Jump to content


Photo

about blank 2


  • Please log in to reply
4 replies to this topic

#1 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 03 July 2004 - 01:56 PM

hello I get blue screen when I try to lanch the avg 6.0 program . I have laptop xp os. Avg said I have back door trojan before I went blue screen
but my more urgent problem is my laptop keeps dropping my internet connection after 120 seconds.
Now I can't even open a web page to get on line. My desktop has no problem getting on line , same internet con.
I have the cws shredder, norton, hijack this, avg, ad-aware 6.0, spy sweeper.
There some other recommended ones but I can't get on line to down load

I have added two posts but can't see them in the forum?

Edited by zjclimber, 08 July 2004 - 07:40 PM.


#2 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 05 July 2004 - 03:40 PM

Please see attached log from HijackThis. If you could help me out on this I would appreciate it.

Logfile of HijackThis v1.98.0
Scan saved at 12:31:03 PM, on 7/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\FDIW\UpdtChk.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dennis.D218HS31\Desktop\junk\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\DENNIS~1.D21\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B27CE444-E30A-4907-83C9-B86857CEEBDD} - c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp329\a0028309.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farme...ctiveX/smsx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA76530-0D15-4308-A686-BCE1AC903AEC}: NameServer = 12.152.176.3,12.32.70.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7AA335F-0880-46A9-8BBA-5060A960267D}: NameServer = 12.152.176.3,12.32.70.67
O18 - Filter: text/html - {13D86E39-BCA9-4A2F-B479-35E950F01C40} - c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp329\a0028309.dll
O18 - Filter: text/plain - {13D86E39-BCA9-4A2F-B479-35E950F01C40} - c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp329\a0028309.dll

#3 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 06 July 2004 - 02:01 AM

haha I got mylaptop up and runing again. About 7 Hours before I got it work-
ing I Had disabled Norton and I was able to get on the internet but after five
minutes I lost my internet connection. I thought it was about-blank or some
other trojan highjacker.

So for the next 7 hours I tried everything I could find about internet connectivity. Nothing worked I keeped thinking adout the five minutes I was on. I decided to uninstall norton I figured it didn'nt protect me from being hijacked anyway and now my laptop is working just fine.

so now its back to getting rid of the highjackers.

#4 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 06 July 2004 - 02:26 AM

haha my laptop can get back on line again I uninstalled norton Anti virus and have not had anymore problems so far. Maybe one of the 'spyware/highjackes' corrupted it.

I may have also rid my laptop of the highjackes I'll reboot a dozen more times
before I start to feel confident they are gone.

#5 zjclimber

zjclimber

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 08 July 2004 - 06:47 PM

I was able to fix my dropping internet connection by unistalling Norton
maybe it got corrupted. I am still infected with about blank. I found the
exact file location of the virus but ad-aware can't delet it.

the infected file is under documents settings. file name is 'dennis.D218HS31'
size is 449,088/213 bytes. Created 11/18/2003. Modified 07/01/04 !

So maybe something can be done from this location. I don't want to touch it
for fear of making my problem worse.

can any one help thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button