HijackThis Logfile

[wkusigep460]

I am on my in-laws' computer, and they have complained about having a constant error message popping up. So, I Googled the error message, and many of the results involved HijackThis to help solve the problem. The error message says something along the lines of:

"...C:\WINDOWS\system32\append.dll is not a valid Windows image..."

The HJT results are attached as a file!
Please help! Thank you!

 

[kritius]

Hi wkusigep460,

I think that there are some things on your log that dont look great.

I would go through all the steps HERE and repost with the three requested logs, someone will then be able to go through them and tell you what the problems are.

Good luck and welcome to TechSpot.

 

[tomrca]

hi Hi wkusigep460,
kritius is right, you have sick pc.

first of all the hjt you are using is out of date. the present version is v2.0.2 update it from HERE

be sure to use the anti-rookit programme as there is evidence of that. there is also a trojan downloader..Trojan-Downloader.Win32.Alphabet , funweb products and BPGame.exe etc
please go to the site that kritius advised, be sure to follow the instructions exactly .

 

[wkusigep460]

Thanks, as soon as I make it back to their house, I will follow all 15 steps to the tee, then post the results. Stand by for more, please. Thank you!

 

[wkusigep460]

15 Steps Completed

Ok, I followed all 15 steps as well as I could. I ended up having to set up a remote access with their computer to help them from my house. Here are my results:

Nothing found with the Panda Antirootkit program.

Combofix wouldn't work, so I used the alternative DSS (it's log files are attached, extra.txt and main.txt & main1.txt). DSS created two main.txt files, and I wasn't sure which was the correct one, so I posted them both.

AVG Antispyware and new HJT logfiles also attached.

Thanks again for all the help. Just to let you know, that error message (about the append.dll) keeps popping up with every program that I attemp to initiate.

 

[kritius]

The AVG can isnt there, so that needs to be put back in.

When you say that combofix wouldnt work, what exactly happened?

 

[wkusigep460]

Oops, I'll attach the AVG when I get back home later today.

As far as the ComboFix, whenever I would go to start the program, the blue DOSpromt (?) screen would come up and say that ComboFix is about to begin, but I would receive a million of those error messages (the original ones with append.dll). Usually, if I click OK a few times, the error message will stay away, but not for this program. Eventually, when I closed the blue screen, the error messages stopped.

 

[tomrca]

make sure to download and run 'avg anti-rootkit' you may need to stop this service before running
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
post a fresh hjt after running

 

[wkusigep460]

Here's the AVG report that I was missing. The file itself exceed 100 kb, so I had to zip it.

I will run AVG Anti-Rootkit in the near future...not sure how to stop that program you mentioned (it didn't appear in my task manager).

Please let me know my next step. Thanks again!!!

 

[wkusigep460]

Ran AVG Anti Rootkit....nothing found.

 

[tomrca]

need to see hopefully the final hjt

if you have services that you need to change how they run go to start>run>type "services.msc" then hit ok. look for the sevice. you will see that they are in abc order. examine the info that it gives to determine how it runs. right click and make a selection, auto,manual or stop

 

[wkusigep460]

The final HJT is in post #7

 

[tomrca]

The final HJT is in post #7

after yo have done a scan with any other cleaner such as avg and the rootkit remover we need to see if the it has been removed. so please post a fresh hijack this

Oops, I'll attach the AVG when I get back home later today.

As far as the ComboFix, whenever I would go to start the program, the blue DOSpromt (?) screen would come up and say that ComboFix is about to begin, but I would receive a million of those error messages (the original ones with append.dll). Usually, if I click OK a few times, the error message will stay away, but not for this program. Eventually, when I closed the blue screen, the error messages stopped.

this is the full post of No7 and no hjt attatched

 

[wkusigep460]

oops, i meant post #5, sorry

 

[tomrca]

that's no good! it's an infected log. if you don't post a fresh log after running various scans etc, how can you find out if your pc is clean or needs more work?

 

[wkusigep460]

Oh, ok

I'll repost as soon as I have access of their computer via remote control, I will rerun HJT and post its log file. Standby. (Again thanks for your patience and persistence!)

By the way, my time/day of where I currently as is 11:39 pm/Thursday. Just thought I would explain the delay in communication.

 

[wkusigep460]

Newest HJT log file.

Here is the newest HJT logfile.

 

[wkusigep460]

Any ideas?

 

[kritius]

Unless they are huge poker players id get rid of this,

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

and I havnt heard great things about this,

O20 - AppInit_DLLs: C:\WINDOWS\system32\append.dll

Other than that it looks better. Maybe anothet antivirus scan then run Ccleaner and post another HJT log

 

[wkusigep460]

I think I'm going to keep the Bodog Poker...that's pretty much all their son uses the computer for. I'll remove the 020 and repost with results. Thank you!

 

[wkusigep460]

okay....

Okay, I removed the 020 from the list, and now those error messages have disappeared for the most part. They still seem to pop up whenever I open a program. The millions of those error messages that popped up when you first started the computer have gone, but there are still a few here and there. I have posted the newest HJT log file. Thanks again!

 

[wkusigep460]

Nevermind, they have seemed to disappear everywhere now. But please let me know if you see anything wrong with the latest log file I have posted. Otherwise, thank you very much for you help, patience, and cooperation!!!

 

[wkusigep460]

ComboFix

finally got to run ComboFix, and here is the log file.

 

[Blind Dragon]

Sorry didn't read the whole thread, so cant verify everything for you, but just a couple of things from glancing at the logs.

1)Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update TAb at the top
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

\

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

2) Did you already uninstall Wild Tangent

 

[tomrca]

info for blind dragon:
still there. read this
stop this service: how to, start>run>type services.msc> seek out this service right click select stop or disable then go to programme files and uninstall. try "revo uninstaller" free from here
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe