HijackThis log-Winblast.exe (merged)

Discussion in 'adware, spyware & hijack cleaning' started by Sesshoumaru, Apr 26, 2004.

Thread Status:
Not open for further replies.
  1. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Winblast.exe

    I keep on receiving this virus when I restart my computer, I have XP Pro and I disable System Restore and it comes back. Bitdefender Pro finds it on access patrol only, not when I do a system scan.

    It is usually labeled

    Windows/system32/tptp1030

    Or another 4-digit number.

    The virus is causing my PC to shut down and when I'm online I can't delete history, cookies, temp files. I also cannot paste any links into my toolbar, quite pesky. I erased SP1 last night and I think I should have kept it, I had no problems with that.

    Any advice you guys recommend?
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Winblast.exe

    Hi Sesshoumaru :)

    Welcome to Wilders.

    U could follow the instructions here,

    https://www.wilderssecurity.com/showthread.php?t=15913

    then post a HijackThis log in the hijack cleaning forums with a full description of your problem.

    One of the experts will advise u on any Malware found on your system.


    snowbound
     
  3. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Winblast.exe

    Thanks.

    I'm actually very much in PC protection, I currently use Spybot, Kerio, Bitdefender and a couple other programs. I used Kazaa last night and I think that is what caused the problem, I removed kazaa from my computer and I am in the process of cleaning up all the stuff kazaa left on it, will post my log shorty.
     
  4. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Winblast.exe

    Logfile of HijackThis v1.97.7
    Scan saved at 8:12:24 PM, on 4/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\PROGRA~1\ISP50\bin\ppshared.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\PROGRA~1\ISP50\dialer\DIALER.EXE
    C:\WINDOWS\system32\msblast.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
    C:\Documents and Settings\Scott LaRock\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\RunOnce: [Remove at boot] C:\DeleteAtReboot.bat
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38103.6383101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF11F3C-BE1D-4BAF-B2E6-13E8D1B9297E}: NameServer = 206.134.133.10 206.134.224.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6DF11F3C-BE1D-4BAF-B2E6-13E8D1B9297E}: NameServer = 206.134.133.10 206.134.224.5

    It keeps on coming back after I delete it
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Winblast.exe

    Hi Sesshoumaru :)

    Now that u have posted a HijackThis log i will move this thread to the Hijack cleaning forums for better attention.

    snowbound
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,100
    Location:
    North Carolina, USA
    Re: HijackThis log-Winblast.exe

    Hi Sesshoumaru,

    Welcome to Wilders!

    I see nothing obviously wrong with your log. One of the other Experts here will jump in and give a second opinion.

    I would strongly suggest you do an online virus scan. Some good online scans can be found HERE.

    Regards,
    Kent
     
  7. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: HijackThis log-Winblast.exe

    Hi puff, I have bitdefender pro and kas as a back, I always find the virus but it comes back eventually it shuts down the CPU. I think it is hiding somewhere in my CPU.

    Will need some more assistance eventually.
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: HijackThis log-Winblast.exe

    The virus could still be in your systems restore.

    Try disabling it,that will clear your restore points, reboot then turn it back on and create a new manual restore point. Then do another scan and see if it is clean.

    If your not sure how to disable systems restore here is a link,

    http://www.pchell.com/virus/systemrestore.shtml

    Hope this helps.


    snowbound
     
  9. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Internet explorer freezes up to often

    I can't get my computer to run for more than 5 minutes, everything freezes up, I am wondering if I have a virus in the explorer file becuase scvost asks to connect to the internet, I need some ideas.

    I ran a virusscan and nothing came up, I ran pestpatrol and nothing came up, need suggestions.
     
  10. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: Internet explorer freezes up to often

    Hi Sesshoumaru,

    You had another thread here where you had asked if there was a virus. If you think the problem you had then may still be related to the problems you are having now, then I will merge the two threads together.

    https://www.wilderssecurity.com/showthread.php?t=29515

    In the meantime, please do another scan with HijackThis and post a new log here (in this thread) to be checked.

    Regards,

    snap
     
  11. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Internet explorer freezes up to often

    I'm doing it right now yes and merge the thread please, thanks
     
    Last edited by a moderator: May 6, 2004
  12. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Internet explorer freezes up to often

    updated log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:03:53 PM, on 5/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\BitGuard\Firewall\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\NSClean\BOClean\BOCSEC.EXE
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Scott LaRock\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38103.6383101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I was wondering if it is possible to do a virus scan in safe mode, I think svchost is the problem, my firewall keep asking me if svchost can connect to the internet;.
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Re: Internet explorer freezes up to often

    Hi Sesshoumaru,

    There are some things we can disable to see if that makes a difference.

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    To answer some other questions.

    Yes, it is possible to do a virusscan in Safe mode.
    svchost is a legitimate Windows file and performs many Network related functions, so that could be a false lead.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.