1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

About:blank and http:ssearch.biz/?wmid=1010

Discussion in 'Virus & Other Malware Removal' started by gavinbr, Sep 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    Hello,

    I have been trying to get rid of "about:blank" and its partnet "ssearch.biz/?wmid=1010" browser.

    I have HJT, and shredder and umpteen other spy removers, but they can't seem to catch this one.

    How do I find the hidden dll which does the replicating.

    Any assistance would be appreciated.

    getting very frustrated now!

    gavinbr

    PS: have read tons of posting but none of them are the same as mine?
    Logfile of HijackThis v1.97.7
    Scan saved at 4:38:06 PM, on 9/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Compaq\Compaq Message Screener\bin\compaq-rba.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
    C:\Program Files\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\BRIANW~1\Desktop\VIRUS~~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
    O4 - User Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - User Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi gavinbr

    Welcome to TSG! :)

    A new version of Hijack This has been released so get rid of the old one and Click here to download the new one, come back here and post the log from it.
     
  3. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    flrman1,

    thanks for your quick response.

    here is the new scan from the updated HJT

    Logfile of HijackThis v1.98.2
    Scan saved at 5:26:14 PM, on 9/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Compaq\Compaq Message Screener\bin\compaq-rba.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
    C:\Program Files\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\brian wenyon\Desktop\hijackthis.exe~1.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\BRIANW~1\Desktop\VIRUS~~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
    O4 - User Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - User Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    thanks

    gavinbr
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click here to download getservice.zip and unzip it to your desktop. Open the Getservice folder and click on the getservices.bat file. A notepad will open up with a long list of Services. Please save that notepad file and attach it to your next reply to this thread. It will be easier to attach it rather than copy and paste because it will be too long to paste in one post.
     
  5. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    hello,

    here's the services print out attached, 25 pages.

    gavinbr
     
  6. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    flrman1,

    Did you get my attachments regarding the services

    gavinbr
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    It's not there. Did you try attaching it to your post?
     
  8. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    hello again,

    here it is a again

    gavinbr
     

    Attached Files:

  9. gavinbr

    gavinbr Thread Starter

    Joined:
    Sep 7, 2004
    Messages:
    6
    hello flrman1,

    did you get the attachment and have you been able to find the hidden dll.

    thanks

    gavinbr
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271387

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice