Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Postmortem Debugger [resolved]


  • This topic is locked This topic is locked

#31
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, I think I confused you with my previous post, When I said I wanted you to run the Hoster program in safe mode, I didn't need the Silent Runners log again. I just needed you to restore original host files. You did this in safe mode without a problem, yes? I wasn't sure if you had run the Hoster program since you were showing me the Silent Runner's log which is a whole different thing. :tazz:

Michelle
  • 0

Advertisements


#32
The General

The General

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Michelle,

Yes, while in safe mode I ran the hoster program and clicked the restore original hosts and it said your changes have been made. Then I ran the log.

The General
  • 0

#33
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
OK, let's try this first:

Boot into Safe Mode again.
Use Windows Explorer and navigate to C:\Program files and look for the folder below (in bold):

C:\Program Files\PPC Advertor

If it is there, DELETE it!

If you can't find this folder I have a couple of other things to try to get rid of this thing!

Michelle :tazz:
  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Oh, by the way, when you open Internet Explorer is your browser hijacked (redirected) to "about:blank" or some strange website address? Or does your set homepage load normally?

Michelle :tazz:
  • 0

#35
The General

The General

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Michelle,

I ran the requested search in safe mode and couldn't find the file you spoke of. I even ran a search for it just to be sure, but nothing was there. My internet explorer runs fine. It opens to the normal homepage.


The General
  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you go into Windows Explorer and manually look for the folder? If the folder is hidden it won't show up in search (unless it's set up that way).

Ok, let's try this now:

Boot into safe mode.

Go to Start > Run > then type in:

sfc /scannow

**make sure that space is in there between sfc and /

Click OK.

It will pull up a box that says "windows file protection" just let it do what it does :tazz:

We'll see how this works! Let me know

Michelle ;)
  • 0

#37
The General

The General

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
All right, I went to safe mode and ran the scannow and I made sure the space was there. When I hit enter there was a flash and nothing happened. I waited awhile just be sure, but nothing happened. No dialog box or anything besides the screen flash.

The General
  • 0

#38
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi The General

Follow the arrows
Lets see what the error is click-- >Start -->Control Panel -->Aministrative tools-- >Component Services-- >Event Viewer (Local) -->Application from here you will see all Event Properties click on the errors you will then see what is the problem.

Inside the Event logs you will find every error message that your computer has had, and a list off all the faults from your system are loged in this area.

Kc :tazz:
  • 0

#39
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ah, it was worth a shot! Apparently, sfc command can not be run in safe mode!

Please follow the directions given by Kc. Just doubleclick on the ones that say "error" (there will also be some that say information and warning) and tell us what it says in the dialogue box that it pulls up.

After this, we are going to repair Internet Explorer to see if that helps any!

Michelle :tazz:
  • 0

#40
The General

The General

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok here is what I saw when I went into the event viewer. There were several errors from all the attempts I had at trying to figure out the problem.

The errors always came in pairs like I mentioned and the first is;
faulting application explorer.exe. version 6.0.2900.2180. fauliting module shell32dll, version 6.0.2900.2578, fault address 0x00054581.

The second error is;
faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion 5.12600.2180, fault address 0x0001295d

There were several other error logs from early march about could not contact filter driver, naifiltr.sys. is missing, about haning application errors with iexplorer and fauliting application erros about mmjb.

I don't know what I am looking at or what you need to know. Give me further advice on what to do and we can take it from there.

The General
  • 0

Advertisements


#41
The General

The General

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Michelle,
I have made an error and I think it may have cost you some time and confusion. I only realized this once I ran the event log viewer in my last post and had an epiphany. When I arrow over all programs from the start menu and the computer freezes and I get the error log it is encountering an error with windows explorer and not with internet explorer as previously stated. I guess when I read it quickly all I saw was explorer and thought internet explorer only and not windows explorer. :tazz: I am sooooo sorry about this and I hope that we haven't been on a wild goose chase. ;)

Let me know what to do from here.
Thanks again,
The General
  • 0

#42
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
No worries, General! I know it was explorer that was freezing up. ;) I suggested we repair Internet Explorer because we are running out of options and this could either help or not, either way it won't do anything bad. :tazz:

Go back into the event viewer and look at the error messages that say "faulting drwtson32.exe" and tell me the faulting modules on them or are they all the same: dbghekp.dll (this is spelled correctly?) and tell me any other "faulting modules" on the errors that have come up recently due to this infection.

Michelle ;)
  • 0

#43
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi The General

Please do not try any repairs to your system I need more information

faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion =5.12600.2180, fault address 0x0001295d
This item is suspect


naifiltr.sys
This belongs to McAfee help

mmjb.
MUSICMATCH Jukebox Description:

Please do a search on your system for this item dbghekp right click on the item and make a note off it's properties

Post back with the information

Kc :tazz:
  • 0

#44
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi The General

This is the generals problem below is the good guy:
dbghelp.dll is flagged as a system process Windows Image Helper .

And this is the bad guy:
dbghekp.dlll version =5.12600.2180, fault Bad file may adversly impact your system
dbghelp.dll version 5.1.2600.0 Legal file version

We now need to find if the legal file is still on the generals system and also find what is controling the bad Guy.

Kc :tazz:
  • 0

#45
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, General, now we know who the bad guy is (finally some progress! You're probably tired of me after 2 weeks of running programs :tazz:) Here is what I need you to do:

Please locate the file (that was on the error message - defaulting module): dbghekp.dlll then zip it up. You can zip it up by right clicking on the file, then going to Send To > Compressed (zipped) folder. E-mail the zipped folder to: Spyware Submissions

As soon as we review what that file does, I will have a fix for you.

Michelle ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP