Jump to content


Photo

about:blank virus please help!!!!!!!!!!!!


  • Please log in to reply
1 reply to this topic

#1 tkofi

tkofi

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 02:47 PM

hi there,
I am desperated with this nasty virus about:blank keep coming back
i have tried shredder, spybot and how hijack this

this is my log

thanx in advance

Logfile of HijackThis v1.98.0
Scan saved at 20:21:53, on 20/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\SysAI\SysAI.exe
C:\DOCUME~1\Thanasis\LOCALS~1\Temp\Rar$EX01.917\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Thanasis\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {21AF1157-D0D5-6D0F-F0C1-B06B972C8EB6} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {FDBE3423-8196-4E4B-8A9E-8E0162642AF4} - C:\WINDOWS\System32\klfoe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\Program Files\Atom Dent Logo\Inside.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTaskbar] "C:\Program Files\Screendragon VS5\VS5 Taskbar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Downloads - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\exio-kazemule-uk\index.html (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE} - file://C:\Info_sex2.cab
O18 - Filter: text/html - {87601980-739B-4585-AD49-D048C37BD238} - C:\WINDOWS\System32\klfoe.dll
O18 - Filter: text/plain - {87601980-739B-4585-AD49-D048C37BD238} - C:\WINDOWS\System32\klfoe.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dcdhn.dll

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 26 August 2004 - 07:39 PM

Sorry for the delay, if you still have problems post a new Hijack This log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button