Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSguard and the missing wininet.dll file! [RESOLVED]


  • This topic is locked This topic is locked

#16
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I can understand your dislike of windows Me! (I'm beginning to hate my entire laptop and everything on it now).

I've deleted the contents of C:\_RESTORE\TEMP as you directed - this folder was still empty after rebooting (hooray?)

I then ran some scans in safe mode...

Spybot - Trek Blue Error Nuker - Fixed
CWS - Clean - No Action
AdAware - 1 critical object, 7 negligible; MRU list (x7) and Tracking cookie/data miner (default@2o7.net) - Fixed
TrojanHunter - Clean - No Action
CleanUp! - Removed 243MB of temporary internet and temporary windows files

At this point I noticed that web content on my active desktop was disabled - I think this may have been the case during your earlier instructions - sorry not to mention this earlier if it was important? ;) Web content is now enabled.

I next ran SpySweeper in normal mode - nothing detected - 1st time I've got the all clear from this scan :tazz: Unfortunately, I now seem unable to run HJT!? When I try to open the program I get 'Unexpected error' messages. I downloaded a new copy but encountered the same problem. I also ran the IE6 auto-repair tool (from add/remove programs menu) in case it made any difference.

Smitfiles still shows up clean. I'll run a panda scan later and post this ASAP. Is there anything I can do in the meantime? (before I get home to my dial-up connection).

Many thanks for your help :)

Edited by dweebosh, 09 August 2005 - 07:59 AM.

  • 0

Advertisements


#17
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you have Active Desktop enabled though? If not, right click on your Desktop and choose to enable active desktop. It's not needed though unless you use that feature - if you have no idea what it is, then you don't need it :tazz:

Can you give me the exact error message when you ran HJT?

How about the Panda scan? Did you run that see if it found anything? That was the major reason I asked you to go through all of this to delete those restore points. Make sure you can enable system restore again. If not, you might want to ask this question in the Windows Forum.
  • 0

#18
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Again, I just finished another Panda scan and received an error message about half way through:

Ltsmmsg has caused an error in SSI.DLL
Ltsmmsg will now close
If you continue to experience problems try restarting your computer

Panda scan froze on this file when the error popped up:
C:\_RESTORE\ARCHIVE\FS815.CAB[CHANGE.LOG]
After this the scan continued to run despite the error and didn't detect anything (just a couple of 'suspicious' files - these were only components of TrojanHunter and 'The Cleaner' anti-spyware).

HJT still refuses to run, it only says 'Unexpected error' - no clues I'm afraid!
I've posted the system restore problem on the windows forum but no answers yet. Also haven't received my Windows Me CD yet (the UK postal service isn't that great!) so I haven't been able to locate the wininet.dll file yet.

Thanks for your help!
  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That error message seems to be related to your modem. Are you on dialup?

OK, for HJT, see if you can download and run the older version:
http://www.greyknigh...ackThis1982.exe
  • 0

#20
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I downloaded the old version of HJT as you suggested but it still wouldn't run :tazz: I am using dialup - is this a bad thing?

Thanks

Edited by dweebosh, 10 August 2005 - 05:01 AM.

  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK. Boot into Safe Mode. Run Ad-aware and Spybot again - fix what they find. Next run CleanUp and delete ALL the HijackThis.exe programs you have (both new and old). Leave the backups folder alone though :tazz:

Now restart your computer. Download HijackThis again and try running it.

Just want to know the status. Is PSGuard and other spyware/malware issues gone now?
  • 0

#22
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Still no luck with HJT I'm afraid :tazz:
I booted into safe mode, ran AdAware, Spybot and CleanUp!, then deleted all my previous HJT.exe files (didn't see any backups folder though?!)...

AdAware
8 critical objects = 1 registry key, 7 registry values (all Alexa)
4 negligible objects = MRU list (x 4)

Spybot
No threats detected

CleanUp!
Deleted about 220Mb of temporary files

HJT still won't run, but on the positive side, my system restore problem seems to have resolved itself after a number of reboots (I didn't alter anything - the 'disable' box unchecked itself - could anti-spyware tools have done this?)

All my other virus/malware scans are coming back clean. Will the wininet.dll file on the windows Me CD fix my remaining problems and get HJT running again?
  • 0

#23
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't think any antispyware program could have altered your system restore settings - not that I'm aware of at least.

Not sure if it will fix the remaining problems if you restore that wininet.dll file, but it's a critical file. Remaining problems? What other problems do you have now?

Do a search for msdirectx.sys and see where it's located (if it exists at all?). My guess is either in Windows or System32 folder. So if that's the case, do this:

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

c:\windows\system\msdirectx.sys
c:\windows\msdirectx.sys


Once that restarts (or if it gives you a Pending Operations error, restart manually then), see if you can run HijackThis.

If still no, then do a search for win.ini and double click on that file. Post the contents of that file here.
  • 0

#24
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi greyknight, I've just worked through some steps with Keith on the windows forum and got things running a bit quicker. I ran 'scanreg /restore' and it seems to have sorted out my windows problems! ;) (restored to the day before my PSguard infection started). Everything appears to be running at normal speed and my IE shortcuts are working again! (after ceasing to work temporarily yesterday - is this linked to my HJT/modem problem?)

The restored registry contained a lot of malware entries but I've removed these with AdAware (in safe mode) - I think we deleted the spyware program files associated with these already, before the restore, will this be enough to protect me from re-infection?!

I have one mystery folder on the C: drive now...
!Submit (contains contmenu.dll and WININET.DLL)
I already have a copy of wininet.dll in my windows>system folder, do I need this !Submit folder? (I'm a bit suspicious of this as I don't remember seeing it before now?). One remaining problem - HijackThis still won't run!

Thanks for all your help, I think I'm finally begining to get on top of things :tazz:

Couldn't find msdirectx.sys anywhere. Here's my win.ini files...

WIN
[windows]
load=
run=
NullPort=None
device=EPSON Stylus Photo 810 Series,EPIJNL50,EPUSB1:

[Desktop]
Wallpaper=C:\WINDOWS\WALLPA~1\WALLMA~1\WALLMA~1.BMP
TileWallpaper=0
WallpaperStyle=2
Pattern=(None)

[intl]
iCountry=1
ICurrDigits=2
iCurrency=0
iDate=0
iDigits=2
iLZero=1
iMeasure=0
iNegCurr=0
iTime=0
iTLZero=0
s1159=AM
s2359=PM
sCountry=United States
sCurrency=$
sDate=/
sDecimal=.
sLanguage=enu
sList=,
sLongDate=dddd, MMMM dd, yyyy
sShortDate=M/d/yyyy
sThousand=,
sTime=:

[fonts]

[FontSubstitutes]
Helv=MS Sans Serif
Tms Rmn=MS Serif
Times=Times New Roman
Helvetica=Arial
MS Shell Dlg=MS Sans Serif
Arial Baltic,186=Arial,186
Courier New Baltic,186=Courier New,186
Times New Roman Baltic,186=Times New Roman,186
Arial CE,238=Arial,238
Courier New CE,238=Courier New,238
Times New Roman CE,238=Times New Roman,238
Arial Cyr,204=Arial,204
Courier New Cyr,204=Courier New,204
Times New Roman Cyr,204=Times New Roman,204
Arial Greek,161=Arial,161
Courier New Greek,161=Courier New,161
Times New Roman Greek,161=Times New Roman,161
Arial Tur,162=Arial,162
Courier New Tur,162=Courier New,162
Times New Roman Tur,162=Times New Roman,162

[Compatibility]
_3DPC=0x00400000
_BNOTES=0x224000
_LNOTES=0x00100000
ACAD=0x8000
ACT!=0x400004
ACROBAT=0x04000000
AD=0x10000000
ADW30=0x10000000
ALARMMGR=0x0040000
ALDSETUP=0x00400000
AMIPRINT=0x04000000
AMIPRO=0x04000010
APORIA=0x0100
APPROACH=0x0004
BALER=0x08000000
BMAPP=0x0004
CASMONEY=0x00200000
CAVOIDE=0x00200000
CCMAIL=0x00200000
CCMCWFY=0x80
CHARISMA=0x2000
CONFIG=0x00400000
CORELDRW=0x48000
CORELPNT=0x08000000
COSTAR=0x0004
CP=0x0040
CROSSTIE=0x00000400
DARCH=0x80
DESIGNER=0x00002000
DIRECTOR=0x00800000
DPLANNER=0x00200000
DRAW=0x2000
DS40=0x8000
DTWIN20=0x00000400
EAP=0x0004
ED=0x00010000
EXCEL=0x1000
EXPASTRO=0x04000000
EXTYPWND=0x00200000
FAXVIEW=0x04000000
FAXWORKS=0x00000400
FH4=0x00E08000
FLW2=0x8000
FMPRO=0x00200000
FREEHAND=0x8000
FULLTEXT=0x20000000
GIFTMAKE=0x20000000
GUIDE=0x1000
HDW=0x04800000
HGW=0x8000
HGW2EXE=0x8000
HGW3EXE=0x8000
HPOLNK08=0x00400000
HJDRAW=0x00400000
IDAPICFG=0x00400000
IDRAW=0x04008000
ILLUSTRATOR=0x8000
IMPROV2=0x00000000
INFOCENT=0x04000000
INSIGHT=0x00000400
INSTAL1=0x00400000
INSTALL=0x00400000
INTERMIS=0x10000000
IS20INST=0x00000000
IVIHEALT=0x00400000
JEOPARDY=0x00200000
JW=0x00000000
KALOAD2=0x00400000
KEYCAD=0x8000
LE_ADMIN=0x00400000
LUI=0x20000000
MAILSPL=0x10000000
MAKER=0x00200000
MAPS1=0x04008022
MATH=0x00000001
MAVIS=0x00200000
MCOURIER=0x0800
MFWIN20=0x02000000
MILESV3=0x1000
MILESV40=0x4
MOZART=0x40000000
MSARTIST=0x00100000
MSBHUMAN=0x4
MSREMIND=0x10000000
MVIEWER2=0x40200000
MYINV=0x00200000
MYST=0x08000000
NAFTA1=0x4008022
NBAMW4V4=0x04000000
NETSET2=0x0100
NDITEST=0x00400000
NOTES=0x200000
NOTSHELL=0x0001
OPERATOR=0x02000000
OUTPOST=0x00000000
OWLAPP=0x00400000
PACKRAT=0x0800
PAINTER=0x00000000
PAWC8DC3=0x00400000
PAWIN=0x4
PEACHW=0x04800004
PIXIE=0x0040
PLANIT=0x0004
PLANNER=0x2000
PLUS=0x1000
PM4=0xA000
PM5APP=0x8000
PP4=0x00000000
PR2=0x2000
PRINTHLP=0x0004
QAPLUSW=0x0004
QLIIFAX=0x00400000
QUAKE=0x80
QW=0x08000000
RELAY=0x20000000
REM=0x8022
RR2CD=0x00200000
RX=0x00000400
RXL=0x00000400
SETUP=0x00000000
SIDEKICK=0x0004
SLEEPER=0x10000000
SOL=0x00400000
SPCB=0x04008000
SPORTJEP=0x00200000
SPWIN20=0x00400000
ST2=0x4008022
STRAUSS=0x40000000
STRAV=0x40000000
SCHUBERT=0x40000000
SSBWIN=0x00200000
SWCWIN=0x00800004
TCVWIN=0x00200000
TCW=0x00400000
TCWIN=0x0004
TERRAIN=0x00400000
TISETUP=0x00200000
TL6=0x08000000
TME=0x0100
TMSWIN=0x20000000
TMTWIN=0x00200000
TMTWINCD=0x00200000
TOUCHUP=0x00400000
TURBOTAX=0x00080000
UNWISE=0x00400000
VB=0x0200
VEWINFIL=0x00400000
VISIO=0x00000004
VISIOHM=0x00000004
VISION=0x0040
W4GL=0x4000
W4GLR=0x4000
WGW=0x00440000
WIN2WRS=0x1210
WINCIM=0x4
WINLINK=0x20000000
WINPHONE=0x0004
WINSIM=0x2000
WINTACH=0x00200000
WORDSCAN=0x02200000
WPWINFIL=0x00000006
WPWIN60=0x00000400
WPWIN61=0x02000400
WSETUP=0x00200000
XPRESS=0x00000008
ZETA01=0x00400000
ZIFFBOOK=0x00200000
NOTIFIER=0x400000

[Compatibility32]
CLWORKS=0x00A00000
MCAD=0x00600000
PHOTOSHP=0x00208000
PODW=0x00200000
SPSSWIN=0x00200000
TYPSTRY2=0x00200000
V32VM20=0x02000000
VISIO=0x00000000
VISIOHM=0x00000000
WINPHONE=0x00000004
WRDART32=0x00400000
SHELL=0x80000000
USTATION=0x80000000

[Compatibility95]
_INS0432=0x00080000
_INS5176=0x00080000
_INS576=0x00080000
_INS5576=0x00080000
ASEDIT=0x00080000
ASAUDIO=0x00080000
ASCAMERA=0x00080000
ASVIDEO=0x00080000
ASVOICE=0x00080000
BLUELIGH=0x00080000
FREEICLI=0x00080000
HPFIUI=0x00080000
LAPLINK=0x00080000
LAUNCH=0x00080000
LEXBCES=0x00080000
MNGREG32=0x00080000
MOTODV=0x00080000
POINT32=0x00080002
SA6REG=0x00080000
SETUP=0x00080000
SETUP2=0x00080000
WEBEX=0x00100000
CHAOS OV=0x80000000
CONF=0x00000002
MSDEV=0x00000002
IMAGE32=0x80000000
INST32=0x80000000
AGENTSVR=0x00000002
MSOOBE=0x00000002

[ModuleCompatibility]
ACEROOBE=0x0004
AIRNFM=0x0002
ALDNCD=0x0002
AMRES=0x0002
ATM=0x0002
ARCHANGEL=0x0002
CSNOV=0x0002
DEFDEMO=0x0002
DIBWND=0x0002
DIB=0x0002
DS=0x0001
EMLIB=0x0002
EMSAVE=0x0002
FH4=0x0002
GEDIT=0x0002
GEORGE=0x0002
GVBSETUP=0x0002
HRWCD=0x0002
ISLFAXPR=0x0002
KIDDESK=0x0002
KIDSTYPE=0x0000
KNPS=0x0002
LIONKING=0x0002
MAUI_DRV=0x0002
MGXWMF=0x0002
MEMMAP=0x0002
MSARTIST=0x0002
MSCRWRTR=0x0002
MSCUISTF=0x0001
MVIEWER2=0x0002
MWAVSCAN=0x0002
MYINV=0x0002
OLESVR=0x0002
PDOXWIN=0x0002
PLANIT=0x0002
PP3=0x0002
PP4=0x0002
PPPP=0x0002
PXDSRV2=0x0002
REVIEWRT=0x0002
ROULETTE=0x0002
RRIRJ=0x0002
RR1=0x0002
RR2CD=0x0002
STL_DLG=0x0002
TECO=0x0001
TER=0x0002
TLW0LOC=0x0002
TMSWIN=0x0002
USA=0x0002
VOICE=0x0002
WFXVIEW=0x0004
WINFORM=0x0002
WPWIN61=0x0002

[TrueType]
FontSmoothing=0

[mci extensions]
mid=Sequencer
rmi=Sequencer
wav=waveaudio
avi=AVIVideo
cda=CDAudio
midi=Sequencer
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
snd=MPEGVideo
ivf=MPEGVideo2
m3u=MPEGVideo
mp3=MPEGVideo
mp2=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
m1v=MPEGVideo
wax=MPEGVideo2
wvx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
wpl=MPEGVideo2

[MCICompatibility]
QTWVideo=0x0001
MCIXSND=0x0001
GDAnim=0x0001

[mciavi]

[Desktop_Shell]
Current=Win

[Pscript.Drv]
ATMWorkaround=1

[Ports]
LPT1:=
LPT2:=
LPT3:=
COM1:=9600,n,8,1,x
COM2:=9600,n,8,1,x
COM3:=9600,n,8,1,x
COM4:=9600,n,8,1,x
FILE:=

[embedding]
Package=Package,Package,packager.exe,picture
midfile=MIDI Sequence,MIDI Sequence,C:\WINDOWS\mplayer.exe /mid,picture
SoundRec=Wave Sound,Wave Sound,C:\WINDOWS\sndrec32.exe,picture
Wordpad.Document.1=WordPad Document,WordPad Document,C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,picture
PBrush=Paintbrush Picture,Paintbrush Picture,C:\Progra~1\Access~1\MSPAINT.EXE,picture
Paint.Picture=Bitmap Image,Bitmap Image,C:\Progra~1\Access~1\MSPAINT.EXE,picture
mplayer=Media Clip,Media Clip,C:\WINDOWS\mplayer.exe,picture
Imaging.Document=Image Document,Image Document,C:\WINDOWS\KODAKIMG.EXE,picture
WangImage.Document=Image Document,Image Document,C:\WINDOWS\KodakImg.Exe,picture
avifile=Video Clip,Video Clip,C:\WINDOWS\mplayer.exe /avi,picture

[Extensions]

[Mail]
MAPI=1
CMC=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1

[Devices]
EPSON Stylus Photo 810 Series=EPIJNL50,EPUSB1:

[PrinterPorts]
EPSON Stylus Photo 810 Series=EPIJNL50,EPUSB1:,15,45

[Sounds]
SystemDefault=,

[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
snd=MPEGVideo
ivf=MPEGVideo2
m3u=MPEGVideo
mp3=MPEGVideo
mp2=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
mp2v=MPEGVideo
m1v=MPEGVideo
wax=MPEGVideo2
wvx=MPEGVideo2
wm=MPEGVideo2
wmx=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
wpl=MPEGVideo2

[PCDRWIN]
szCurrentCustomTest=C:\Program Files\PCDR\defuser.pcb
iShowStartupScreen=1
iVerticalButtonBar=1
iSaveWindowLayout=0
CurrentLanguage=0

[TWAIN]
DEFAULT SOURCE=

[colors]
Scrollbar=216 208 200
Background=0 0 0
ActiveTitle=255 0 0
InactiveTitle=128 0 0
Menu=216 208 200
Window=255 255 255
WindowFrame=0 0 0
MenuText=0 0 0
WindowText=0 0 0
TitleText=255 255 255
ActiveBorder=212 208 200
InactiveBorder=212 208 200
AppWorkspace=128 128 128
Hilight=0 36 104
HilightText=255 255 255
ButtonFace=216 208 200
ButtonShadow=128 128 128
GrayText=128 128 128
ButtonText=0 0 0
InactiveTitleText=216 208 200
ButtonHilight=255 255 255
ButtonDkShadow=64 64 64
ButtonLight=216 208 200
InfoText=0 0 0
InfoWindow=255 255 225
ButtonAlternateFace=184 180 184
HotTrackingColor=0 0 128
GradientActiveTitle=255 255 0
GradientInactiveTitle=0 0 128

[DrawDib]
pnpdrvr.drv 1024x768x16(565 0)=37,5,5,5

[OriginSystems]

[WS_FTP95]
VERSION=96.08.21

[MSCharMap]
Font=Symbol

privacy_win
[REG]
Times=3
1=1123085586
2=1123758346
3=1123758954

Edited by dweebosh, 11 August 2005 - 06:50 AM.

  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That !submit folder is created by KillBox as a backup just in case you deleted a file by mistake. If all is well here, we may delete it at the end.

I'm not sure about the HJT problem. Can you run it in Safe Mode? How about if you rename it to something like HJTold.exe and run it?
  • 0

Advertisements


#26
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I've just finished trying all the tactics you suggested - no success unfortunately. I still can't get HJT to run and I'd like to be sure that I'm rid of the spyware for good (I'm not intending to use my laptop on the internet again after this!)

Would another panda scan be thorough enough to ensure that I'm rid of PSguard now? (everything seems to be running OK - but this malware incident has made me a little paranoid!)

Failing that, I don't know if you have any new ideas on how to get HJT to work properly? Thanks for your help through all this, you've already saved my laptop from the scrapheap, but a little reassurance would be nice to round things off! A nice clean HJT log would be ideal, but I still get 'Unexpected error' when it tries to boot.

Many thanks
  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Boot into Safe Mode and try running smitRem again. Restart and post that log here. See if you can run HijackThis. If not, I will ask other staff members to see if they saw this before.
  • 0

#28
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! ;)


It doesn't look like there's any answers here :tazz:
HJT still won't run either in safe or normal modes. I also tried to run another panda scan this morning but kept getting error messages (an activeX problem? - I altered my security settings and rebooted - panda scan still wouldn't run).

The windows registry restore fixed all my windows performance problems, but I don't understand why this would have interfered with HJT.
Thanks for all your help so far!
  • 0

#29
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, download bothlog and run it. Then follow the instructions here on how to post the bothlog file. Post it here when ready.
  • 0

#30
dweebosh

dweebosh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sorry, no luck here either!

I downloaded ht.bat and followed the instructions provided but it never runs to completion:

How to.
Wait for this Window to close.
.......
Then close the Hijackthis.log you will see on the screen.
Post the contents of both.log on the Forums.

I've run the ht.bat file a couple of times but never get past the message above. (Tried double-clicking the ht.bat icon in windows and also navigated to it manually via DOS-prompt but with the same result each time).

In the task and title bars, the text flashes between MS-DOS prompt and 'PING'? I also get the 'Unexpected error' message from HJT pop-up in the background.

Thanks for your persistence with this problem (greatly appreciated!)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP