Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need help with about:blank

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need help with about:blank

Unread postby spike16 » February 3rd, 2006, 8:38 am

Logfile of HijackThis v1.99.1
Scan saved at 8:36:10 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\iau.exe
C:\WINDOWS\stisvsq.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svshost.exe
C:\WINDOWS\lssas.exe
C:\WINDOWS\msqdevl.exe
C:\WINDOWS\mservice.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Charlie\My Documents\My Files\Installers\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22DE3D33-CB0A-4AD4-809B-BCFE8170812E}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3036F878-F584-42CE-9F7E-D75F8E508B6F}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C899594-594F-4655-A386-018E310A9392}: NameServer = 85.255.115.30 85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{59CE5E5B-F063-4A92-99F9-69A170786801}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFF05C9-F404-4A47-979F-0578C22B0C72}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBCB58F-42AB-4C8A-8709-48715F8C70C6}: NameServer = 85.255.115.30,85.255.112.226
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


My problem is having the about:blank page coming everytime I open up IE, even when Yahoo is my primary homepage. Can anyone help? I think I have a problem here. :P
spike16
Active Member
 
Posts: 2
Joined: February 3rd, 2006, 8:34 am
Advertisement
Register to Remove

Unread postby amateur » February 3rd, 2006, 8:59 am

Hi Spike16, :)

Welcome to MR. :D I am examining your log now. I'll get back to you as soon as I have the instructions ready.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

thanks

Unread postby spike16 » February 3rd, 2006, 9:59 am

thanks :D ever since it has happened, there are times wherein i click on pages and they seem to be 'not found' but then i retry, and they do. it's not really much of a problem but it is very annoying haha. i hope that i can get a solution for this :)
spike16
Active Member
 
Posts: 2
Joined: February 3rd, 2006, 8:34 am

Unread postby amateur » February 3rd, 2006, 11:03 am

Hi Spike16 :) ,

Please read the instructions carefully, then print them so that you'll have access to them at all times, especially when you are in Safe Mode. Follow the instructions in the order they are given and please don't miss any. If you have any questions, ask them before you begin with the fix. We'll start with downloading the programs we need to use later.

Download and install Ewido Anti-Malware

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu


Check for updates but do not run it yet.

Download ATF Cleaner by Atribune and save it to your Desktop.

Please run Notepad and copy/paste the following text inside the Code box into a new file: It's important that you use notepad, not wordpad.

attrib -r -h -s C:\WINDOWS\system32\dm???.exe
del C:\Windows\System32\dm???.exe
attrib -r -h -s C:\Windows\System32\hg???.exe
del C:\Windows\System32\hg???.exe
attrib -r -h -s C:\Windows\System32\cs???.exe
del C:\Windows\System32\cs???.exe
attrib -r -h -s C:\WINDOWS\svshost.exe
del C:\WINDOWS\svshost.exe
attrib -r -h -s C:\WINDOWS\lssas.exe
del C:\WINDOWS\lssas.exe
attrib -r -h -s C:\WINDOWS\msqdevl.exe
del C:\WINDOWS\msqdevl.exe
attrib -r -h -s C:\WINDOWS\mservice.exe
del C:\WINDOWS\mservice.exe
attrib -r -h -s C:\WINDOWS\iau.exe
del C:\WINDOWS\iau.exe
attrib -r -h -s C:\WINDOWS\stisvsq.exe
del C:\WINDOWS\stisvsq.exe

Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Don't do anything else with it yet. Just save it to the desktop.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes: Notice that they are all in WINDOWS folder .

C:\WINDOWS\svshost.exe
C:\WINDOWS\lssas.exe
C:\WINDOWS\msqdevl.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\iau.exe
C:\WINDOWS\stisvsq.exe

Exit the Task Manager when finished.

Download FixWareout© by LonnyRJones
or
FixWareout© by LonnyRJones
Save it to your desktop. They are just different locations to download from.

Click Next, then Install, then make sure "Run fixit" is checked and click Finish
The fix will begin; follow the prompts
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts
Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{22DE3D33-CB0A-4AD4-809B-BCFE8170812E}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3036F878-F584-42CE-9F7E-D75F8E508B6F}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C899594-594F-4655-A386-018E310A9392}: NameServer = 85.255.115.30 85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{59CE5E5B-F063-4A92-99F9-69A170786801}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFF05C9-F404-4A47-979F-0578C22B0C72}: NameServer = 85.255.115.30,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFF05C9-F404-4A47-979F-0578C22B0C72}: NameServer = 85.255.115.30,85.255.112.226


Close all other windows/applications,etc., except HijackThis, and click on "fix checed". Exit HijackThis .

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please go to the desktop and double-click on remove.bat.


Still in Safe Mode, run ATF Cleaner

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

Still in Safe Mode run Ewido Anti-Malware.

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close Ewido-Anti-Malware.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

Restart your computer in normal mode

Now lets check some settings on your system.
(2000/XP)
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asked.
That option might not be avaiable on some systems
Next go to start> run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit, hit enter.
(that space between g and / is needed)

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply

Warning: If you are running AVAST as your antivirus, please disable it during the scan as it detects Panda as a virus and it's unable to ignore it.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt and the Panda scan results.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » February 17th, 2006, 5:24 pm

Hi Spike, :D

I haven't heard from you since Feb 3, 06. I hope it's for good reason. Can you please let me know if you still need help, or if the problem is solved so that we can close the thread. Thank you. :D :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby NonSuch » February 21st, 2006, 7:28 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum.

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware