about:blank hijack - Hijack this log

  1. 24-08-2004  #1
    muzikmann
    muzikmann is offline Newbie

    about:blank hijack - Hijack this log

    I think I got this when I hooked up to our network here at my college. It's a real pain in the rear. Can someone help me? Thanks!

    Jeff P
    jeparham@mines.edu
    muzikmann@msn.com

    Logfile of HijackThis v1.98.2
    Scan saved at 8:16:19 AM, on 8/24/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\NTFQ32.EXE
    C:\WINDOWS\ATLYE32.EXE
    C:\WINDOWS\SYSTEM\APIFR32.EXE
    C:\WINDOWS\SYSTEM\NTEH32.EXE
    C:\WINDOWS\SYSTEM\APISJ.EXE
    C:\WINDOWS\CRTL.EXE
    C:\WINDOWS\APIUF32.EXE
    C:\WINDOWS\SYSTEM\IPPM.EXE
    C:\WINDOWS\SYSTEM\SDKFL32.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\WINDOWS\IPYR.EXE
    C:\PROGRAM FILES\NOADS\NOADS.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
    C:\WINDOWS\SYSTEM\SDKFL32.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\CRTL.EXE
    C:\SCANJET\PRECISIONSCAN\HPPPT.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\ATLYE32.EXE
    C:\WINDOWS\SYSTEM\APISJ.EXE
    C:\WINDOWS\APPZG.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\APIFR32.EXE
    C:\WINDOWS\SYSTEM\APIFR32.EXE
    C:\WINDOWS\WINXX.EXE
    C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\WINDOWS\ADDBS32.EXE
    C:\WINDOWS\ADDBS32.EXE
    C:\WINDOWS\MFCQY.EXE
    C:\WINDOWS\SYSTEM\SDKFL32.EXE
    C:\WINDOWS\SYSTEM\JAVAOJ.EXE
    C:\WINDOWS\SYSTEM\SDKFL32.EXE
    C:\WINDOWS\IEVU.EXE
    C:\WINDOWS\SYSTEM\JAVAOJ.EXE
    C:\WINDOWS\SYSTEM\MSEQ.EXE
    C:\WINDOWS\SYSTEM\MSEQ.EXE
    C:\WINDOWS\SYSTEM\D3QE32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADED AND INSTALLATION FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mivmk.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9oe0d3um.slt\prefs.j s)
    O2 - BHO: Class - {21D01E88-6327-6BCB-E0DB-6D4E21E899ED} - C:\WINDOWS\SYSDG32.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [APISJ.EXE] C:\WINDOWS\SYSTEM\APISJ.EXE
    O4 - HKLM\..\RunServices: [APIFR32.EXE] C:\WINDOWS\SYSTEM\APIFR32.EXE
    O4 - HKLM\..\RunServices: [CRTL.EXE] C:\WINDOWS\CRTL.EXE
    O4 - HKLM\..\RunServices: [ATLYE32.EXE] C:\WINDOWS\ATLYE32.EXE
    O4 - HKLM\..\RunServices: [NTEH32.EXE] C:\WINDOWS\SYSTEM\NTEH32.EXE
    O4 - HKLM\..\RunServices: [SDKFL32.EXE] C:\WINDOWS\SYSTEM\SDKFL32.EXE
    O4 - HKLM\..\RunServices: [NTFQ32.EXE] C:\WINDOWS\NTFQ32.EXE
    O4 - HKLM\..\RunServices: [IPPM.EXE] C:\WINDOWS\SYSTEM\IPPM.EXE
    O4 - HKLM\..\RunServices: [APIUF32.EXE] C:\WINDOWS\APIUF32.EXE
    O4 - HKLM\..\RunServices: [APPZG.EXE] C:\WINDOWS\APPZG.EXE
    O4 - HKLM\..\RunServices: [WINXX.EXE] C:\WINDOWS\WINXX.EXE
    O4 - HKLM\..\RunServices: [ADDBS32.EXE] C:\WINDOWS\ADDBS32.EXE
    O4 - HKLM\..\RunServices: [MFCQY.EXE] C:\WINDOWS\MFCQY.EXE
    O4 - HKLM\..\RunServices: [JAVAOJ.EXE] C:\WINDOWS\SYSTEM\JAVAOJ.EXE
    O4 - HKLM\..\RunServices: [IEVU.EXE] C:\WINDOWS\IEVU.EXE
    O4 - HKLM\..\RunServices: [MSEQ.EXE] C:\WINDOWS\SYSTEM\MSEQ.EXE
    O4 - HKLM\..\RunServices: [D3QE32.EXE] C:\WINDOWS\SYSTEM\D3QE32.EXE
    O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - (no file) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/mini...ansporter.cab?
    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab

  3. 26-08-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Are you running on an Administrators account on the computer in question?
  4. 27-08-2004  #3
    muzikmann
    muzikmann is offline Newbie
    Well, it's the only account on the computer. It's Windows ME and I'm the only user. Bu I think I got it licked. I went into safe mode and ran a search in Windows, System, and System32 for hidden executables and DLL system files. Then changed the extension to *.norun. Ran "Hijack This", AdAware, and AntiVir from freeav.com. I ended up having to delete some archive files, but they were all in temp folders. But I seem to have gotten rid of it. If it comes back, I'll let you know.
  5. 02-09-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Sorry about the response time, could you post a fresh log please. Its just the way you said college computer.
+ Reply to Thread
« Major help needed please!!! | lzio and Wintools and god knows what else..begs for help »