Here are the logs. My computer seems to be working better and i havent had many problems in the past few days. Btw though, i randomly will get redirected to a random website sometimes. Usually when i click on a link, or try to search a link. Its pretty annoying but no that big of a deal though.
Hey you may want to hide your e-mail. just sayin to prevent your e-mail from getting spammed. there is a lot of people that likes to spam on the forums.
i dont rlly use that email unless i know something is being sent there, but thanks for telling me that
Hi there did you have a date problem when you installed the system ?
[2099/01/01 12:00:00 | 000,000,000 | R–D | C] – \app-t12\users13\mstreuber2\My Pictures
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2010/11/30 12:41:17 | 000,008,155 | ---- | M] () -- C:\Documents and Settings\mstreuber2\Local Settings\Application Data\Wsufaloqe.dat [2010/11/30 00:18:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mstreuber2\Local Settings\Application Data\Rfazukijadu.bin [2010/11/29 13:08:23 | 000,008,155 | ---- | M] () -- C:\WINDOWS\anapeyamoledu.dll [2010/11/29 13:08:05 | 000,008,155 | ---- | M] () -- C:\WINDOWS\Wsufaloqe.dat [2010/11/29 00:31:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rfazukijadu.bin [2010/11/28 23:46:28 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\CALC.job [2010/11/28 23:46:14 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\EHSUN.job [2010/11/28 23:46:10 | 000,121,856 | RHS- | C] () -- C:\WINDOWS\System32\adsmsext1.dll:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Hey, I ran OTL again and did what you said and here is the log. There was other log that came up and idk what it is so ill post that too. But combofix didnt work. I would start it and everything and then randomly a message that says CFscript is spelled wrong and that i should check the spelling. Then i click ok on that message and combofix closes. Also, there is no possible i can turn off symantec antivirus because its the school virus scan or something. And it said Avast was still running and im pretty sure i uninstalled it.
That is weird for combofix - as that would only come up if you dragged a text file onto it
Could you try Combofix again please, just double click the icon
Alright i tried Combofix 4 more times, none of them working. Also, whenever my computer starts messing up it randomly tuns to windows classic style bars… it wont let me change it when it does that too. Not a big deal i just dont know if that cld be something
OK lets run a different programme to see if I can locate the miscreant
Download avz4.zip from here
[*]Unzip it to your desktop to a folder named avz4
[*]Double click on AVZ.exe to run it.
[*]Run an update by clicking the Auto Update button on the Right of the Log window:
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-update-button.png
[*]Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png
[*] Click on the “Execute selected scripts”.
[*] Automatic scanning, healing and system check will be executed.
[*] A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
[] It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
[] All applications will work properly after the system restart.
When restarted
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the “Advanced System Analysis " check box.
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png
[*] Click on the “Execute selected scripts”.
[*] A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Upload both virusinfo_syscure.zip and virusinfo_syscheck.zip to Mediafire and post the sharing link.
Yeah the link on the word here, doesnt work. It says
Not Found.
The requested resource was not found.
httpd
Soooooo i couldnt do what you asked, sorry
Try right clicking on that word ‘here’ and select save file as or save as or save link as, depending on your browser. the avz4.zip file is there, I just confirmed that in firefox using the save link as action in firefox, see image.
http://cid-32d8666f4048075b.office.live.com/self.aspx/Malware%20files/avz4.zip download a copy from my site
[b]I’m jumping into this topic because I’m having the same problem… (“Svchost.exe Application Error” The instruction at “0x7c923845” etc.). No matter what you do when this pops up, your computer freezes and you’re forced to reboot to get it going again. The only reason I’m on here now is because I didn’t choose either of the options (ok to terminate OR cancel to debug), I simply dragged the error down to the bottom of my screen for now…
I do know this. Whatever caused this began when I clicked on a link to play hidden objects 4, on Facebook… I knew immediately that it was not a good link because my computer (or the link) started a malware scan. (I turned my computer off in the middle of the chaos and the scan never completed). I noticed a couple files that seemed suspicious in my WINNT\TEMP and deleted them (4225859.exe and another file with a different extension). I also disabled this in msconfig’s startup… (not sure if I should have done any of that, but since I couldn’t determine what 4225859.exe was, I took my chances and deleted it)…
I used your OTL and scanned as you directed. The two .txt files are on my desktop, but I didnt have the program make any changes because I just wasn’t sure what would happen there… If you give me the ok, I’ll post the results here. (I figured out how to attach them and here they are.
Thanks so much,
ICAngels
-----------------------------------[/b]
That was a good move - that file was the main initiator. I can see no sign of an Antivirus programme on your system - not a good move really
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8888 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8888 FF - prefs.js..network.proxy.type: 4 [2010/10/12 07:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MRSystem\Application Data\Mozilla\Firefox\Profiles\31q0z3et.default\extensions\searchtoolbar@zugo.com O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-1482476501-838170752-839522115-1006\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found [2010/12/13 11:19:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0 [2010/12/15 13:09:42 | 000,000,120 | ---- | M] () -- C:\WINNT\Tlujetakobi.dat [2010/12/15 07:03:58 | 000,000,000 | ---- | M] () -- C:\WINNT\Kyufohapu.bin:Files
ipconfig /flushdns /c:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Followed your instructions. The svchost error came up just before I did the fix and my computer wouldn’t reboot when the program tried to. So, I manually shut it down and did the fix a second time. I reinstalled the microsoft security, so you’ll notice it in the new log I’m attaching.
Before I did all this, I received an email from my bank’s security dept notifying me that their rapport (spyware) caught & stopped 4 trojans when I accessed my account this morning… Ugh… (TDL4 (severity: High); Zeus 2 (severity: High); TDSS (severity: High); Hiloti (severity: High). My Microsoft Security Antispyware scanned and only found two instances of Hiloti and deleted them. It didn’t seem to recognize the other three. I also don’t know if combofix took care of the other three viruses.
Thank you so much for your help here…
L
**UPDATE: No problems for a while then a new one is popping up now…
AXWINFRAME Windows: svchost.exe - Application Error (instruction at “0x16cda24e” referenced memory at “0x16cda24e” The memory could not be written…
12/29 - Ugh… The original svchost.exe - Application Error just popped back up…
Combofix confirms the TDL4 infection so lets kill that now - Whilst you are doing this I will read the rest of the logs ;D
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.