Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » About: Blank
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old 04-01-2007, 08:28 AM
Melodi's Avatar
Melodi Melodi is offline
MCP Win XP
  
Join Date: Nov 2004
Location: Frozen Tundra ( Canadian Wanna Be)
Posts: 519
Send a message via MSN to Melodi Send a message via Yahoo to Melodi
About: Blank
Hello. Here is the about:blank nightmare. I've run all the antispyware programs and the pc is tons better now but there is still something wrong. (I had hjt fix all those 02 and they still came back). Here is the log. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:24:11 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\rmtools\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {04E44D61-38BB-E8B2-A1A9-21ADD21CA485} - (no file)
O2 - BHO: (no name) - {08817655-0E34-8BCD-99FE-0596ECF04010} - (no file)
O2 - BHO: (no name) - {0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C} - (no file)
O2 - BHO: (no name) - {14A7650B-DA95-B840-ADD4-086766CC7131} - (no file)
O2 - BHO: (no name) - {152ECDD8-5431-E0A6-52CD-447AF55F61DC} - (no file)
O2 - BHO: (no name) - {18FB2A6A-F233-369E-6A36-6A30EE2D9B65} - (no file)
O2 - BHO: (no name) - {196EDB12-C98B-22AB-88CA-6BCEBAC7061A} - (no file)
O2 - BHO: (no name) - {1973C657-3456-8254-BA73-AF45736DAC56} - (no file)
O2 - BHO: (no name) - {1BA66C63-D629-6D93-F955-C6849D824048} - (no file)
O2 - BHO: (no name) - {1F58C5B4-71E6-9034-1D00-229C1B03146D} - (no file)
O2 - BHO: (no name) - {1FA74F44-BE14-6F79-094E-4760D87A1B13} - (no file)
O2 - BHO: (no name) - {226F74F7-94A2-FE96-7B23-B01DD29FD1E8} - (no file)
O2 - BHO: (no name) - {23F25594-3C68-A00C-823F-16795B480CEC} - (no file)
O2 - BHO: (no name) - {25BC0079-2A8E-B1F2-44CA-1C9AE7CFE95A} - (no file)
O2 - BHO: (no name) - {2AA0FE3E-BB7C-7DE4-3FD1-D24B5ACFB827} - (no file)
O2 - BHO: (no name) - {3834AA13-4038-9320-1E93-D1D572E3A1CA} - (no file)
O2 - BHO: (no name) - {39343D98-B763-4AD3-2537-2FEACBCF610E} - (no file)
O2 - BHO: (no name) - {3C429116-BB93-5F0C-88F2-42257E2E113A} - (no file)
O2 - BHO: (no name) - {42C144CB-27B3-27F0-C116-E454EB628818} - (no file)
O2 - BHO: (no name) - {455E5895-2869-A744-5B87-61CAF3244117} - (no file)
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} - (no file)
O2 - BHO: (no name) - {50926289-7AE9-F205-35DB-3C3AE5AF9093} - (no file)
O2 - BHO: (no name) - {55E87116-EB4C-8F69-397B-DEC458BCE908} - (no file)
O2 - BHO: (no name) - {597C394D-7209-3F39-761D-930B4E37CB86} - (no file)
O2 - BHO: (no name) - {5DB07E37-75DB-B4B6-96F7-396F8F6D52EE} - (no file)
O2 - BHO: (no name) - {70DCE89C-D9A9-938E-3801-E2EE2A8B9C09} - (no file)
O2 - BHO: (no name) - {71213EAB-AAF4-E61B-98B3-D9049B7ADFEE} - (no file)
O2 - BHO: (no name) - {7381F5E4-F3AE-9126-6767-3BFBA4EB86B1} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {7AC66D02-E97D-3115-35F2-0428823161F4} - (no file)
O2 - BHO: (no name) - {83E737CF-4567-17A1-95AF-D5FC7653A2E0} - (no file)
O2 - BHO: (no name) - {87660378-C0D8-4042-E8EE-3B0499FCC8D2} - (no file)
O2 - BHO: (no name) - {94EE2D7A-2FA2-CC22-EF26-F138D4D7935C} - (no file)
O2 - BHO: (no name) - {96539909-96EA-25C3-E2A9-52D232FB283C} - (no file)
O2 - BHO: (no name) - {979D4A88-9E2B-2877-F1F7-EAA0D08C7F27} - (no file)
O2 - BHO: (no name) - {987988BB-5DF7-A166-76A8-1F20433BD9FF} - (no file)
O2 - BHO: (no name) - {A7E033B5-C0B6-AAE5-3227-2D8DCA3F2402} - (no file)
O2 - BHO: (no name) - {A8F6B1F5-3A60-7F28-9E52-B54067972D3C} - (no file)
O2 - BHO: (no name) - {AF487929-7910-25C4-CBCB-856855FC1F1B} - (no file)
O2 - BHO: (no name) - {BE2FF6CD-C8C8-39B6-0370-180D3C44B04E} - (no file)
O2 - BHO: (no name) - {BEE12119-BECC-DB4D-E7EE-62405C75EBB1} - (no file)
O2 - BHO: (no name) - {CC2EFE89-35B6-961C-D290-55C0D7778456} - (no file)
O2 - BHO: (no name) - {D0CEC06E-821E-9959-CABB-8F52B1005BA8} - (no file)
O2 - BHO: (no name) - {D5070CD8-B904-C451-6A5E-A3F4A72B627C} - (no file)
O2 - BHO: (no name) - {DBFB11A2-FEE6-69A6-2E18-C1A6B377061B} - (no file)
O2 - BHO: (no name) - {E0AEB7AC-A620-791D-2529-5ADF8D029A5E} - (no file)
O2 - BHO: (no name) - {EB6CA0F4-3A1C-6772-E64F-4A74CBFD30B5} - (no file)
O2 - BHO: (no name) - {EDD86EB8-1363-DEE2-3BB5-79363EAAF6BD} - (no file)
O2 - BHO: (no name) - {EF1DDF86-6543-6ED0-DAB0-83F46C8BA6BD} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [netjf32.exe] C:\WINDOWS\netjf32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) -
http://software.musicnow.com/musicno...3/MusicNow.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
http://www5.incredimail.com/contents...r/imloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysba32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
__________________
You know you are getting old when you hear music you listened to in high school playing on the oldies station.
Reply With Quote
Posted


  #2  
Old 04-01-2007, 07:17 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
DownLoad http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
Reply With Quote
Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 06:57 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2