TechSpot

HijackThis Logfile

By wkusigep460
Feb 24, 2008
  1. I am on my in-laws' computer, and they have complained about having a constant error message popping up. So, I Googled the error message, and many of the results involved HijackThis to help solve the problem. The error message says something along the lines of:

    "...C:\WINDOWS\system32\append.dll is not a valid Windows image..."

    The HJT results are attached as a file!
    Please help! Thank you!
     

    Attached Files:

  2. kritius

    kritius TS Guru Posts: 2,084

    Hi wkusigep460,

    I think that there are some things on your log that dont look great.

    I would go through all the steps HERE and repost with the three requested logs, someone will then be able to go through them and tell you what the problems are.

    Good luck and welcome to TechSpot.
     
  3. tomrca

    tomrca TS Rookie Posts: 1,000

    hi Hi wkusigep460,
    kritius is right, you have sick pc.

    first of all the hjt you are using is out of date. the present version is v2.0.2 update it from HERE

    be sure to use the anti-rookit programme as there is evidence of that. there is also a trojan downloader..Trojan-Downloader.Win32.Alphabet , funweb products and BPGame.exe etc
    please go to the site that kritius advised, be sure to follow the instructions exactly .
     
  4. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Thanks, as soon as I make it back to their house, I will follow all 15 steps to the tee, then post the results. Stand by for more, please. Thank you!
     
  5. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    15 Steps Completed

    Ok, I followed all 15 steps as well as I could. I ended up having to set up a remote access with their computer to help them from my house. Here are my results:

    Nothing found with the Panda Antirootkit program.

    Combofix wouldn't work, so I used the alternative DSS (it's log files are attached, extra.txt and main.txt & main1.txt). DSS created two main.txt files, and I wasn't sure which was the correct one, so I posted them both.

    AVG Antispyware and new HJT logfiles also attached.

    Thanks again for all the help. Just to let you know, that error message (about the append.dll) keeps popping up with every program that I attemp to initiate.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    The AVG can isnt there, so that needs to be put back in.

    When you say that combofix wouldnt work, what exactly happened?
     
  7. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Oops, I'll attach the AVG when I get back home later today.

    As far as the ComboFix, whenever I would go to start the program, the blue DOSpromt (?) screen would come up and say that ComboFix is about to begin, but I would receive a million of those error messages (the original ones with append.dll). Usually, if I click OK a few times, the error message will stay away, but not for this program. Eventually, when I closed the blue screen, the error messages stopped.
     
  8. tomrca

    tomrca TS Rookie Posts: 1,000

    make sure to download and run 'avg anti-rootkit' you may need to stop this service before running
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
    post a fresh hjt after running
     
  9. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Here's the AVG report that I was missing. The file itself exceed 100 kb, so I had to zip it.

    I will run AVG Anti-Rootkit in the near future...not sure how to stop that program you mentioned (it didn't appear in my task manager).

    Please let me know my next step. Thanks again!!!
     
  10. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Ran AVG Anti Rootkit....nothing found.
     
  11. tomrca

    tomrca TS Rookie Posts: 1,000

    need to see hopefully the final hjt

    if you have services that you need to change how they run go to start>run>type "services.msc" then hit ok. look for the sevice. you will see that they are in abc order. examine the info that it gives to determine how it runs. right click and make a selection, auto,manual or stop
     
  12. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    The final HJT is in post #7
     
  13. tomrca

    tomrca TS Rookie Posts: 1,000

    after yo have done a scan with any other cleaner such as avg and the rootkit remover we need to see if the it has been removed. so please post a fresh hijack this

    this is the full post of No7 and no hjt attatched
     
  14. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    oops, i meant post #5, sorry
     
  15. tomrca

    tomrca TS Rookie Posts: 1,000

    that's no good! it's an infected log. if you don't post a fresh log after running various scans etc, how can you find out if your pc is clean or needs more work?
     
  16. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Oh, ok

    I'll repost as soon as I have access of their computer via remote control, I will rerun HJT and post its log file. Standby. (Again thanks for your patience and persistence!)

    By the way, my time/day of where I currently as is 11:39 pm/Thursday. Just thought I would explain the delay in communication.
     
  17. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Newest HJT log file.

    Here is the newest HJT logfile.
     
  18. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Any ideas?
     
  19. kritius

    kritius TS Guru Posts: 2,084

    Unless they are huge poker players id get rid of this,

    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

    and I havnt heard great things about this,

    O20 - AppInit_DLLs: C:\WINDOWS\system32\append.dll

    Other than that it looks better. Maybe anothet antivirus scan then run Ccleaner and post another HJT log
     
  20. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    I think I'm going to keep the Bodog Poker...that's pretty much all their son uses the computer for. I'll remove the 020 and repost with results. Thank you!
     
  21. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    okay....

    Okay, I removed the 020 from the list, and now those error messages have disappeared for the most part. They still seem to pop up whenever I open a program. The millions of those error messages that popped up when you first started the computer have gone, but there are still a few here and there. I have posted the newest HJT log file. Thanks again!
     
  22. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    Nevermind, they have seemed to disappear everywhere now. But please let me know if you see anything wrong with the latest log file I have posted. Otherwise, thank you very much for you help, patience, and cooperation!!!
     
  23. wkusigep460

    wkusigep460 TS Rookie Topic Starter Posts: 17

    ComboFix

    finally got to run ComboFix, and here is the log file.
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Sorry didn't read the whole thread, so cant verify everything for you, but just a couple of things from glancing at the logs.

    1)Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java
    \

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder


    2) Did you already uninstall Wild Tangent
     
  25. tomrca

    tomrca TS Rookie Posts: 1,000

    info for blind dragon:
    still there. read this
    stop this service: how to, start>run>type services.msc> seek out this service right click select stop or disable then go to programme files and uninstall. try "revo uninstaller" free from here
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...