browser hijacked help please

S

Steve

Hello,
I run Windows XP and Internet Exporer which appears to have
been hijacked for about a week. I've been using the beta of
Microsofts antispyware utility along with Webroot Spy
sweeper. Spysweeper has been no help but the Microsoft beta
tells me everytime I run it that it has found a possible
Hijack (Browser Modifier). The location is c:\window\system
32\blank.htm. It says it fixes it each time I run it but it
continues to defeat the anti-pop up software with tons of
ads and when I run the utility again it finds the same
problem again. I tried to manually delete it but cannot
find it (even with hidden files shown)

I ran the utility "HijackThis" with the following outcome

Any suggestions would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:29:42 PM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\NetopiaRC\Tb2RunDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sunbelt Software\CounterSpy
Client\sunasDtServ.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSNBC Wireless Traveler\msnbcwt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://www.sony.com/vaiopeople
F2 - REG:system.ini:
UserInit=C:\WINDOWS\NetopiaRC\Tb2RunDLL.EXE
1,C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%

5CSBWeb_01.src"); (C:\Documents and
Settings\Steve\Application
Data\Mozilla\Profiles\default\kmajajrq.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1

\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1

\ycomp5_6_0_0.dll
O3 - Toolbar: AIM Search -
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program
Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: PrintMe -
{97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program
Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: Adobe PDF -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program
Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO
Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program
Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0

\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO
Power Management\SPMgr.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program
Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB
Utility\ISBMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey
Utility\HKserv.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe
"C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\MSNBC
Wireless Traveler\msnbcwt.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program
Files\Norton SystemWorks\cfgwiz.exe" /GUID
{05858CFD-5CC4-4ceb-AAAF-

CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSNBC Wireless Traveler] C:\Program
Files\MSNBC Wireless Traveler\msnbcwt.exe
O4 - HKCU\..\Run: [SkipBags]
C:\DOCUME~1\Steve\APPLIC~1\DRIVEB~1\HopeCast.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &AIM Search -
res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01

\bin\npjpi150_01.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.crlaurence.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
(Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-

JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Airgo Networks NIC Service (ANISERVICE) -
Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer,
Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner
- C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia

Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service
(NPFMntor) - Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService)
- Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation
- C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security

Center\SymWSC.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. -
c:\program files\timbuktu pro\tb2launch.exe
O23 - Service: VAIO Entertainment Aggregation and Control
Service - Sony Corporation - C:\Program Files\Common
Files\Sony

Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO

Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration
Service - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\VAIO

Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO

Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server
(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony
Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)
(VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner -
C:\Program

Files\Sony\VAIO Media Integrated
Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-IntegratedServer-HTTP

/RegRoot="SOFTWARE\Sony Corporation\VAIO Media
Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP
(file missing)
O23 - Service: VAIO Media Integrated Server (UPnP)
(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony
Corporation - C:\Program

Files\Sony\VAIO Media Integrated
Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server
(VAIOMediaPlatform-Mobile-Gateway) - Unknown owner -
C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\VmGateway.exe"
/Service=VAIOMediaPlatform-Mobile-Gateway
/RegRoot="SOFTWARE\Sony Corporation\VAIO Media

Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway"
/DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner -
C:\Program Files\Sony\VAIO Media

Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer
/DisplayName="VAIO Media Video Server (file

missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner -
C:\Program Files\Sony\VAIO

Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP
/RegRoot="SOFTWARE\Sony Corporation\VAIO

Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP
(file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation -
C:\Program Files\Sony\VAIO

Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
A

Andre Da Costa

Go to Advanced Tools > Browser Restore > click "Check All" and click the
Restore button.

Boot into Safe Mode (F8) at Start Up;

Empty your temporary files AND your Temporary Internet Files C:\Documents

and Settings\Username\Local Settings\Temporary Internet Files folder ;

Run the scan while in safe mode;

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm




Hello,
I run Windows XP and Internet Exporer which appears to have
been hijacked for about a week. I've been using the beta of
Microsofts antispyware utility along with Webroot Spy
sweeper. Spysweeper has been no help but the Microsoft beta
tells me everytime I run it that it has found a possible
Hijack (Browser Modifier). The location is c:\window\system
32\blank.htm. It says it fixes it each time I run it but it
continues to defeat the anti-pop up software with tons of
ads and when I run the utility again it finds the same
problem again. I tried to manually delete it but cannot
find it (even with hidden files shown)

I ran the utility "HijackThis" with the following outcome

Any suggestions would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:29:42 PM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\NetopiaRC\Tb2RunDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sunbelt Software\CounterSpy
Client\sunasDtServ.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSNBC Wireless Traveler\msnbcwt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://www.sony.com/vaiopeople
F2 - REG:system.ini:
UserInit=C:\WINDOWS\NetopiaRC\Tb2RunDLL.EXE
1,C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%

5CSBWeb_01.src"); (C:\Documents and
Settings\Steve\Application
Data\Mozilla\Profiles\default\kmajajrq.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1

\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1

\ycomp5_6_0_0.dll
O3 - Toolbar: AIM Search -
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program
Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: PrintMe -
{97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program
Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: Adobe PDF -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program
Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO
Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program
Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0

\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO
Power Management\SPMgr.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program
Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB
Utility\ISBMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey
Utility\HKserv.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe
"C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt
Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\MSNBC
Wireless Traveler\msnbcwt.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program
Files\Norton SystemWorks\cfgwiz.exe" /GUID
{05858CFD-5CC4-4ceb-AAAF-

CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSNBC Wireless Traveler] C:\Program
Files\MSNBC Wireless Traveler\msnbcwt.exe
O4 - HKCU\..\Run: [SkipBags]
C:\DOCUME~1\Steve\APPLIC~1\DRIVEB~1\HopeCast.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &AIM Search -
res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing
PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01

\bin\npjpi150_01.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.crlaurence.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
(Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-

JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Airgo Networks NIC Service (ANISERVICE) -
Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer,
Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner
- C:\Program Files\Common Files\Macromedia
Shared\Service\Macromedia

Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service
(NPFMntor) - Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService)
- Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation
- C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\Security

Center\SymWSC.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. -
c:\program files\timbuktu pro\tb2launch.exe
O23 - Service: VAIO Entertainment Aggregation and Control
Service - Sony Corporation - C:\Program Files\Common
Files\Sony

Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO

Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration
Service - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\VAIO

Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO

Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server
(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony
Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)
(VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner -
C:\Program

Files\Sony\VAIO Media Integrated
Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-IntegratedServer-HTTP

/RegRoot="SOFTWARE\Sony Corporation\VAIO Media
Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP
(file missing)
O23 - Service: VAIO Media Integrated Server (UPnP)
(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony
Corporation - C:\Program

Files\Sony\VAIO Media Integrated
Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server
(VAIOMediaPlatform-Mobile-Gateway) - Unknown owner -
C:\Program Files\Sony\VAIO Media

Integrated Server\Platform\VmGateway.exe"
/Service=VAIOMediaPlatform-Mobile-Gateway
/RegRoot="SOFTWARE\Sony Corporation\VAIO Media

Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway"
/DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner -
C:\Program Files\Sony\VAIO Media

Integrated Server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer
/DisplayName="VAIO Media Video Server (file

missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner -
C:\Program Files\Sony\VAIO

Media Integrated Server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP
/RegRoot="SOFTWARE\Sony Corporation\VAIO

Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP
(file missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation -
C:\Program Files\Sony\VAIO

Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

sluggish computer 2
Windows Vista Applications and Processes shut down unexpectedly 1
nothing like being screwed by a virus 3
Transponder spyware removal Hijackthis 3
winfixer and virtumundo.C HELP! 2
Windows 7 "Windows cannot find svchost.exe?" 1
Hijackthis report please help 3
Howzit!!! :) 2

Top