HijackThis log-Winblast.exe (merged)

Discussion in 'adware, spyware & hijack cleaning' started by Sesshoumaru, Apr 26, 2004.

Thread Status:
Not open for further replies.
  1. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Winblast.exe

    I keep on receiving this virus when I restart my computer, I have XP Pro and I disable System Restore and it comes back. Bitdefender Pro finds it on access patrol only, not when I do a system scan.

    It is usually labeled

    Windows/system32/tptp1030

    Or another 4-digit number.

    The virus is causing my PC to shut down and when I'm online I can't delete history, cookies, temp files. I also cannot paste any links into my toolbar, quite pesky. I erased SP1 last night and I think I should have kept it, I had no problems with that.

    Any advice you guys recommend?
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Winblast.exe

    Hi Sesshoumaru :)

    Welcome to Wilders.

    U could follow the instructions here,

    https://www.wilderssecurity.com/showthread.php?t=15913

    then post a HijackThis log in the hijack cleaning forums with a full description of your problem.

    One of the experts will advise u on any Malware found on your system.


    snowbound
     
  3. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Winblast.exe

    Thanks.

    I'm actually very much in PC protection, I currently use Spybot, Kerio, Bitdefender and a couple other programs. I used Kazaa last night and I think that is what caused the problem, I removed kazaa from my computer and I am in the process of cleaning up all the stuff kazaa left on it, will post my log shorty.
     
  4. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Winblast.exe

    Logfile of HijackThis v1.97.7
    Scan saved at 8:12:24 PM, on 4/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\PROGRA~1\ISP50\bin\ppshared.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\PROGRA~1\ISP50\dialer\DIALER.EXE
    C:\WINDOWS\system32\msblast.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
    C:\Documents and Settings\Scott LaRock\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\RunOnce: [Remove at boot] C:\DeleteAtReboot.bat
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38103.6383101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF11F3C-BE1D-4BAF-B2E6-13E8D1B9297E}: NameServer = 206.134.133.10 206.134.224.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6DF11F3C-BE1D-4BAF-B2E6-13E8D1B9297E}: NameServer = 206.134.133.10 206.134.224.5

    It keeps on coming back after I delete it
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: Winblast.exe

    Hi Sesshoumaru :)

    Now that u have posted a HijackThis log i will move this thread to the Hijack cleaning forums for better attention.

    snowbound
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Re: HijackThis log-Winblast.exe

    Hi Sesshoumaru,

    Welcome to Wilders!

    I see nothing obviously wrong with your log. One of the other Experts here will jump in and give a second opinion.

    I would strongly suggest you do an online virus scan. Some good online scans can be found HERE.

    Regards,
    Kent
     
  7. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: HijackThis log-Winblast.exe

    Hi puff, I have bitdefender pro and kas as a back, I always find the virus but it comes back eventually it shuts down the CPU. I think it is hiding somewhere in my CPU.

    Will need some more assistance eventually.
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Re: HijackThis log-Winblast.exe

    The virus could still be in your systems restore.

    Try disabling it,that will clear your restore points, reboot then turn it back on and create a new manual restore point. Then do another scan and see if it is clean.

    If your not sure how to disable systems restore here is a link,

    http://www.pchell.com/virus/systemrestore.shtml

    Hope this helps.


    snowbound
     
  9. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Internet explorer freezes up to often

    I can't get my computer to run for more than 5 minutes, everything freezes up, I am wondering if I have a virus in the explorer file becuase scvost asks to connect to the internet, I need some ideas.

    I ran a virusscan and nothing came up, I ran pestpatrol and nothing came up, need suggestions.
     
  10. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: Internet explorer freezes up to often

    Hi Sesshoumaru,

    You had another thread here where you had asked if there was a virus. If you think the problem you had then may still be related to the problems you are having now, then I will merge the two threads together.

    https://www.wilderssecurity.com/showthread.php?t=29515

    In the meantime, please do another scan with HijackThis and post a new log here (in this thread) to be checked.

    Regards,

    snap
     
  11. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Internet explorer freezes up to often

    I'm doing it right now yes and merge the thread please, thanks
     
    Last edited by a moderator: May 6, 2004
  12. Sesshoumaru

    Sesshoumaru Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Re: Internet explorer freezes up to often

    updated log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:03:53 PM, on 5/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\BitGuard\Firewall\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\NSClean\BOClean\BOCSEC.EXE
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Scott LaRock\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38103.6383101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I was wondering if it is possible to do a virus scan in safe mode, I think svchost is the problem, my firewall keep asking me if svchost can connect to the internet;.
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re: Internet explorer freezes up to often

    Hi Sesshoumaru,

    There are some things we can disable to see if that makes a difference.

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    To answer some other questions.

    Yes, it is possible to do a virusscan in Safe mode.
    svchost is a legitimate Windows file and performs many Network related functions, so that could be a false lead.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.