Forum Home |  MWR University |  New to the Board? |  IRC Chatroom |  Who Runs This Site? |  ASAP Members |  Microsoft MVP Members |  Downloads |  Good & Bad P2P Programs |  Our Rules

MalWare Removal Forum

Malware Removal University - Teaching people how to support those with infected computers - Teaching them to never give up untill your computer is clean and secure.

Tutorials (etc.) : Boot to Safe Mode - Safely - What to do if your Computer's running slowly
It is currently Tue 21 May, 2013 9:59 pm

View unanswered posts | View active topics


Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Forum rules


Please read > >THIS ANNOUNCEMENT< < before posting your NEW topic about your problem.

Please do NOT reply to your topic until a staff member has responded as they are looking for topics that have ZERO replies.

Paste your logs into your post. DO NOT USE ATTACHMENTS! Logs posted as attachments will be ignored and the topic will be closed.

If no expert has replied after 3 days, and you still require assistance, please post in our 72 hour bump room > > CLICK HERE < < Please do NOT reply to your own topic in an attempt to "bump" it. Bumped topics will be closed, requiring you to start again from the beginning.

If you are being helped and you haven't replied to your helper within 3 days of their last post, your topic will be closed as inactive. If that happens, you will need to start a new topic when you have the time available to promptly complete all instructions.

If your topic has been closed due to inactivity, do NOT request that your topic be reopened - we do NOT reopen topics unless they have been closed in error - you will need to start a NEW topic with NEW DDS logs. Do NOT attempt to start a new topic with a post that is essentially a reply to your closed topic.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 10 posts ] 
  Previous topic | First unread post | Next topic 
Author Message
conrail
 Post subject: about blank
New postPosted: Wed 15 Jun, 2005 12:55 pm 
Offline
Active Member

Joined: Wed 15 Jun, 2005 12:48 pm
Posts: 4
hi guys, 1stposting so not sure what you need, keep getting about blank on ie8, running xp pro, have been poited your way, also when I click on a desktop icon, they disapear for about a secong then reapear but don't open, have downloaded hijackthis and saved the logfile as a word doc which I will copy and paste here, all help gratefully accepted:

Logfile of HijackThis v1.99.1
Scan saved at 4:36:13 am, on 15/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\javaqr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trust\Ami Track Dual Scroll\Amoumain.exe
C:\WINDOWS\System32\JupitCo.exe
C:\WINDOWS\System32\atwtusb.exe
C:\WINDOWS\glv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\sysrn32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\WINDOWS\System32\TBLMOUSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Harry\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hcsgv.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {6E4569A8-E677-0A0F-ECDC-9CC201C6B2AD} - C:\WINDOWS\system32\crxu32.dll
O2 - BHO: Class - {8773D188-CB86-4005-410E-8DEE50D983C3} - C:\WINDOWS\system32\crxu32.dll
O2 - BHO: Class - {8C8A43E7-16FA-0125-D764-9825D11BDBF8} - C:\WINDOWS\system32\crxu32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [glv] C:\WINDOWS\glv.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [sysrn32.exe] C:\WINDOWS\system32\sysrn32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Update.hta
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaqr.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Wed 15 Jun, 2005 1:17 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey Conrail,

Im looking at your Hijackthis Log now

Bertha
_________________

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Wed 15 Jun, 2005 1:20 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hi Conrail,

Welcome to MR Forums,

Firstly I need you to update to SP1 see here - http://www.microsoft.com/windowsxp/down ... fault.mspx

This is important as it will cover the patches in Windows for you making you less vulnerable to Junk

Please DO NOT INSTALL SP2 YET


Once Done do as follows:

Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it HJT.

Now Reboot, and post a new Hijackthis Log back here

Bertha

Top
 Profile  
 
conrail
 Post subject:
New postPosted: Wed 15 Jun, 2005 1:54 pm 
Offline
Active Member

Joined: Wed 15 Jun, 2005 12:48 pm
Posts: 4
thanks Bertha, unfortunately I am having trouble creatinng the file you asked me to do, when I click on My Computer or try Windows key+e or any desktop icon, the desktop clears for a decond, returns but wont open anything
_________________

Top
 Profile  
 
conrail
 Post subject:
New postPosted: Wed 15 Jun, 2005 3:07 pm 
Offline
Active Member

Joined: Wed 15 Jun, 2005 12:48 pm
Posts: 4
your help has been much apreciated Bertha but I am getting nowhere, I am unable to access the log or anything else for that matter so going to cut my loses and reformat and reinstall, hopefully that will clear everything for a fresh start, norton, adaware or spybot failed to stop this problem, can't access the start menu or search to look for the log file

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Wed 15 Jun, 2005 7:14 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Did you try updating tp SP1?

If you wish to reformat then thats fine, However if we can get over this hurdle then I can help you

Bertha

Top
 Profile  
 
conrail
 Post subject:
New postPosted: Thu 16 Jun, 2005 8:25 am 
Offline
Active Member

Joined: Wed 15 Jun, 2005 12:48 pm
Posts: 4
I did install sp1 but the problem is that I cannot access anything, currently using another pc to write this, everytime I click on any icon or the start button the icons all dissapear for a second then return, then I cannot even click on anything for a while, the display background stays the same and the mouse pointer moves but that is all, cannot even access search to look for the hijack program to run another log file, I give up at 1am this morning and been back at it since 4:45am, wish I knew how to swear, sorry, trying to add humour to stop myself screaming. I have not started formatting yet, I will give it another try to get a new log file.

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Thu 16 Jun, 2005 12:16 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey Conrail,

If you can post a new Logfile that would be good :D

Bertha

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Fri 24 Jun, 2005 3:58 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hows the new HJT Log coming along :lol:

Bertha

Top
 Profile  
 
ChrisRLG
 Post subject:
New postPosted: Sun 24 Jul, 2005 10:55 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Thu 16 Dec, 2004 3:04 pm
Posts: 17763
Location: Southend, Essex, UK
Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 10 posts ] 

Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Who is online

Users browsing this forum: Blair and 12 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Member site: Alliance of Security Analysis Professionals | UNITE Against Malware

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group