about:blank HELP PLEASE!

And I also found the XPlugin.dll now

Download CWShredder 2. from here. Run it and press the *fix,* not scan and allow it to clean the infection.
Save it to your desktop.
Do not run it yet. We will run it later.

Download the Backdoor.Agent.B Removal Tool from Symantec.
Follow Symantec's instructions for how to run it.
Be sure to save the log file. I will need to see it later.
Restart your computer.
Run CWShredder. Be sure to click Fix as opposed to Scan Only. It should find some things and remove them.
Restart your computer once more.
Post a new HijackThis log and the log Symantec's tool gave you.

CWShredder didnt found anything..
I've runned the Symantec Tool and it did found a file: /system/sql.dll but i've lost de logs ' cause i've runned it twice... =P
Then i've runned cws again, and it didn't found anything again..
The spyware is still running here, that damn about:blank, well here is the hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 08:15:03, on 19/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\ICQLITE\ICQLITE.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\AOL BRASIL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {DDA23FE1-50DE-11D9-BA2C-4445051083BF} - C:\WINDOWS\SYSTEM\NNBN.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\ARQUIVOS DE PROGRAMAS\ICQLITE\ICQLITE.EXE -trayboot
O4 - HKCU\..\RunServicesOnce: [ICQ Lite] C:\ARQUIVOS DE PROGRAMAS\ICQLITE\ICQLITE.EXE -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\MSN Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\MSN Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O18 - Filter: text/html - {B6F755C0-514B-11D9-BA2C-841FDEC5348E} - C:\WINDOWS\SYSTEM\NNBN.DLL
O18 - Filter: text/plain - {B6F755C0-514B-11D9-BA2C-841FDEC5348E} - C:\WINDOWS\SYSTEM\NNBN.DLL

Thanks!

Can you post the log Symantec's tool gave you as crunchie requested?

You need to go to Windows Update to get all the Critical Updates for your system.

Whenever you scan with HJT (or fix anything with it), make sure all browser windows are closed. Scan with HJT again and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {DDA23FE1-50DE-11D9-BA2C-4445051083BF} - C:\WINDOWS\SYSTEM\NNBN.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O13 - WWW. Prefix: http://
O18 - Filter: text/html - {B6F755C0-514B-11D9-BA2C-841FDEC5348E} - C:\WINDOWS\SYSTEM\NNBN.DLL
O18 - Filter: text/plain - {B6F755C0-514B-11D9-BA2C-841FDEC5348E} - C:\WINDOWS\SYSTEM\NNBN.DLL

Scan again with HJT (making sure all browser windows are still closed), and post a new HJT log and the Symantec log.

I've lost the Symantec log, i runned the scan and he found one backdoor in sql.dll and then askme to restart the domputer and i said yes, it restarted and saved the log, but then i runned it again and it didn't found any backdoors.. but did replaced the log for:

Symantec Backdoor.Agent.B Removal Tool 1.0.1.2

Backdoor.Agent.B has not been found on your computer.

*I did all you told me to do with the HJT and the problem seems to be gone, i'll restart the computer now, to make sure.. here is the HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 12:43:47, on 19/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARQUIVOS DE PROGRAMAS\ICQLITE\ICQLITE.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.93.120.39:80
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\ARQUIVOS DE PROGRAMAS\ICQLITE\ICQLITE.EXE -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Arquivos de programas\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\MSN Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\MSN Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

And that's it, i'll restart now and then i tell you if its defnitly gone or not.. Thanks man!

Man, i think it's gone.. i restarted and the problem is gone.. =).. Thanks a lot man, i have tried everything to clean the damn spyware, well.. now its gone =).. Thankssss!!

You still need to go to Windows Update to get the Critical Updates for your computer :).

I would also recommend SpywareBlaster; there is a link to it in crunchie's signature block. (Keep it updated!)

Man.. I did all the critical updates, except for the Internet Explorer 6.. and now.. msn just not work.. hotmail too, when i click on OK to log in my email.. it just gives me a "not found" page, orkut.com is not working too.. i don't know what to do.. i've unistalled some of the updates to see if will work, i'll restart my computer now.. Helpme please!!

Try updating IE6. I am pretty certain that other users who had this problem fixed it by updating :). You will continue to get infected if you insist on using IE5.50

I'm doung that right now.. but i've already uninstalled some of the updates (the one's who was possible to unnistal).. would it be a problem after i upload i.e?

ps.. The Windows Update site was not working so well too.. when it start to search for the updates that i need.. it just says that an error ocourred.. so i've gone to the downloads page and downloades the executable upload, same name, same size(like 400kb).. now it's downloading a 16mb file.. just wanna make sure if everything is right!!

Thanks man!!!!

I am not 100% certain, but I imagine that Microsoft's updates would work better with up-to-date software :).