Michelle
Dr Watson Postmortem Debugger [resolved]
Started by
The General
, Mar 16 2005 06:24 AM
#31
Posted 26 March 2005 - 04:46 PM
Michelle
#32
Posted 26 March 2005 - 08:45 PM
Michelle,
Yes, while in safe mode I ran the hoster program and clicked the restore original hosts and it said your changes have been made. Then I ran the log.
The General
Yes, while in safe mode I ran the hoster program and clicked the restore original hosts and it said your changes have been made. Then I ran the log.
The General
#33
Posted 26 March 2005 - 10:30 PM
OK, let's try this first:
Boot into Safe Mode again.
Use Windows Explorer and navigate to C:\Program files and look for the folder below (in bold):
C:\Program Files\PPC Advertor
If it is there, DELETE it!
If you can't find this folder I have a couple of other things to try to get rid of this thing!
Michelle
Boot into Safe Mode again.
Use Windows Explorer and navigate to C:\Program files and look for the folder below (in bold):
C:\Program Files\PPC Advertor
If it is there, DELETE it!
If you can't find this folder I have a couple of other things to try to get rid of this thing!
Michelle
#34
Posted 26 March 2005 - 10:55 PM
Oh, by the way, when you open Internet Explorer is your browser hijacked (redirected) to "about:blank" or some strange website address? Or does your set homepage load normally?
Michelle
Michelle
#35
Posted 26 March 2005 - 11:17 PM
Michelle,
I ran the requested search in safe mode and couldn't find the file you spoke of. I even ran a search for it just to be sure, but nothing was there. My internet explorer runs fine. It opens to the normal homepage.
The General
I ran the requested search in safe mode and couldn't find the file you spoke of. I even ran a search for it just to be sure, but nothing was there. My internet explorer runs fine. It opens to the normal homepage.
The General
#36
Posted 27 March 2005 - 02:12 AM
Did you go into Windows Explorer and manually look for the folder? If the folder is hidden it won't show up in search (unless it's set up that way).
Ok, let's try this now:
Boot into safe mode.
Go to Start > Run > then type in:
sfc /scannow
**make sure that space is in there between sfc and /
Click OK.
It will pull up a box that says "windows file protection" just let it do what it does
We'll see how this works! Let me know
Michelle
Ok, let's try this now:
Boot into safe mode.
Go to Start > Run > then type in:
sfc /scannow
**make sure that space is in there between sfc and /
Click OK.
It will pull up a box that says "windows file protection" just let it do what it does
We'll see how this works! Let me know
Michelle
#37
Posted 27 March 2005 - 07:31 AM
All right, I went to safe mode and ran the scannow and I made sure the space was there. When I hit enter there was a flash and nothing happened. I waited awhile just be sure, but nothing happened. No dialog box or anything besides the screen flash.
The General
The General
#38
Guest_thatman_*
Posted 27 March 2005 - 07:53 AM
Hi The General
Follow the arrows
Lets see what the error is click-- >Start -->Control Panel -->Aministrative tools-- >Component Services-- >Event Viewer (Local) -->Application from here you will see all Event Properties click on the errors you will then see what is the problem.
Inside the Event logs you will find every error message that your computer has had, and a list off all the faults from your system are loged in this area.
Kc
Follow the arrows
Lets see what the error is click-- >Start -->Control Panel -->Aministrative tools-- >Component Services-- >Event Viewer (Local) -->Application from here you will see all Event Properties click on the errors you will then see what is the problem.
Inside the Event logs you will find every error message that your computer has had, and a list off all the faults from your system are loged in this area.
Kc
#39
Posted 27 March 2005 - 11:06 AM
Ah, it was worth a shot! Apparently, sfc command can not be run in safe mode!
Please follow the directions given by Kc. Just doubleclick on the ones that say "error" (there will also be some that say information and warning) and tell us what it says in the dialogue box that it pulls up.
After this, we are going to repair Internet Explorer to see if that helps any!
Michelle
Please follow the directions given by Kc. Just doubleclick on the ones that say "error" (there will also be some that say information and warning) and tell us what it says in the dialogue box that it pulls up.
After this, we are going to repair Internet Explorer to see if that helps any!
Michelle
#40
Posted 27 March 2005 - 10:31 PM
Ok here is what I saw when I went into the event viewer. There were several errors from all the attempts I had at trying to figure out the problem.
The errors always came in pairs like I mentioned and the first is;
faulting application explorer.exe. version 6.0.2900.2180. fauliting module shell32dll, version 6.0.2900.2578, fault address 0x00054581.
The second error is;
faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion 5.12600.2180, fault address 0x0001295d
There were several other error logs from early march about could not contact filter driver, naifiltr.sys. is missing, about haning application errors with iexplorer and fauliting application erros about mmjb.
I don't know what I am looking at or what you need to know. Give me further advice on what to do and we can take it from there.
The General
The errors always came in pairs like I mentioned and the first is;
faulting application explorer.exe. version 6.0.2900.2180. fauliting module shell32dll, version 6.0.2900.2578, fault address 0x00054581.
The second error is;
faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion 5.12600.2180, fault address 0x0001295d
There were several other error logs from early march about could not contact filter driver, naifiltr.sys. is missing, about haning application errors with iexplorer and fauliting application erros about mmjb.
I don't know what I am looking at or what you need to know. Give me further advice on what to do and we can take it from there.
The General
#41
Posted 27 March 2005 - 10:41 PM
Michelle,
I have made an error and I think it may have cost you some time and confusion. I only realized this once I ran the event log viewer in my last post and had an epiphany. When I arrow over all programs from the start menu and the computer freezes and I get the error log it is encountering an error with windows explorer and not with internet explorer as previously stated. I guess when I read it quickly all I saw was explorer and thought internet explorer only and not windows explorer. I am sooooo sorry about this and I hope that we haven't been on a wild goose chase.
Let me know what to do from here.
Thanks again,
The General
I have made an error and I think it may have cost you some time and confusion. I only realized this once I ran the event log viewer in my last post and had an epiphany. When I arrow over all programs from the start menu and the computer freezes and I get the error log it is encountering an error with windows explorer and not with internet explorer as previously stated. I guess when I read it quickly all I saw was explorer and thought internet explorer only and not windows explorer. I am sooooo sorry about this and I hope that we haven't been on a wild goose chase.
Let me know what to do from here.
Thanks again,
The General
#42
Posted 28 March 2005 - 12:59 AM
No worries, General! I know it was explorer that was freezing up. I suggested we repair Internet Explorer because we are running out of options and this could either help or not, either way it won't do anything bad.
Go back into the event viewer and look at the error messages that say "faulting drwtson32.exe" and tell me the faulting modules on them or are they all the same: dbghekp.dll (this is spelled correctly?) and tell me any other "faulting modules" on the errors that have come up recently due to this infection.
Michelle
Go back into the event viewer and look at the error messages that say "faulting drwtson32.exe" and tell me the faulting modules on them or are they all the same: dbghekp.dll (this is spelled correctly?) and tell me any other "faulting modules" on the errors that have come up recently due to this infection.
Michelle
#43
Guest_thatman_*
Posted 28 March 2005 - 03:09 AM
Hi The General
Please do not try any repairs to your system I need more information
faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion =5.12600.2180, fault address 0x0001295d
This item is suspect
naifiltr.sys
This belongs to McAfee help
mmjb.
MUSICMATCH Jukebox Description:
Please do a search on your system for this item dbghekp right click on the item and make a note off it's properties
Post back with the information
Kc
Please do not try any repairs to your system I need more information
faulting application drwtson32.exe.version 5.1.2600.0, faulting module dbghekp.dlllversion =5.12600.2180, fault address 0x0001295d
This item is suspect
naifiltr.sys
This belongs to McAfee help
mmjb.
MUSICMATCH Jukebox Description:
Please do a search on your system for this item dbghekp right click on the item and make a note off it's properties
Post back with the information
Kc
#44
Guest_thatman_*
Posted 28 March 2005 - 10:39 AM
Hi The General
This is the generals problem below is the good guy:
dbghelp.dll is flagged as a system process Windows Image Helper .
And this is the bad guy:
dbghekp.dlll version =5.12600.2180, fault Bad file may adversly impact your system
dbghelp.dll version 5.1.2600.0 Legal file version
We now need to find if the legal file is still on the generals system and also find what is controling the bad Guy.
Kc
This is the generals problem below is the good guy:
dbghelp.dll is flagged as a system process Windows Image Helper .
And this is the bad guy:
dbghekp.dlll version =5.12600.2180, fault Bad file may adversly impact your system
dbghelp.dll version 5.1.2600.0 Legal file version
We now need to find if the legal file is still on the generals system and also find what is controling the bad Guy.
Kc
#45
Posted 28 March 2005 - 01:46 PM
Ok, General, now we know who the bad guy is (finally some progress! You're probably tired of me after 2 weeks of running programs ) Here is what I need you to do:
Please locate the file (that was on the error message - defaulting module): dbghekp.dlll then zip it up. You can zip it up by right clicking on the file, then going to Send To > Compressed (zipped) folder. E-mail the zipped folder to: Spyware Submissions
As soon as we review what that file does, I will have a fix for you.
Michelle
Please locate the file (that was on the error message - defaulting module): dbghekp.dlll then zip it up. You can zip it up by right clicking on the file, then going to Send To > Compressed (zipped) folder. E-mail the zipped folder to: Spyware Submissions
As soon as we review what that file does, I will have a fix for you.
Michelle
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users