First, I want to thank you guys for offering so much help in general about these darn viruses/adware/spyware/crap. I have used a lot of the resources that have been posted to try and get rid of my About:Blank issues, and I think I may have actually gotten rid of it on my own (after about 15 hours here and there of googling and using the tutorials, etc). I have run About:Blaster, HijackThis, Spybot S&D, and Norton in addition to trying to run Ad Aware to try to clean everything up. Ad Aware freezes up after about a minute of running (after it found 14 things and started a deep registry scan, I think). I am also just starting to get messages that www.sexandpoker.com and www.allspyware.com are trying to contact the internet – I was hoping Spybot would get those…apparently not. The only thing it is picking up now is the DSO exploit IE problem….
So, I would like to know if you guys have any idea why Ad Aware freezes up (should I delete it and try loading it again?)
How do I get rid of all the other stuff that just popped up? Keep running the same programs to delete them?
What browser do you guys recommend other then Internet Explorer?
I am getting so tired of all of these awful nasty things…but I suppose I am learning more about my computer
Thanks for the help, I will be posting a Hijackthis log if that About:Blank crap comes back!

Post a log anyway, making sure it is the latest version (1,99) and that it is in it's own folder .

One of the items of malware are possibly stopping adaware from running.

I recommend Opera as an alternative to IE, but the popular one at the moment appears to be FireFox.

I went ahead and loaded Firefox because of a friend's recommendation, we shall see how it goes (so far no craziness)

here is the latest log, I always see a few things on there I am not too sure about, but it looks so much better without all those extra lines for about:blank and all those toolbars and stuff

Logfile of HijackThis v1.99.0
Scan saved at 8:33:36 AM, on 1/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = oumail.ou.edu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Merriam-Webster - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [dispex] C:\WINNT\System32\dispex.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration Myst Uru
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.webster.com/tools/toolbar/cabs/m-w.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAC5B70D-A401-439E-8F49-A7754842CD27}: NameServer = 69.50.188.180 195.225.176.31
O18 - Filter: text/html - {A135230A-777A-4C1F-A71E-2329A63483DF} - C:\WINNT\System32\protect32.dll
O18 - Filter: text/plain - {A135230A-777A-4C1F-A71E-2329A63483DF} - C:\WINNT\System32\protect32.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

thanks for your help

oh, and how do I get around the malware issue to run the Ad Aware? Is that a common problem?

Try running Ad-Aware from Safe Mode.

You need to go to Windows Update and get all the Critical Updates for your system as this will help prevent infections. Hold off on SP2, however, until your system gets cleaned up.

I will try that, thanks.
I went to windows and began to download all the updates (for some reason my automatic update hasn't been going...must have turned it off somehow), and it kept freezing up and disconnecting and generally not working - but perhaps it will work now that things are cleaned up a bit and my computer isn't super slow anymore (just dial-up slow).

Since you have dial-up, you may want to order the CD from Microsoft rather than download it.

That is very true. After I got my computer straightened out last year and I was behind on my updates, it would "freeze" each time I tried to download them. It wasn't actually freezing though I don't think...it was just that I had so many to download it was taking forever. I ordered the CD, which was free, and got my updates from there. Ever since I have had no problem downloading any critical updates.

In terms of your log:

1. Verify that the IPs listed in this entry are your correct DNS sserver IPs:

O17 - HKLM\System\CCS\Services\Tcpip\..\{BAC5B70D-A401-439E-8F49-A7754842CD27}: NameServer = 69.50.188.180 195.225.176.31

If not, have HJT fix the entry and verify/reset your DNS settings in your network connection's properties page.


2. From the little info I can find on the "protect32.dll" file, it appears to be an "unwanted guest". Have HJT fix the following:

O18 - Filter: text/html - {A135230A-777A-4C1F-A71E-2329A63483DF} - C:\WINNT\System32\protect32.dll
O18 - Filter: text/plain - {A135230A-777A-4C1F-A71E-2329A63483DF} - C:\WINNT\System32\protect32.dll

Then delete the protect32.dll file. You may need to reboot, possible even into Safe Mode, to perform the deletion.

Thanks for all the help, I think I am pretty cleared up (although every time I get off the internet I run a spyware/adware search and come up with stuff quite frequently though not in the quantities I used to have). Is there anything that blocks all of that stuff or do I just have to live with constantly cleaning them off my computer?
Also, I ran a HJT log recently and came up with something on there that Norton says is a threat but cannot delete:
C:\WINNT\System32\sprestrst.exe
The weird thing is that when I go to see if I can manually delete it, the file is not there, and the closest thing is sprestrt.exe, although I cannot find info on either one of them on the internet. (I tried to delete the one showing up in the folder but it came back two seconds later). If anyone knows anything about this I really appreciate the help
Thanks again

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

Post another hijackthis log too.

Have you done your microsoft updates yet?