Sign in to follow this  
wodasha

Application Error

Recommended Posts

I kept getting these fake cnn/msnbc emails and it ended

 

up getting bunches of viruses installed on my system.

 

But when I try to start ad-adware it says comes up with

 

this message.

 

"Application Error

 

Exeption Eaccessviolation in module

Ad-Aware.exe at 001DCCA4.

Access Violation at address 005DCCA4

in module 'Ad-Adware.exe' read of

address 00000418".

 

Also when I reinstalled windows xp my data was still on

 

the computer and it went back to

service pack 1

 

And doesn't start up.

 

What's the solution ?

 

Thank You.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:48:35 AM, on 8/15/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device

 

Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CbEvtSvc.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\NewDotNet\nnrun.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\NewDotNet\nnrun.exe

C:\WINDOWS\System32\WgaTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\dvdupgrd.exe

C:\WINDOWS\System32\pphc37bj0el5l.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\System32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection

 

Wizard,ShellNext =

 

http://go.microsoft.com/fwlink/?linkid=54834

R1 -

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

 

Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) -

 

{00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program

 

Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

F2 - REG:system.ini: Shell=Explorer.exe

 

"C:\WINDOWS\server.exe"

O2 - BHO: Octh Class -

 

{000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program

 

Files\Orbitdownloader\orbitcth.dll

O2 - BHO: MyWebSearch Search Assistant BHO -

 

{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

 

Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper -

 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO -

 

{07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program

 

Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: flashget urlcatch -

 

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program

 

Files\FlashGet\jccatch.dll

O2 - BHO: CInterceptor Object -

 

{38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program

 

Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: (no name) -

 

{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - (no file)

O2 - BHO: (no name) -

 

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: Yahoo! IE Services Button -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class -

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: IeMonitorBho Class -

 

{bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program

 

Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: MU Online Toolbar Helper -

 

{D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program

 

Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll

O2 - BHO: SearchSettings Class -

 

{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program

 

Files\Search Settings\kb125\SearchSettings.dll

O2 - BHO: FlashGet GetFlash Class -

 

{F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program

 

Files\FlashGet\getflash.dll

O3 - Toolbar: Yahoo! Toolbar -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: MU Online Toolbar -

 

{B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program

 

Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll

O3 - Toolbar: (no name) -

 

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: My Web Search -

 

{07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program

 

Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Radio -

 

{8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HotKeysCmds]

 

C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

 

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [My Web Search Bar Search Scope

 

Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe"

 

/m=0

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

 

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark

 

1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,

 

[email protected]

O4 - HKLM\..\Run: [searchSettings] C:\Program

 

Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [sansaDispatch] C:\Program

 

Files\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKLM\..\Run: [avgchosts]

 

C:\WINDOWS\System32\iiexplorer.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program

 

Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

 

Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program

 

Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Media Codec Update Service]

 

C:\Program Files\Essentials Codec Pack\update.exe

 

-silent

O4 - HKLM\..\Run: [lphc37bj0el5l]

 

C:\WINDOWS\System32\lphc37bj0el5l.exe

O4 - HKLM\..\Run: [sMrhc77bj0el5l] C:\Program

 

Files\rhc77bj0el5l\rhc77bj0el5l.exe

O4 - HKLM\..\Run: [igfxTray]

 

C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [sysrest32.exe]

 

C:\WINDOWS\System32\sysrest32.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program

 

Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program

 

Files\Video Add-on\isfmntr.exe

O4 - HKCU\..\Policies\Explorer\Run: [dude]

 

C:\WINDOWS\server.exe

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

 

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk =

 

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program

 

Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Download All with

 

FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download by Orbit -

 

res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download with FlashGet -

 

C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Grab video by Orbit -

 

res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Search -

 

http://edits.mywebsearch.com/toolbaredits/menusearch.jht

 

ml?p=ZJfox000

O8 - Extra context menu item: Do&wnload selected by

 

Orbit - res://C:\Program

 

Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit -

 

res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download All Files by

 

HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload -

 

C:\Program Files\HiDownload\HDGet.htm

O9 - Extra button: (no name) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to Mindjet MindManager -

 

{531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program

 

Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O9 - Extra button: Yahoo! Services -

 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Related -

 

{c95fe080-8f5d-11d2-a20b-00aa003c157a} -

 

C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links -

 

{c95fe080-8f5d-11d2-a20b-00aa003c157a} -

 

C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet -

 

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

 

Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet -

 

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

 

Files\FlashGet\FlashGet.exe

O9 - Extra button: HiDownload -

 

{F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program

 

Files\HiDownload\hidownload.exe

O9 - Extra button: Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O11 - Options group: [searching] Search from the Address

 

bar

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08}

 

(GamesCampus Control) -

 

http://www.gamescampus.com/xiah/luncher/GamesCampus.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

 

(Windows Genuine Advantage Validation Tool) -

 

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

 

(YInstStarter Class) - C:\Program

 

Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}

 

(DivXBrowserPlugin Object) -

 

http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}

 

(Groove Control) -

 

http://atv.disney.go.com/global/download/otoy/OTOYAX29b.

 

cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC

 

Download Control) -

 

http://www.shockwave.com/content/davincicode/sis/DVC%20D

 

ownload%20Control.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}

 

(Logout Class) -

 

http://www.gamengame.com/KALogoutComponent.cab

O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4}

 

(Quantum Streaming IE VersionManager Class) -

 

http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041

 

001.cab

O21 - SSODL: YYPokKMOsrrrq -

 

{684A5661-C2E0-FCCB-677D-9D927DBB2E02} -

 

C:\WINDOWS\system32\pp.dll

O22 - SharedTaskScheduler: IE Component Categories cache

 

daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} -

 

C:\WINDOWS\system32\ieframe.dll

O22 - SharedTaskScheduler: arturo -

 

{48a7a70a-e118-4506-a373-c9d4e8a212a1} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) -

 

Lavasoft - C:\Program

 

Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. -

 

C:\Program Files\Common Files\Apple\Mobile Device

 

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) -

 

Ares Development Group - C:\Program

 

Files\Ares\chatServer.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program

 

Files\Bonjour\mDNSResponder.exe

O23 - Service: CbEvtSvc - Unknown owner -

 

C:\WINDOWS\System32\CbEvtSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision

 

Europe Ltd. - C:\Program Files\Common Files\Macrovision

 

Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) -

 

Macrovision Corporation - C:\Program Files\Common

 

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program

 

Files\iPod\bin\iPodService.exe

O23 - Service: lxdc_device - -

 

C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: NNServ - New.net, Inc. - C:\Program

 

Files\NewDotNet\nnrun.exe

O23 - Service: Remote Packet Capture Protocol v.0

 

(experimental) (rpcapd) - CACE Technologies - C:\Program

 

Files\WinPcap\rpcapd.exe

O23 - Service: TuneUp Drive Defrag Service

 

(TuneUp.Defrag) - TuneUp Software GmbH -

 

C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint

 

Corporation - C:\Program

 

Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) -

 

Webroot Software, Inc. - C:\Program

 

Files\Webroot\Washer\WasherSvc.exe

 

--

End of file - 12319 bytes

Share this post


Link to post
Share on other sites

Please proceed as follows:

 

1. Right-click 'My Computer' on your desktop and then click 'Properties'

2. Click the 'Advanced' tab and then 'Settings' button under Performance.

3. Then click the 'Data Execution Prevention' tab and choose the setting: 'Turn on DEP for all programs and services except those I select'

4. Click the 'Add' button and *add Ad-Aware.exe* , *Ad-Watch.exe*,*lsupdateManager.exe* and *aawservice.exe* to the list.

 

>>These files are located at C:\Program Files\Lavasoft\Ad-Aware by default<<

 

 

 

Hope this would solve it for you

Cheers!

Laleh

Share this post


Link to post
Share on other sites

Hmmmm, that's a very infected computer.

 

Normally, you might get Ad-Aware to run using LS Laleh's instruction, however, in this case you have not only a backdoor trojan running but also a number of others, including Vundo which will cause Ad-aware to malfunction and give that error message, so I suspect any tweaking to run Ad-Aware will result in only negative attempts until the malware is removed.

 

I cannot read your log properly when it is all chopped up like that. Could you please do the following to make sure any further logs posted are more readable?

 

1. Open Notepad and at the top choose *format*. Make sure that wordwrap is NOT checkmarked. (uncheck it if it is)

..........

You said you reinstalled windows? Did you do a complete reformat before reinstalling because that is why you still have data (and the infections on there).

 

A couple of them look quite dangerous and have given a remote attacker access and control over your computer. In that case it is best to reformat/reinstall. Here are directions to help. Make a backup of any important data you wish to keep onto removable media first however.

When should I re-format? How should I reinstall?

http://www.dslreports.com/faq/10063

 

This file sysrest32.exe indicates this backdoor trojan infection:

Troj/Dloadr-BGT is a backdoor Trojan for the Windows platform which allows a remote intruder to gain access and control over the computer.

(description here) http://www.sophos.com/security/analyses/vi...jdloadrbgt.html

 

There are other suspects showing as well that are very difficult to remove and probably require special tools.

 

How do you wish to proceed? I don't want to go through cleaning steps if you are going reformat/reinstall. I also can't guarantee how successful cleaning will be in restoring any damage done by the trojans. That cannot be ascertained.

 

Are you not running any Antivirus program or has it been disabled, as I see no signs of one on your computer.

Share this post


Link to post
Share on other sites
Please proceed as follows:

 

1. Right-click 'My Computer' on your desktop and then click 'Properties'

2. Click the 'Advanced' tab and then 'Settings' button under Performance.

3. Then click the 'Data Execution Prevention' tab and choose the setting: 'Turn on DEP for all programs and services except those I select'

4. Click the 'Add' button and *add Ad-Aware.exe* , *Ad-Watch.exe*,*lsupdateManager.exe* and *aawservice.exe* to the list.

 

>>These files are located at C:\Program Files\Lavasoft\Ad-Aware by default<<

Hope this would solve it for you

Cheers!

Laleh

 

I have a different version cause I can't find 'Data Execution Prevention'.

When I tried to reinstall it went back to service pack 1 which doesn't have these options.

Share this post


Link to post
Share on other sites
I have a different version cause I can't find 'Data Execution Prevention'.

When I tried to reinstall it went back to service pack 1 which doesn't have these options.

 

Please follow LS CalamityJane's advise on this matter, since you seem to have a serious infection on your computer and she is more expert in that field than me

Share this post


Link to post
Share on other sites
Please follow LS CalamityJane's advise on this matter, since you seem to have a serious infection on your computer and she is more expert in that field than me

 

But I have Verizon Dsl as my ISP and that would mean I would have to reinstall it also. Will I have internet installed onto my PC. Also I have a Net Gear Router that I use for my PS3 would I have to reinstall that and finally I have Vonage as my phone provider that would mean I would have to install it again. The reason I'm real worried about my Internet not working is because I don't have a Cd for it. Also I use a Linksys ethernet plug in for my internet and phone to work at the same time. How am I supposed to re download those when my Pc would let me burn disks.

Or could I download those softwares at a friends house and burn them to a Cd ?

 

Do you know where I can find these softwares ?

 

Thanx.

Share this post


Link to post
Share on other sites

Ok, thought you were maybe experienced at the procedure but it appears not. These questions really need to be pursued with your provider.

 

But meanwhile, to stall for a little time to do that, let's see if we can clean up what we can see and just keep in mind that wiping the hard drive and doing a full reinstall may be the best recommendation for you to think about. Especially since your reinstall attempt may have been botched.

 

Don't try installing SP2 right now while it's infected. And try to keep this off the net as much as possible since it could be downloading additional malware to your PC. Use it only to look for and and respond to steps here.

 

Download this free tool called SDFix

SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here

Then please proceed to this step using another tool called ComboFix....

 

Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

If you do not have the Windows recovery console installed already, do follow the page's instructions for doing that before you run it. That is because some malware removal can damage your system so that Windows won't boot and should a problem occur, the Windows Recovery Console would be an option to use to bring the system back up.

 

Once you have installed the Recovery Console, you can then proceed to run the ComboFix tool to clean what it might find and produce a comprehensive diagnostic log for me to determine what other steps might be needed.

 

**Note: It is important that it is saved directly to your desktop**

 

1. Close any open browsers.

 

2. Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

I don't know what this means but.

 

 

SDFix: Version 1.216

Run by Administrator on Sun 08/17/2008 at 03:48 PM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

CbEvtSvc

sysrest.sys

 

Path :

%SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

\??\C:\WINDOWS\System32\sysrest.sys

 

CbEvtSvc - Deleted

sysrest.sys - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default Desktop Wallpaper

Restoring Default ScreenSaver value

 

I didn't do the hijack scan yet.

 

And I can only access the internet from safe mode with networking and I haven't even used the combo fix yet. Also I didn't tell you but when I go into the regular windows mode my screen is sideways. And I can't print the instructions from my printer.

Share this post


Link to post
Share on other sites

SDFix did find a backdoor trojan and delected a couple of infected files. I'm waiting for the ComboFix log to see what might be left.

 

It's probably best not to have this on the net as much as possible and the symptoms you are experiencing are likely due to the infection you had.

 

I might be out of touch the next few days as I am directly in the path of an impending hurricane. If our power is knocked out it might be a few days until I can get back here to review.

Share this post


Link to post
Share on other sites

Ok I've totally reinstalled.

 

Now I all I have to do is get the sound back.

 

 

I know it's a dell dimension 2350 (from 2003).

 

And I've installed Xp service pack 3.

 

And everytime I try to install the codec that comes with it.

 

It gives this message

 

"Error installing ikernel.exe (0x10000)"

 

The driver is "Analog Devices ADI

198X Integrated Audio Driver Version A08."

 

Soundmax

Edited by wodasha

Share this post


Link to post
Share on other sites
Sign in to follow this