Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

i dare anyone to solve this problem [resolved]

  • This topic is locked This topic is locked




  • Topic Starter
  • Member
  • PipPip
  • 15 posts
oh i'm sorry, that was really stupid of me, i was trying to run it in the run dialog, thanks for being patient.

i ran it and tried to run the apropos fix again in safemode, but i get the same error about 'find'. i did the env.txt thing again in case you wanted to see the updated one:

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\John Williams\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
HOMEPATH=\Documents and Settings\John Williams
Path=C:\Program Files\QuickTime\QTSystem\
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
ProgramFiles=C:\Program Files
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
USERNAME=John Williams
USERPROFILE=C:\Documents and Settings\John Williams
  • 0




    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Strange; it looks the same. I notice you have a number of non-standard (programming) tools installed, such as the Java Runtime Environment and Python (great language by the way!) --- is it possible that your machine is set up to run a script or something at boot that resets the environmental variables to your user-defined (non-standard) settings?

Here's what I want to try: no reboots in between. Please boot into Safe Mode, go to Start -> Run -> cmd (remember to run the Command Prompt again fully!), and again at the command prompt enter:

set path=c:\windows;c:\windows\system32

Then press Enter. Remember to put a space between 'set' and 'path', but no spaces around the equals sign or the semicolons.

Then immediately go back to the desktop and run the RunThis.bat from the AproposFix folder. Post the log if it runs through this time.

If this STILL doesn't work, we'll try something a little more drastic. :tazz:
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 15 posts

to answer your first question, i installed java runtime environment because i think a friend advised me to. pythonn i have no idea, and if my computer was set up to run a script or something than i didn't do it on purpose.

but anyway, i did the instructions and nothing, but then i tried running RunThis.bat from the same command prompt as the one i typed
set path=c:\windows;c:\windows\system32 into, and it ran finally! this is the output from it:
Log of AproposFix v1


Running from directory:
C:\Documents and Settings\John Williams\Desktop\aproposfix


Registry entries found:

@="1.o.pvZaaZaaba.EBr 3zZaaZpca5v q\\51aRXRSDLgfaCQHUDQRaRgFggidObRXR"
"HideUninstallerName"="C:\\Program Files\\Souws nt\\lmodramp.exe"
"ClientName"="C:\\Program Files\\Souws nt\\unlundll.exe"


Removing hidden service:
Service SPBPCI removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\s3g3350p.sys succeeded!
Deletion of file C:\WINDOWS\system32\mf3adhlp.exe succeeded!
Deletion of file C:\WINDOWS\system32\ccfcji32.dll succeeded!

Backing up files:

Removing registry entries:





Here is the hijack this log that it told me to post:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:12 PM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John Williams\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Now i am ecstatic that my device manager, "safely add/remove hardware" icon is back, network connections s is back, etc, but i guess we should get down to the business of making sure my computer gets totally clean. the last time i had virus problems i think that i wasn't able to completely get rid of them from my cache files, since they kept reappearing even though i used cc cleaner, so i'll do whatever to make sure it gets and stays clean. thank you times a million for the help so far.
  • 0



    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
So sorry for the wait :)

Looks great! :tazz:

Please delete the following folder:

C:\Program Files\Souws nt

Then reboot, run a full scan with Norton Antivirus, and let me know if it finds anything. Also let me know how it seems to be running. :)
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 15 posts
seems to be running much better. haven't had a single popup since i ran the apropos fix. i deleted that program files folder. norton did not find anything. spyware doctor found 84 things, but all were cache or cookies stuff. i've run cc cleaner before but upon reboot those files always seem to return, so even though i'm not having any problems spyware search programs always seem to find a bunch of files.
  • 0



    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Everything looks great --- your HijackThis log is completely clean. :)
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. :tazz:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :)

Edited by g2i2r4, 27 November 2005 - 04:38 AM.

  • 0



    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Thank you Swandog46 for assisting :tazz:

sabesin2001: Shall I close this topic?
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 15 posts
you're a lifesaver swandog, thank you so much.

i consider this problem solved, you can close the topic g2i2r4, and thanks for the assistance.
  • 0



    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
You're welcome :tazz:
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP