Peter T Posted October 31, 2005 ID:138 Share Posted October 31, 2005 I JUST.. JUST Reformatted my computer and re-installed everything. But somehow I got this About:Blank Virus.I need help or should I reformat again. I REALLY REALLLY don't want too. My Norton Antivirus and some other programs on start up are not working properly now.here is my hijackthi file:Logfile of HijackThis v1.99.1Scan saved at 5:06:07 PM, on 10/31/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Java\jre1.5.0_05\bin\jusched.exeC:\DOCUME~1\Peter\LOCALS~1\Temp\EE.tmp.exeC:\WINDOWS\system32\mssg.exeC:\DOCUME~1\Peter\LOCALS~1\Temp\ED.tmp.exeD:\Winamp\winampa.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\crjk.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wuauclt.exeH:\Kazaa Lite K++\KazaaLite.kppC:\Documents and Settings\Peter\Desktop\AboutBuster\AboutBuster.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXED:\winrar\WinRAR_\WinRAR.exeC:\DOCUME~1\Peter\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yoopr.dll/sp.html#10001R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yoopr.dll/sp.html#10001R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yoopr.dll/sp.html#10001R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yoopr.dll/sp.html#10001R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yoopr.dll/sp.html#10001R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yoopr.dll/sp.html#10001R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dllO2 - BHO: Class - {5F4789C3-EE8C-FAA5-BFD3-A509347C1461} - C:\WINDOWS\system32\mssg.dllO2 - BHO: Class - {F69DCEAD-6CC6-CBB5-F9DA-5E5C2429FD6E} - C:\WINDOWS\system32\iesx32.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [CTSysVol] F:\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [CTDVDDET] F:\SBAudigy2ZS\DVDAudio\CTDVDDet.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [vptray] F:\NavNT\vptray.exeO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [EE.tmp] C:\DOCUME~1\Peter\LOCALS~1\Temp\EE.tmp.exeO4 - HKLM\..\Run: [ED.tmp] C:\DOCUME~1\Peter\LOCALS~1\Temp\ED.tmp.exeO4 - HKLM\..\Run: [mssg.exe] C:\WINDOWS\system32\mssg.exeO4 - HKLM\..\Run: [ED.tmp.exe] C:\DOCUME~1\Peter\LOCALS~1\Temp\ED.tmp.exeO4 - HKLM\..\Run: [EE.tmp.exe] C:\DOCUME~1\Peter\LOCALS~1\Temp\EE.tmp.exeO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [sysri32.exe] C:\WINDOWS\system32\sysri32.exeO4 - HKLM\..\RunOnce: [crjk.exe] C:\WINDOWS\system32\crjk.exeO4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exeO23 - Service: DefWatch - Unknown owner - F:\NavNT\defwatch.exe (file missing)O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - F:\NavNT\rtvscan.exe (file missing)Thanks Peter Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted October 31, 2005 Root Admin ID:139 Share Posted October 31, 2005 Please download AboutBuster and run it http://www.malwarebytes.org/AboutBuster.zip , Please let me know how it goes! Link to post Share on other sites More sharing options...
Peter T Posted October 31, 2005 Author ID:140 Share Posted October 31, 2005 Please download AboutBuster and run it http://www.malwarebytes.org/AboutBuster.zip , Please let me know how it goes!I dowloaded that before and had used it and it did remove it but the virus stayed and when i opened win explorer it still was there after a few times. I had also done an ad-aware and sypbot check and it did something only temporarily. So I looked at the advice from aboutbuster and downloaded Mozilla Firefox as my browser and spyware blaster and still it reoccurs. I don't get it. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 1, 2005 Root Admin ID:141 Share Posted November 1, 2005 Ok, please run AboutBuster, then run Hijack This again and post the log here along with the AboutBuster log, thanks! Link to post Share on other sites More sharing options...
Recommended Posts