Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about:Blank and trojan [CLOSED]


  • This topic is locked This topic is locked

#1
stefm

stefm

    Member

  • Member
  • PipPip
  • 60 posts
Please help unable to remove about:blank and trojan horse virus. PC acting very strange. Unable to run virus scan house call or norton antivirus. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 10:40:41 PM, on 10/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\mfcsx.exe
C:\WINNT\system32\ZoneLabs\isafe.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\mfcqn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NI.UWFX5_0001_LP1014\setup.exe
C:\Program Files\WinFixer2005\UWFX5.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {99FD514A-9930-EB7D-2543-67B7CDCE8A82} - C:\WINNT\javazo32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [mfcqn.exe] C:\WINNT\mfcqn.exe
O4 - HKLM\..\Run: [___] DCC_send.exe
O4 - HKLM\..\Run: [clamav] DCC_send.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Kargo] XTermInit.exe
O4 - HKCU\..\Run: [control64] media64.exe
O4 - HKCU\..\Run: [CToolBar] jopplerg.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [WinFixer2005] C:\Program Files\WinFixer2005\uwfx5.exe /scan
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINNT\system32\mfcsx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi stefm and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
stefm

stefm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:12:08 PM, on 10/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\mfcsx.exe
C:\WINNT\system32\ZoneLabs\isafe.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\mfcqn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\dw15.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {7F1C5B87-7E05-B4C9-EB78-31A16AFF22B7} - C:\WINNT\system32\mslg32.dll
O2 - BHO: Class - {99FD514A-9930-EB7D-2543-67B7CDCE8A82} - C:\WINNT\javazo32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [mfcqn.exe] C:\WINNT\mfcqn.exe
O4 - HKLM\..\Run: [___] DCC_send.exe
O4 - HKLM\..\Run: [clamav] DCC_send.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Kargo] XTermInit.exe
O4 - HKCU\..\Run: [control64] media64.exe
O4 - HKCU\..\Run: [CToolBar] jopplerg.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D633D02-0E51-44E1-A887-FD25932585F1}: NameServer = 69.50.176.198,85.255.112.12
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINNT\system32\mfcsx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system is infected with a variant of the About:Blank infection.
  • First we must STOP, and Disable a bad Added Service
    • Click Start>Run and type in: services.msc
    • Click OK
    • In the Services window find: Insert Display Name
    • Select/highlight and right click the entry, and choose: Properties
    • On the General tab, under Service Status click the Stop button
    • Beside: Startup Type, in the drop menu, select: Disabled
    • Click Apply, then OK
  • Download CWShredder
    Click check for updates. Do not use it yet.

  • Download Aboutbuster 5
    • Create a new folder on your desktop and call it AB
    • Extract [ALL] the files from the AboutBuster.zip file into this new Folder
    • Click on Updates to ensure you are working with the most current version
    • [/B] Do not use it yet.
  • Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.

  • Download Killbox
    Choose save as to your desktop. Unzip the file. Do not use it yet.

    Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark show hidden files en extensions >OK

    Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!

  • Reboot your system intosafe mode for all OS

  • Close all windows and open HijackThis.
    • Click "scan only in the main window
    • Put a checkmark beside the following entries and click FIX checked.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\yzdxi.dll/sp.html#44768
      O2 - BHO: Class - {7F1C5B87-7E05-B4C9-EB78-31A16AFF22B7} - C:\WINNT\system32\mslg32.dll
      O2 - BHO: Class - {99FD514A-9930-EB7D-2543-67B7CDCE8A82} - C:\WINNT\javazo32.dll
      O4 - HKLM\..\Run: [mfcqn.exe] C:\WINNT\mfcqn.exe
      O4 - HKLM\..\Run: [___] DCC_send.exe
      O4 - HKLM\..\Run: [clamav] DCC_send.exe
      O4 - HKCU\..\Run: [Kargo] XTermInit.exe
      O4 - HKCU\..\Run: [control64] media64.exe
      O4 - HKCU\..\Run: [CToolBar] jopplerg.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
      O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINNT\system32\mfcsx.exe

  • Run CWShredder and choose FIX

  • Start AboutBuster and press START, and then OK. The program will start scanning. Please keep the About Buster log and post it in your next reply.

  • Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.

  • Start Killbox
    • Place a checkmark next to [x] Delete On Reboot.
    • Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.

      C:\WINNT\system32\mfcsx.exe
      C:\WINNT\mfcqn.exe
      C:\Program Files\Internet Explorer\dw15.exe
      C:\WINNT\yzdxi.dll
      C:\WINNT\system32\mslg32.dll
      C:\WINNT\javazo32.dll
      DCC_send.exe
      XTermInit.exe
      media64.exe
      jopplerg.exe
      C:\WINNT\web


    • Back in Killbox, go > file > paste from clipboard,
    • Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
    • Then click OK
    • Exit Killbox and Reboot your PC.
  • After the reboot, Start AboutBuster AGAIN and scan AGAIN.

  • Clean temporary files:
    • Go > start > run and type cleanmgr and OK
    • Scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
    • Click OK to remove those files.
    • Click Yes to confirm deletion.
  • Reboot your system into normal mode.

  • Download Ewido scan
    • Check for updates.
    • Let it do a full run.
    • Copy the log. Past it to a blank Notepad file and save it to post here.
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it, the EWIDOscan log, and the About Buster log in this thread for review.
Regards,

Trevuren

  • 0

#5
stefm

stefm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
" Insert Display Name" I cannot find this ervice to disable.
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Sorry, use this as Display Name: Remote Procedure Call (RPC) Helper


Regards,

Trevuren
  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP