Bad Image hebitozu.dll
Started by
eMoRTaL
, Sep 08 2013 06:46 PM
#1
Posted 08 September 2013 - 06:46 PM
#2
Posted 08 September 2013 - 08:38 PM
If you can get an OTL or even a Hijackthis log it should be no problem to fix it.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop. You may need to download it on a different PC and put it on a CD or clean (never been on your sick PC) USB drive then move it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them. IF you can't do that then look through the OTL log yourself and copy down the line that shows hebitozu.dll. It's probably an O20 line.
Ron
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop. You may need to download it on a different PC and put it on a CD or clean (never been on your sick PC) USB drive then move it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them. IF you can't do that then look through the OTL log yourself and copy down the line that shows hebitozu.dll. It's probably an O20 line.
Ron
#3
Posted 09 September 2013 - 06:26 PM
Ron I found that line on
o20 - AppInit_DLLs: (C:\WINDOWS\system32\hebitozu.dll) - C:\WINDOWS\system32\hebitozu.dll ()
On another instance the computer tries to download Status and to insert the 'Status' disk. and then another window opens up Microsoft .NET Framework (X) An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue. Object reference not set to an instance of an object. Then those two screens seem to stay up. Continue just brings the box up.
o20 - AppInit_DLLs: (C:\WINDOWS\system32\hebitozu.dll) - C:\WINDOWS\system32\hebitozu.dll ()
On another instance the computer tries to download Status and to insert the 'Status' disk. and then another window opens up Microsoft .NET Framework (X) An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue. Object reference not set to an instance of an object. Then those two screens seem to stay up. Continue just brings the box up.
#4
Posted 09 September 2013 - 08:50 PM
This is how you remove the O20 line with OTL, Might be better to copy the O20 line from your OTL scan and paste it on top of the one I put in as it needs to be exact.
Copy the text in the code box by highlighting and Ctrl + c
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09092013-some number.log so look there if you don't see it.
Copy the text in the code box by highlighting and Ctrl + c
:OTL O20 - AppInit_DLLs: (C:\WINDOWS\system32\hebitozu.dll) - C:\WINDOWS\system32\hebitozu.dll () :Commands [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09092013-some number.log so look there if you don't see it.
#5
Posted 10 September 2013 - 04:36 PM
Hey Ron,
I tried that and it seems to ave worked....the only thing is that afterward it restarted and never brought up anything but the wallpaper...and I left it for a while to see if everything would come up but nothing has come up but the wallpaper.
I tried that and it seems to ave worked....the only thing is that afterward it restarted and never brought up anything but the wallpaper...and I left it for a while to see if everything would come up but nothing has come up but the wallpaper.
#6
Posted 10 September 2013 - 04:39 PM
Right click on the clock and select Task Manager. If no clock then Ctrl Alt Delete and select Task Manager. Then File new and type in explorer and hit Enter. If that doesn't work then try booting into Safe Mode with Command Prompt.
#7
Posted 10 September 2013 - 04:54 PM
ok now the explorer part worked...when i looked at the system configuration utility...it looks like av2009 = AntiVirus2009 has been exposed to this computer...ok the log says :
OTL: Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsof\Windows NT\CurrentVersion\windows\\AppInit_)DLLs:C:\WINDOWS\system32\hebitozu.dll deleted successfully.
C:\WINDOWS\system32\hebitozu.dll moved successfully.
=======COMMANDS=========
OTL by OldTimer - version 3.2.69.0 log created on 09102013_181715
Is AUTOEXEC.BAT supposed to even be in C: ?
OTL: Registry Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsof\Windows NT\CurrentVersion\windows\\AppInit_)DLLs:C:\WINDOWS\system32\hebitozu.dll deleted successfully.
C:\WINDOWS\system32\hebitozu.dll moved successfully.
=======COMMANDS=========
OTL by OldTimer - version 3.2.69.0 log created on 09102013_181715
Is AUTOEXEC.BAT supposed to even be in C: ?
Edited by eMoRTaL, 10 September 2013 - 05:04 PM.
#8
Posted 10 September 2013 - 05:00 PM
Which version of Windows is this?
If Win 7 or Vista you can use Task Manager to tell it to do:
sfc /scannow
If you run regedit you can look at:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
These two should say:
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
Explorer.exe should be located in C:\Windows\Explorer.exe
You can also try a system restore from Task Manager: File, New then type:
rstrui.exe
If there are any old points you can try them.
If Win 7 or Vista you can use Task Manager to tell it to do:
sfc /scannow
If you run regedit you can look at:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
These two should say:
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
Explorer.exe should be located in C:\Windows\Explorer.exe
You can also try a system restore from Task Manager: File, New then type:
rstrui.exe
If there are any old points you can try them.
#9
Posted 10 September 2013 - 05:03 PM
Is AUTOEXEC.BAT supposed to even be in C: ?
yes check the date on it to make sure it hasn't been modified recently. It's not much used these days and is normally a hidden system file but if you want you can right click on it and Edit. That should bring it up notepad so you can see what it is trying to do.
yes check the date on it to make sure it hasn't been modified recently. It's not much used these days and is normally a hidden system file but if you want you can right click on it and Edit. That should bring it up notepad so you can see what it is trying to do.
#10
Posted 10 September 2013 - 05:17 PM
this is Windows XP Pro however the screen says Media Edition 2005 something like that...it had been updated but only has SP1. I still can't get wifi up for some reason either. Can't use system restore either because the date I got it...is the same date I can restore it to....but why...now it at lease is working without the errors. There are also some noticeable things in run command...I pressed c by accident and it has some commands such as: file:///C:/WINDOWS/system32/oobe/actshell.htm <---is something like this normal?
a little update : the commands in regedit are as you wrote...the autoexec file is created/modified the same date : Wednesday, January 30, 2008, 6:16:20 PM
there is nothing in the autoexec.bat file when i edit it
a little update : the commands in regedit are as you wrote...the autoexec file is created/modified the same date : Wednesday, January 30, 2008, 6:16:20 PM
there is nothing in the autoexec.bat file when i edit it
Edited by eMoRTaL, 10 September 2013 - 05:30 PM.
#11
Posted 10 September 2013 - 05:20 PM
Can you hook it up with an Ethernet cable?
#12
Posted 11 September 2013 - 04:51 PM
I tried hooking it up to ethernet cable...but it's still not picking it up. I've tried scanning with MBAM and there are 87 objects detected so far...I'm going to "clean it up" and see what happens. What other scan can I do to post on here for you to look through and see if there is anything keeping the laptop from connecting to the internet?
#13
Posted 11 September 2013 - 04:57 PM
Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:
Report any errors you get (first one should say dhcp is already started if not let me know) and the IP addresses of the last ipconfig /all. Does the nslookup command come back with:
Non-authoritative answer:
Name: att.com
Addresses:144.160.155.43
144.160.36.42
Or does it just time out?
net start dhcp proxycfg -d ipconfig /release ipconfig /renew ipconfig /all nslookup att.com
Report any errors you get (first one should say dhcp is already started if not let me know) and the IP addresses of the last ipconfig /all. Does the nslookup command come back with:
Non-authoritative answer:
Name: att.com
Addresses:144.160.155.43
144.160.36.42
Or does it just time out?
#14
Posted 11 September 2013 - 05:21 PM
hey Ron,
I've run all the commands and here is what comes up:
C:\>net start dhcp
The requested service has already been started.
C:\>proxycfg -d
Updating proxy settings under
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
WinHttpSettings :
Flags = PROXY_TYPE_DIRECT
Proxy Server = -not set-
Bypass List = -not set-
C:\>ipconfig /release
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\>ipconfig /renew
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : stacy-e0b1e99e2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media Disconnected
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-14-A5-75-F7-00
C:\>nslookup att.com
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1
***Unknown can't find att.com: No response from server
I've run all the commands and here is what comes up:
C:\>net start dhcp
The requested service has already been started.
C:\>proxycfg -d
Updating proxy settings under
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
WinHttpSettings :
Flags = PROXY_TYPE_DIRECT
Proxy Server = -not set-
Bypass List = -not set-
C:\>ipconfig /release
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\>ipconfig /renew
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : stacy-e0b1e99e2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media Disconnected
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-14-A5-75-F7-00
C:\>nslookup att.com
*** Default servers are not available
Server: UnKnown
Address: 127.0.0.1
***Unknown can't find att.com: No response from server
Edited by eMoRTaL, 11 September 2013 - 05:22 PM.
#15
Posted 11 September 2013 - 05:32 PM
WOW...I just finished the scan...176 Errors...
Backdoor.Bot
IPH.GenericBHO
Worm.Koobface
Trojan.FakeAlert
Trojan.Vundo
Trojan.Agent
Trojan.akeAlert
Trojan.BHO
Adware.ShopperReports
Adware.Zango
Trojan.Dropper
Rogue.Installer
Rootkit.TDSS
Malware.Packer.Gen
Rootkit.Agent
Rogue.AntiSpyCheck
Malware.Trace
Adware.SurfAccuracy
Rogue.VirusRemove
Rogue.AntiVirus2009
Trojan.Zlob
Rogue.AntiVirus2008
Rogue.XPantiVirus
Hijack.SearchPage
PUM.Disabled.SecurityCenter
With multiple entries on all of these...I've never seen a computer with this much corruption...
I've still got the screen up and I'll wait on your response on how to remove all these...whether through MBAM or a different way.
Backdoor.Bot
IPH.GenericBHO
Worm.Koobface
Trojan.FakeAlert
Trojan.Vundo
Trojan.Agent
Trojan.akeAlert
Trojan.BHO
Adware.ShopperReports
Adware.Zango
Trojan.Dropper
Rogue.Installer
Rootkit.TDSS
Malware.Packer.Gen
Rootkit.Agent
Rogue.AntiSpyCheck
Malware.Trace
Adware.SurfAccuracy
Rogue.VirusRemove
Rogue.AntiVirus2009
Trojan.Zlob
Rogue.AntiVirus2008
Rogue.XPantiVirus
Hijack.SearchPage
PUM.Disabled.SecurityCenter
With multiple entries on all of these...I've never seen a computer with this much corruption...
I've still got the screen up and I'll wait on your response on how to remove all these...whether through MBAM or a different way.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users