Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I NEED help with spyware and about-blank


  • Please log in to reply
5 replies to this topic

#1 ebony2005

ebony2005

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 31 January 2005 - 12:36 AM

I recently discovered that the reason why my compter has slowed down considerably and why I get strange things in my "favorites" AND why I have lost control of my homepage with a page called "about-blank" is because I have that dreaded thing called spyware!!!!!!!! :thumbsup: I tried a few free downloads (Ad-Aware SE and Spybot - Search & Destroy) to scan and remove spyware and also SpywareBlaster to prevent it from coming back. They seem to be trying hard and my speed has increased somewhat but my homepage and favorites are still messed up. I am a verrrry green novice about computer programing so please treat me like the 'dummy' I am and please please help me! :flowers: Thanks in advance for any help I can get.

BC AdBot (Login to Remove)

 


#2 kevlamh

kevlamh

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:Durban, South Africa
  • Local time:10:01 PM

Posted 01 February 2005 - 06:46 AM

Hi ebony2005,

:flowers: I suggest that you have a look at the tutorial on getting rid of spyware etc. in another forum on this site, download HIJACKTHIS, extract it to a folder similar to C:\HJT, run the prog. and post the logfile to the hijack this forums - you will get help a lot faster, but be patient. After you have posted your log to the forum, use the "track this" button to be informed by e-mail when a reply has been made to your request.


BTW :thumbsup: and GOOD LUCK!!

Best wishes,

Kev'

Edited by kevlamh, 01 February 2005 - 06:48 AM.

Posted Image

#3 ebony2005

ebony2005
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 02 February 2005 - 12:55 AM

Thanks Kev. I will try the tutorial. I read it before posting but since I am not very computer savvy, I was afraid to try. But I will give it a go. Thanks!

#4 ebony2005

ebony2005
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 02 February 2005 - 01:51 AM

Hi Kev,

Below is my HIJACKTHIS Log. I hope your can help me. It is greek to me but hopefully you can decipher and help. I will anxiously await your reply.

Logfile of HijackThis v1.99.0
Scan saved at 1:45:36 AM, on 2/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\mshearts.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = My NetZero - Free Dial Up Internet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = My NetZero
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\SPYWAR~3\POPUPA~1\ABG_PL~1.DLL
O2 - BHO: (no name) - {B62146C5-F3A7-4DDE-BBA2-A0C404B4DF24} - C:\WINDOWS\System32\mcicdb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\System32\wer1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpyKiller] C:\Program Files\Spyware Killer Pro\SpyWare Killer\spyware_killer.exe /scan /remove /minimized
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107242574715
O17 - HKLM\System\CCS\Services\Tcpip\..\{08592716-9AF1-4D59-9F35-787B4425508E}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B0F878C-B8FE-490B-AA2B-AFDE8E3211B9}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{08592716-9AF1-4D59-9F35-787B4425508E}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{08592716-9AF1-4D59-9F35-787B4425508E}: NameServer = 64.136.20.121 64.136.28.121
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - {8CB72D82-D638-48DD-BEC0-8218FE337015} - C:\WINDOWS\System32\mcicdb.dll
O18 - Filter: text/plain - {8CB72D82-D638-48DD-BEC0-8218FE337015} - C:\WINDOWS\System32\mcicdb.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#5 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 02 February 2005 - 03:59 AM

Post your HJT log in this section

Hi ebony2005 you've posted your log in the wrong forum section, post it in the above link and someone will help. :thumbsup:

#6 kevlamh

kevlamh

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Location:Durban, South Africa
  • Local time:10:01 PM

Posted 03 February 2005 - 02:44 PM

:trumpet: Hi ebony2005,

I'm sorry :flowers: I seem to have mislead you as to where the HJT log should have been posted - it should be posted to the forum JUST BELOW this one - follow the link that stidyup has provided and start a new thread.

Unfortunately, I am NO expert at analysing these logs, I leave that to the experts!!

Best of luck.

Kev :thumbsup:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users