Smart Technology Enablers - D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
O23 - Service: ZESOFT - Unknown - D:\WINDOWS\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - D:\WINDOWS\d3vo.exe (file missing)
tools on this site. However, when I select some links it kicks me back to the
hijack site. I think all of the R0, R1 and R3 files here are bad. I also think the 02 BHO is bad. I am not sure on the 03 and 04 files. Could you please
advise me on what I should do? Thank you.
Logfile of HijackThis v1.99.0
Scan saved at 8:59:14 AM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Intel\LDCM\bin\IIDS.exe
D:\WINDOWS\system32\cba\pds.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
D:\WINDOWS\system32\cba\xfr.exe
D:\WINDOWS\system32\MsgSys.EXE
D:\Program Files\Intel\LDCM\bin\ssm.exe
D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
D:\PROGRA~1\Intel\LDCM\CI\CIMGR\CIMGR.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\Intel\LDCM\Bin\USM.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\4D Browser Mouse\Scw64.exe
D:\Program Files\Microsoft Office\Office\Osa.exe
D:\Program Files\Microsoft Office\Office\Findfast.exe
D:\Program Files\Microsoft Office\Office\Msoffice.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\System32\HPZipm12.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINDOWS\System32\wuauclt.exe
D:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6986D64B-5E89-BD6C-8E95-2AC44907B1ED} - D:\WINDOWS\system32\d3ly.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [User Space Manager] D:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE"
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Reminder-hpc41001.lnk = D:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Global Startup: 4D Browser Mouse.lnk = D:\Program Files\4D Browser Mouse\Scw64.exe
O4 - Global Startup: Forget Me Not.lnk = D:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = D:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Alert on LAN 2 Agent - Intel Corporation - D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel CI Manager - Intel Corporation - D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel File Transfer - Intel Corporation - D:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - D:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - D:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - D:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: McAfee.com McShield - Unknown - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TMA Distribution - Unknown - D:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: win32sl - Smart Technology Enablers - D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
O23 - Service: ZESOFT - Unknown - D:\WINDOWS\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - D:\WINDOWS\d3vo.exe (file missing)
0
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\gfkwd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6986D64B-5E89-BD6C-8E95-2AC44907B1ED} - D:\WINDOWS\system32\d3ly.dll
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe
O23 - Service: ZESOFT - Unknown - D:\WINDOWS\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - D:\WINDOWS\d3vo.exe (file missing)
Fix those entries then find and delete the files listed above, reboot and post a new log.
I believe that t058.com is a new spyware site, which is not in Spyware Shooter (the spyware blocker)'s block list yet. I would appreciate it if you could send the link to t058.com to additions@spyware-shooter.50free.net so I can add it to the next update of Spyware Shooter.
1.) I ran a fix in safe mode and deleted the files I could find.
2.) I then ran aboutbuster .exe and have included the log in this message.
3.) I ran Adware and cleaned out the files it found.
4.) I used cleanmgr to remove temp files and those in the recycle bin.
5.) Finally I did a reboot in normal mode and ran the housecall scan and
mcafee antivirus. Both programs are still finding the BackDoor-BDD which
keeps renaming itself within the SYSTEM32 windows directory.
The good news is that the about:blank site does not appear anymore when
IE is launched. What is the next step to remove the BBD virus? Thank you.
HJT logfile:
Logfile of HijackThis v1.99.0
Scan saved at 4:00:27 PM, on 12/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\Intel\LDCM\Bin\USM.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\Program Files\4D Browser Mouse\Scw64.exe
D:\Program Files\Microsoft Office\Office\Osa.exe
D:\Program Files\Microsoft Office\Office\Msoffice.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Intel\LDCM\bin\IIDS.exe
D:\WINDOWS\system32\cba\pds.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
D:\WINDOWS\system32\cba\xfr.exe
D:\WINDOWS\system32\MsgSys.EXE
D:\Program Files\Intel\LDCM\bin\ssm.exe
D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
D:\PROGRA~1\Intel\LDCM\CI\CIMGR\CIMGR.EXE
D:\WINDOWS\System32\HPZipm12.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\HijackThis.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [User Space Manager] D:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRUN.EXE"
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Reminder-hpc41001.lnk = D:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Global Startup: 4D Browser Mouse.lnk = D:\Program Files\4D Browser Mouse\Scw64.exe
O4 - Global Startup: Forget Me Not.lnk = D:\Program Files\Mindscape\AGPrint\PMREMIND.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = D:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Alert on LAN 2 Agent - Intel Corporation - D:\Program Files\Intel\Alert on LAN\winnt\agent\aolagt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel CI Manager - Intel Corporation - D:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel File Transfer - Intel Corporation - D:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - D:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - D:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - D:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: McAfee.com McShield - Unknown - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TMA Distribution - Unknown - D:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: win32sl - Smart Technology Enablers - D:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
AB logfile:
Scanned at: 2:51:47 PM on: 12/25/2004
-- Scan 1
About:Buster Version 4.0
Reference List : 21
ADS not scanned System(FAT)
Removed 2 Random Key Entries
Removed! : D:\WINDOWS\hpyzc.dat
Removed! : D:\WINDOWS\System32\evvgf.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2
About:Buster Version 4.0
Reference List : 21
ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!