• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
zjclimber

FindnFix problem

8 posts in this topic

I've down loaded 'FindnFix' to my destop its location is in C:\Documents and

settings.

 

I'am infected with 'about-blank' and I want to be prepaired when I am offered

help in removing it.

 

I'am able to extract 'findnfix' from my desk top icon and open the fille.

when I double click on the '!LOG.BAT!' folder it will open and start to log my

system and adding information to some txt files that "FindnFix' created.

 

Then after 3 mins. or so I get a message box that says C:\Windows\System\

Cmd.exe not a vallid Win32 application.

 

I hope someone can help to get 'FindnFix' to work for me.

 

Thanks in Advance

Share this post


Link to post
Share on other sites

Don't attempt to use it until a qualified helper suggests it.

Share this post


Link to post
Share on other sites

I think my computer settings are incorrect.

Any folder that ends in'.txt' can't be open. I get 'not a valid Win32 application'

 

Any advice will be greatly appreciated

Share this post


Link to post
Share on other sites
I think my computer settings are incorrect.

Any folder that ends in'.txt' can't be open. I get 'not a valid Win32 application'

 

There are no "folders" that end with "txt" so I assume you meant "files" ... :scratchhead:

 

Is your notepad.exe hijacked?

That's likely the reason!

Check all copies in Windows, System32 folder and Dllcache folder

and replace the missing/corrupted.

 

If no luck and you are using XP, you can download the original 'notepad_xp' from the 'FINDnFIX page' in my signature, unzip and replace the corrupted copies.

 

I've down loaded 'FindnFix' to my

destop its location is in C:\Documents and settings.

 

I'am able to extract 'findnfix' from my desk top icon

and open the fille

The location of the extracted FINDnFIX' should be no other than

"Drive"\FINDnfix.. (c:\FINDnFIX\)

It will NOT function from any other location/path!

If you dragged any files out of it, it's more likely useless!

Edited by freeatlast

Share this post


Link to post
Share on other sites

CNM thank you for your reply. For some reason I was not able to see your post

until I posted a reply to my original post.

 

I will wait for a helper per your post.

Share this post


Link to post
Share on other sites

Freeatlast is the finest helper you could find. :D

Do whatever she says. She is the one who wrote FindnFix and she is an Expert.

Right up above your last post.

 

Generally you won't see new posts until you refresh your screen, so do that often.

Share this post


Link to post
Share on other sites

CNM I have read and studied many of your posts and FreeatLast posts in all topics on this forum. I am very impressed with the knowledge and skill you both

demonstrate.

 

Freeatlast I down loaded 'notepad.exe' from your sig. I forgot that I deleted it some time ago. I have 'wordpad' that I assumed replaced it.

I have uninstalled 'FindnFix' for the time being will wait for further instruction.

I had copied an infected file to the 'Junkxxx' file/folder in 'FindnFix'.

I then ran AVG 6.0 with current updates. It found the infected file 'Trojan horse

BackDoor.Agent.BA' in the 'Junkxxx" file/follder. AVG could not repair or move

the trojan to its 'vault'.

I then ran on line scan from 'trendmicro' it found the same infection, and a additional virus in the 'system restore' on my comput.

I re-ran AVG and this time it found both 'infections'. It now was able to put both infections in its 'vault'.

My comput has been clean from 'about-blank' since 7/26/04. I've not 'time travel' yet to see if it will be back. I look forward to your counsel. Thanks in advance.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 5:45:55 PM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BHODemon 2\BHODemon.exe

C:\FDIW\UpdtChk.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\dennis.D218HS31\My Documents\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [buildBU] c:\dell\bldbubg.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [bacstray] BacsTray.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe

O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAg...ctiveX/smsx.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA76530-0D15-4308-A686-BCE1AC903AEC}: NameServer = 12.152.176.3,12.32.70.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7AA335F-0880-46A9-8BBA-5060A960267D}: NameServer = 12.152.176.3,12.32.7

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0