Jump to content

Recommended Posts

I HAVE TRIED EVERYTHING TO GET THIS ABOOUT BLANK OFF OF MY COMPUTER. I TRY TO RUN THE ABOUTBUSTER AND IT GIVES ME A"RUNTIME ERROR'6'" OVERFLOW. I MAD MY RUN IN SAFE MODE AS DESCRIBED. PLEASE HELP FINALLY GET RID OF THIS ABOUT BLANK BEFORE I GET RID OF THIS PC. HERE IS MY HIJACK THIS LOG HOPE IT HELPS.

Logfile of HijackThis v1.99.1

Scan saved at 8:55:20 PM, on 3/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\system32\appns32.exe

C:\WINDOWS\system32\ipvf32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Compaq\Local Settings\Temporary Internet Files\Content.IE5\HXQUMLAD\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yedrk.dll/sp.html#87649%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yedrk.dll/sp.html#87649%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yedrk.dll/sp.html#87649%resultposition.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:3128

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9FA55D9D-4623-722C-F668-42A986C7E121} - (no file)

O2 - BHO: Class - {B26261C6-DD9C-7B1B-9DA4-AADC705B9C91} - C:\WINDOWS\d3zp.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [apibt32.exe] C:\WINDOWS\system32\apibt32.exe

O4 - HKLM\..\Run: [ipie.exe] C:\WINDOWS\system32\ipie.exe

O4 - HKLM\..\Run: [javayf.exe] C:\WINDOWS\javayf.exe

O4 - HKLM\..\Run: [iebl.exe] C:\WINDOWS\system32\iebl.exe

O4 - HKLM\..\Run: [mfczx32.exe] C:\WINDOWS\mfczx32.exe

O4 - HKLM\..\Run: [iepq.exe] C:\WINDOWS\system32\iepq.exe

O4 - HKLM\..\Run: [mfcyy.exe] C:\WINDOWS\system32\mfcyy.exe

O4 - HKLM\..\Run: [iehd32.exe] C:\WINDOWS\iehd32.exe

O4 - HKLM\..\Run: [addjr32.exe] C:\WINDOWS\addjr32.exe

O4 - HKLM\..\Run: [msmk.exe] C:\WINDOWS\msmk.exe

O4 - HKLM\..\Run: [atlpz.exe] C:\WINDOWS\atlpz.exe

O4 - HKLM\..\Run: [MCUpdateExe] D:\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] D:\McAfee.com\Agent\McAgent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [appns32.exe] C:\WINDOWS\system32\appns32.exe

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

O4 - HKLM\..\RunOnce: [winea32.exe] C:\WINDOWS\winea32.exe

O4 - HKLM\..\RunOnce: [ipyd32.exe] C:\WINDOWS\ipyd32.exe

O4 - HKLM\..\RunOnce: [msqs32.exe] C:\WINDOWS\msqs32.exe

O4 - HKLM\..\RunOnce: [crfp32.exe] C:\WINDOWS\system32\crfp32.exe

O4 - HKLM\..\RunOnce: [netkj.exe] C:\WINDOWS\system32\netkj.exe

O4 - HKLM\..\RunOnce: [ntkp32.exe] C:\WINDOWS\ntkp32.exe

O4 - HKLM\..\RunOnce: [atlje.exe] C:\WINDOWS\atlje.exe

O4 - HKLM\..\RunOnce: [mfcfc.exe] C:\WINDOWS\system32\mfcfc.exe

O4 - HKLM\..\RunOnce: [ipfs32.exe] C:\WINDOWS\system32\ipfs32.exe

O4 - HKLM\..\RunOnce: [atlle32.exe] C:\WINDOWS\system32\atlle32.exe

O4 - HKLM\..\RunOnce: [ntdb.exe] C:\WINDOWS\ntdb.exe

O4 - HKLM\..\RunOnce: [ipyx.exe] C:\WINDOWS\ipyx.exe

O4 - HKLM\..\RunOnce: [crqd.exe] C:\WINDOWS\system32\crqd.exe

O4 - HKLM\..\RunOnce: [mfcbr.exe] C:\WINDOWS\system32\mfcbr.exe

O4 - HKLM\..\RunOnce: [syspl.exe] C:\WINDOWS\syspl.exe

O4 - HKLM\..\RunOnce: [winaw.exe] C:\WINDOWS\winaw.exe

O4 - HKLM\..\RunOnce: [crfy.exe] C:\WINDOWS\system32\crfy.exe

O4 - HKLM\..\RunOnce: [apiea32.exe] C:\WINDOWS\system32\apiea32.exe

O4 - HKLM\..\RunOnce: [sysjc.exe] C:\WINDOWS\system32\sysjc.exe

O4 - HKLM\..\RunOnce: [javais32.exe] C:\WINDOWS\system32\javais32.exe

O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\system32\mfcom.exe

O4 - HKLM\..\RunOnce: [syssk32.exe] C:\WINDOWS\syssk32.exe

O4 - HKLM\..\RunOnce: [sdkxn.exe] C:\WINDOWS\sdkxn.exe

O4 - HKLM\..\RunOnce: [sdkxp32.exe] C:\WINDOWS\sdkxp32.exe

O4 - HKLM\..\RunOnce: [javafv32.exe] C:\WINDOWS\javafv32.exe

O4 - HKLM\..\RunOnce: [mfcqo.exe] C:\WINDOWS\system32\mfcqo.exe

O4 - HKLM\..\RunOnce: [crzw.exe] C:\WINDOWS\system32\crzw.exe

O4 - HKLM\..\RunOnce: [atlth.exe] C:\WINDOWS\atlth.exe

O4 - HKLM\..\RunOnce: [winjx.exe] C:\WINDOWS\winjx.exe

O4 - HKLM\..\RunOnce: [javazd32.exe] C:\WINDOWS\system32\javazd32.exe

O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\system32\ipvf32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1115263800969

O16 - DPF: {DE4735F3-7532-4895-93DC-911111111173} - http://afris.biz/ex.exe

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

PHOENIX

Link to post
Share on other sites

Hello and welcome aboard, let's get started! :D

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Firstly, are you using the latest version of About:Buster? Which is version 6.

Nextly, I can see you have no Anti-virus programs running.

Please get free version of AVG here.

Download & install it, configure it how you wish, update it. Do NOT run a scan yet.

==

Please download the trial version of Ewido Anti-malware here:

http://www.ewido.net/en/download/

Please read Ewido Setup Instructions

Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

Please launch AVG:

Run a scan with it (set it to scan everything it can). Remove/quarantine everything found.

==

Run Ewido:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.

Close Ewido Anti-malware.

==

Reboot back into Normal mode and post back with a fresh HijackThis log aswell as the Ewido log. :D

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.