Encountered problems such as h.sys, guihelp. sys, iesuper. dll, jfrwdh. dll, and pedadt. dll.
Original endurer
2008-07-29 1st
A netizen said that his computer often restarts automatically recently. After the computer is turned on, guard keeps sending alerts. Please help with the repair.
Pe_xscan is used to scan logs and analyze the logs. The following suspicious items are found:
Pe_xscan 08-07-02 by Purple endurer
7-24 22:41:51
Windows XP Service Pack 2 (5.1.2600)
MSIE: 6.0.2900.2180
Administrator user group
Normal Mode
O2-BHO iesuper-{1a49f431-2a2e-41a5-9080-0f41d1a3aec2} = C:/progra ~ 1/iesuper. dll | 5:44:22
O4-hkcu/../run: [bgswitch] C:/Windows/system32/bgswitch.exe
The existence of IE or Internet Options in o6-hkcu/software/policies/Microsoft/Internet Explorer/control panel may be limited
O23-service: H (H)-C:/Windows/system32/Drivers/H. sys | (manual)
O23-service: syshostsvc (syshostsvc)-C:/Windows/system32/Drivers/guihelp. sys | 17:49:28 (automatic)
O24-shlexechook: [Microsoft]-{841529cb-7f77-4b99-a895-b5441e0d302f} = C:/Windows/system32/jfrwdh. dll
O24-shlexechook: [1]-{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} = 1
O24-shlexechook: [Microsoft]-{7914e0aa-eccb-4311-b584-c49538227824} = C:/Windows/system32/jhfrxz. dll
O24-shlexechook: [Microsoft]-{4d165a2a-4bc1-4ca8-8299-08e05aaab5a4} = C:/Windows/system32/tdggrz. dll
O24-shlexechook: [Microsoft]-{B29583D8-033A-4B9F-8553-7C5458F3FB8E} = C:/Windows/system32/jdsaex. dll
O24-shlexechook: [Microsoft]-{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} = C:/Windows/system32/wyrsdj. dll
O24-shlexechook: [Microsoft]-{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068} = C:/Windows/system32/jggtsr. dll
O24-shlexechook: [Microsoft]-{73ae86e6-7f03-4c3b-8980-fb1da157d3c7} = C:/Windows/system32/fmcvxy. dll
O24-shlexechook: [Microsoft]-{875e07b1-0614-43d9-a76e-d76a28ab3d7b} = C:/Windows/system32/tfsdmz. dll
O24-shlexechook: [Microsoft]-{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} = C:/Windows/system32/fsrgeb. dll
O24-shlexechook: [Microsoft]-{5e907a48-400e-4ea8-9792-ffae052d59e9} = C:/Windows/system32/pedadt. dll
Download bat_do, fileinfo to the http://purpleendurer.ys168.com. Use fileinfo to extract information about suspicious files and use bat_do to delete files in a delayed manner.
Download and install rising Kaka Security Assistant 6.0 to delete the suspicious items in the log.
Where
O23-service: syshostsvc (syshostsvc)-C:/Windows/system32/Drivers/guihelp. sys | 17:49:28 (automatic)
Files in:
File Description: C:/Windows/system32/Drivers/guihelp. sys
Attribute: ---
Digital Signature: No
PE file: Yes
Language: Chinese (China)
File version: 5, 1, 2467, 4
Notes: Gui helper API
Copyright: All Rights Reserved
Product Version: 5, 1, 2467, 4
Product Name: guihelp
Company Name: Microsoft Corporation
Internal name: guihelp
Source File Name: guihelp. sys
Creation Time: 1:49:28
Modification time: 1:49:28
Size: 8341 bytes, 8.149 KB
MD5: 99a87b164f509db7976fbd4b8f0aa338
Sha1: be4e229a8d15271dd23ea6e82179ca8774f6c774
CRC32: bcd76c3d
Although the MD5 value is the same as that published on the internet, it does not pass the digital signature of M $. Therefore, this item is disabled first.
Download hijackthis from http://endurer.ys168.com and fix o6 items. KaKa Security Assistant 6.0 should be able to fix this problem theoretically, but it was not found at once.
Restart the computer. No alarm is reported by guard.
However, automatic computer restart still exists. It is estimated that there are conflicts with other software, such as C:/program files/memory broom/ram.exe, or the computer's poor heat dissipation and hardware overclock.