Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't open hard drive


  • Please log in to reply

#1
brainsnap

brainsnap

    New Member

  • Member
  • Pip
  • 6 posts
Today, my computer wouldn't allow me to access my hard drive... clicking My computer froze the computer. I backed up the Dr. Watson files, and turned off the Dr. Watson program... now When i click my computer it gives me a reference memory error. what can i do to fix this? thank you in advance...

-brainsnap

Hijackthis Log:


Logfile of HijackThis v1.99.0
Scan saved at 11:36:43 PM, on 2/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\qttask.exe
C:\WINDOWS\javany32.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\winnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Erik\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} - C:\WINDOWS\d3pn.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2CQZ69J4QYTL29] C:\WINDOWS\System32\Dzg1p5.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [javany32.exe] C:\WINDOWS\javany32.exe
O4 - HKLM\..\Run: [A8.tmp] C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A8.tmp.exe] C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
O4 - HKLM\..\RunOnce: [winnt.exe] C:\WINDOWS\winnt.exe
O4 - HKLM\..\RunOnce: [apiqx.exe] C:\WINDOWS\apiqx.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: (HKLM)
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O21 - SSODL: AIM YGP Picture Finder - {13FF2024-9D82-829E-CBEA-F5C42697FA26} - C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPPicEditx.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD File System Service - Unknown - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\winkf.exe (file missing)
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Welcome to Geeks to Go brainsnap

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwmzm.dll/sp.html#12345
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {4ABF050C-DD0D-52FF-DD7A-B315E8F9B10E} - C:\WINDOWS\d3pn.dll
O4 - HKLM\..\Run: [2CQZ69J4QYTL29] C:\WINDOWS\System32\Dzg1p5.exe
O4 - HKLM\..\Run: [javany32.exe] C:\WINDOWS\javany32.exe
O4 - HKLM\..\Run: [A8.tmp] C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A8.tmp.exe] C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
O4 - HKLM\..\RunOnce: [winnt.exe] C:\WINDOWS\winnt.exe
O4 - HKLM\..\RunOnce: [apiqx.exe] C:\WINDOWS\apiqx.exe
O15 - Trusted IP range: (HKLM)
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O21 - SSODL: AIM YGP Picture Finder - {13FF2024-9D82-829E-CBEA-F5C42697FA26} - C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPPicEditx.dll (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\winkf.exe (file missing)

Then delete the following files (if they exist):

C:\WINDOWS\d3pn.dll
C:\WINDOWS\System32\Dzg1p5.exe
C:\WINDOWS\javany32.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
C:\WINDOWS\system32\tibs5.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
C:\WINDOWS\winnt.exe
C:\WINDOWS\apiqx.exe
C:\WINDOWS\zeta.exe
C:\WINDOWS\winkf.exe

Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0

#3
brainsnap

brainsnap

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
the only problem is.... my computer won't restart in safe mode. as it gets to the login screen(which it takes several minutes to do so) the computer reboots for no apparent reason. what can i do about this?
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi brainsnap

Download this service tool (free) will alow you to stop disable and then delete a rouge service
Download pserv.cpl: http://p-nand-q.com/e/pserv.html
Direct download > http://p-nand-q.com/...l/pserv-2.3.exe
Install then run the tool,(located in your C:\Program Files\p-nand-q.com find >>>
**SERVICE HERE****
Right click > choose stop, then rightclick disable, rightclick delete.
close the tool.

C:\WINDOWS\d3pn.dll
C:\WINDOWS\System32\Dzg1p5.exe
C:\WINDOWS\javany32.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
C:\WINDOWS\system32\tibs5.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\A8.tmp.exe 4 10001
C:\WINDOWS\winnt.exe
C:\WINDOWS\apiqx.exe
C:\WINDOWS\zeta.exe
C:\WINDOWS\winkf.exe

Please post a new HJT.Log Thank You

Kc :tazz:
  • 0

#5
brainsnap

brainsnap

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
which services am i supposed to stop? which would prevent safe mode from running?
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi brainsnap

C:\WINDOWS\ d3pn.dll<-Delete this file
C:\WINDOWS\System32\ Dzg1p5.exe<-Delete this file
C:\WINDOWS\ javany32.exe<-Delete this file
C:\DOCUME~1\Gary\LOCALS~1\Temp\ A8.tmp.exe 4 10001<-Delete this file
C:\WINDOWS\system32\ tibs5.exe<-Delete this file
C:\WINDOWS\ winnt.exe<-Delete this file
C:\WINDOWS\ apiqx.exe<-Delete this file
C:\WINDOWS\ zeta.exe<-Delete this file
C:\WINDOWS\ winkf.exe<-Delete this file

Please post a new HJT.Log Thank You

Kc :tazz:
  • 0

#7
brainsnap

brainsnap

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
heres the log... i still have homesearch assistant on my computer, and i can't yet reboot in safe mode. also, my computer is running very slowly... i'm receiving a spooler subsystem app problem(so i can't install my printer) and AOL instant messenger crashes upon receiving or sending and IM.



Logfile of HijackThis v1.99.0
Scan saved at 5:11:28 PM, on 2/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\qttask.exe
C:\WINDOWS\System32\Guhydq.exe
C:\WINDOWS\system32\sdkuf.exe
C:\WINDOWS\system32\winfp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Erik\My Documents\HT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\ipje32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Bjhcij.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Guhydq.exe
O4 - HKLM\..\Run: [sdkuf.exe] C:\WINDOWS\system32\sdkuf.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O21 - SSODL: AIM YGP Picture Finder - {13FF2024-9D82-829E-CBEA-F5C42697FA26} - C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPPicEditx.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD File System Service - Unknown - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi brainsnap

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vqotb.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vqotb.dll/sp.html#12345
O2 - BHO: (no name) - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\ipje32.dll
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Bjhcij.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Guhydq.exe
O4 - HKLM\..\Run: [sdkuf.exe] C:\WINDOWS\system32\sdkuf.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O21 - SSODL: AIM YGP Picture Finder - {13FF2024-9D82-829E-CBEA-F5C42697FA26} - C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPPicEditx.dll (file missing)


Then delete the following files (if they exist):

B]C:\WINDOWS\ipje32.dll
C:\WINDOWS\System32\Bjhcij.exe
C:\WINDOWS\System32\Guhydq.exe
C:\WINDOWS\system32\sdkuf.exe
C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPPicEditx.dll (file missing)[/B]

Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP