Post by: Ankit on August 27, 2005, 06:48:55 AM
Can someone help me out with this problem? For almos every application I try to open I get a message - The instruction at "0x732e7800" referenced memory at "0x732e7800" This memory could not be "read"
Did a scan with HijackThis. Below are the logs. Please please suggest me what to do next...
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ (http://\"http://www.google.co.in/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm (http://\"http://search.msn.com/spbasic.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp (http://\"http://home.microsoft.com/access/allinone.asp\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://home.microsoft.com/access/autosearch.asp?p=%s (http://\"http://home.microsoft.com/access/autosearch.asp?p=%s\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s (http://\"http://home.microsoft.com/access/autosearch.asp?p=%s\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eudora.com/download/other/?v=6....2&t=elec&os=win (http://\"http://www.eudora.com/download/other/?v=6.0&o=qt412&t=elec&os=win\")
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TdgaBTControlCenter.exe] C:\PROGRA~1\FRONTL~1\dgaBTControlCenter.exe
O4 - HKLM\..\Run: [NetMgrInstall.exe] C:\PROGRA~1\FRONTL~1\NetMgrInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HQI Services] hqisvc32.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemze32.exe
O4 - HKLM\..\Run: [BlueTray] C:\Program Files\Impulsesoft\BluePC\Utilities\BlueTray.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\RunServices: [HQI Services] hqisvc32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\jwstdxz.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: WordWeb.lnk = WordWeb\wweb32.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = impulsesoft.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = impulsesoft.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = impulsesoft.net
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Code Composer Studio 2.21 Evaluation Tools - Unknown owner - C:\Program Files\Common Files\Texas Instruments Shared\Service\ccstudio221ET.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: enaijn - Unknown owner - \\10.0.0.92\D$\hqisvc32.exe" -service (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Post by: Guest on August 28, 2005, 01:43:04 AM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Post by: guestolo on August 28, 2005, 10:06:16 AM
It's free and simple
Afterwards, come back to this thread and post a new Hijackthis log
But, I need to see the whole log, you only posted the bottom part of the log
The best thing to do is
Open hijackths and run a system scan and save log file
When the log opens
Click EDIT at the top
and then SELECT ALL
Then right click and select COPY
Come back here and PASTE to your reply
Post by: ankit_jn on August 28, 2005, 11:08:23 PM
Thanks a lot for the response. I have registered. And my apologies for the duplicate post.
For now its suddenly working fine. I clicked on the link you provided, it seemed that everything hung up. Then I went to Task Manager and killed the explorer. Since then its behaving normally. But I fear if I reboot the machine the problem might re-appear.
Posting the complete HJT logs again. (Earlier thought that it might be insecure to reveal certain information about my company name etc. so removed the top part)
----
[color=\"purple\"]Logfile of HijackThis v1.99.1
Scan saved at 5:01:34 PM, on 8/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\FRONTL~1\dgaBTControlCenter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Impulsesoft\BluePC\Utilities\BlueTray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\etb\pokapoka63.exe
C:\HJT\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ (http://\"http://www.google.co.in/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm (http://\"http://search.msn.com/spbasic.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp (http://\"http://home.microsoft.com/access/allinone.asp\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://home.microsoft.com/access/autosearch.asp?p=%s (http://\"http://home.microsoft.com/access/autosearch.asp?p=%s\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s (http://\"http://home.microsoft.com/access/autosearch.asp?p=%s\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eudora.com/download/other/?v=6....2&t=elec&os=win (http://\"http://www.eudora.com/download/other/?v=6.0&o=qt412&t=elec&os=win\")
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TdgaBTControlCenter.exe] C:\PROGRA~1\FRONTL~1\dgaBTControlCenter.exe
O4 - HKLM\..\Run: [NetMgrInstall.exe] C:\PROGRA~1\FRONTL~1\NetMgrInstall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HQI Services] hqisvc32.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemze32.exe
O4 - HKLM\..\Run: [BlueTray] C:\Program Files\Impulsesoft\BluePC\Utilities\BlueTray.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\RunServices: [HQI Services] hqisvc32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\jwstdxz.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: WordWeb.lnk = WordWeb\wweb32.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = impulsesoft.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = impulsesoft.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = impulsesoft.net
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Code Composer Studio 2.21 Evaluation Tools - Unknown owner - C:\Program Files\Common Files\Texas Instruments Shared\Service\ccstudio221ET.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ecfcem - Unknown owner - \\10.0.0.92\Athena_UHS_SNK_0.8_12\hqisvc32.exe" -service (file missing)
O23 - Service: enaijn - Unknown owner - \\10.0.0.92\D$\hqisvc32.exe" -service (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe[/color]
----
Please let me know if there is something dangerous still residing on my PC.
Thanks again,
Ankit
Post by: guestolo on August 28, 2005, 11:41:00 PM
I'm not sure what tools you have, but let's run the following
There are a few scans I want you to run, all are free
So please try and accomplish them all
Do what you can and then post back later
Download and Unzip The Hoster (http://\"http://www.funkytoad.com/download/hoster.zip\") to a folder
We'll need this later
Download LQfix.exe (http://\"http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.exe\")
and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
We'll need this later
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- ecfcem
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for the next one
enaijn
In safe mode, find and delete the following file if it exists
C:\WINNT\system32\jwstdxz.exe <-this file
Stay in safe mode
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aaawebfinder.com/sp2.php (http://\"http://www.aaawebfinder.com/sp2.php\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [HQI Services] hqisvc32.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitemze32.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\RunServices: [HQI Services] hqisvc32.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\jwstdxz.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open the LQFix folder on your desktop
Doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.
Back in Windows
Open Hoster and
Press "Restore Original Hosts" and press "OK".
Then Exit
From my signature below
Run an Online Virus scan at Panda's
Ensure to scan "MyComputer"
When the scan is complete Save a Report of what was found
Post that report back here
Also
Run Hijackthis again and supply a fresh log
We'll have more to do but this will be a good start
Post by: X_Man82 on August 30, 2005, 07:26:00 AM
on the BSOD it says:
STOP:0x0000001E (0xC0000005, 0xF0709EF1, 0x00000001, 0x00000004) KMODE_EXCEPTION_NOT HANDLED
Address F0719EF1 base at F0718000, date stamp 34ecf8f2-MCFILTER.SYS
If anyone out there can help correct this problem thank you