I seem to have a lot of issues with my computer. About a month ago I had some malware, after asking the good people at afterdawn i ran Malwarebytes and smitfraudfx and got rid of it. But ever since then things haven't been quite right. Here is a list of my problems: 1. My anti-virus software (avast) doesn't update. I keep getting error messages that say " avast.setup has encountered a problem and needs to close. We are sorry for the inconvenience." , and then I get a message that says Avast had an error, do you want to send a report? 2. Sometimes other programs don't work and I get the same message that says _____ has encountered a problem and needs to close, do you want to report it? Its the message you get when you force end a program, and then it asks if you want to report the error. 3. I cant seem to install java, everytime I download it from the many sources, I try to install and it says installation failed. Sometimes I cant even open the file I downloaded it just says "Java(TM) Platform SE binary has encountered a problem and needs to close. We are sorry for the inconvenience." I'm guessing all these problems are related. 4. Everytime I run malwarebytes I get 1 infected file, the system says it could not delete it and that the file will be deleted upon restarting the computer. But then after restarting I scan and still get that same infected file which still can not be deleted. I attached the malwarebytes log file below. 5. Finally, my computer does not shut down. When I go to shut down it closes programs and then just freezes. I just see my background but I cant do anything. Then I have to manually turn off the power. I have enclosed my Hijackthis report, I'm not sure if this will help or if I need a different troubleshooting scanner, I just figured I would do it to save time. Sorry for such a long post and many problems, I just would really like to clear my computer. I would appreciate any help you would have for these issues. thanks, fizz Logfile of HijackThis v1.99.1 Scan saved at 1:48:19 PM, on 6/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINNT\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\system32\wscntfy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINNT\SYSTEM32\LxrSII1s.exe Malwarebytes' Anti-Malware 1.11 Database version: 599 Scan type: Full Scan (C:\|) Objects scanned: 70908 Time elapsed: 35 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINNT\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
UPDATE Right after I posted the above thread I had to restart my computer because of the malwarebytes scan. When the computer restarted my avast update automatically worked. So I thought that this time malwarebytes actually did delete that file upon restart. So I tried to download java and that worked too, I downloaded it and installed it. And as I was getting happy that my computed somehow fixed itself, I was faced with reality.... 1. Firefox no longer works, every time I start it it closes and gives me the same error message with the send report option. I had to reinstall explorer to be able to get online and post this message. 2. Malwarebytes still shows the same infected file. And wont delete it. 3. Java doesn't fully work, and causes my browser to shut down when I try to use it. Its as if my computer fixed the avast update problem and then started a problem with firefox. And I just don't know what's going on with java. I really hope someone helps me with these issues, I have a feeling that because this thread is so complicated and full of numerous issues people wont want to bother with it. I know its not your usual spyware removal problem but I really need the help. Thanks.
hi, not all problems are related to malware. there is a driver that must be removed. we will start with sdfix, needs to run in safe mode: Download SDFix and save it to your Desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt in your reply.
Sorry to bump in... just wanted to give my two cents. Combofix will usually solve the problem. An example is this: http://www.bleepingcomputer.com/forums/topic127487.html Best Regards
Hey, I downloaded and ran SDFix. It seems to have cleaned up the computer. It still runs kinda slow and I have gotten that error message once but not regularly. All programs work, and avast updates. So I guess it deleted the driver, my question is what is this driver that was causing the problem? And should I worry about the malware file that can't be deleted? Here is the log from SDFix: SDFix: Version 1.191 Run by Authorized User on Sun 06/15/2008 at 10:10 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDfix\SDFix Checking Services : Name : ICHAUDD Path : System32\drivers\ichaudd.sys ICHAUDD - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Temp\1cb\syscheck.log - Deleted C:\WINNT\system32\bharebio01\bharebio011065.exe - Deleted C:\WINNT\system32\cookie1.dat - Deleted C:\WINNT\system32\drivers\core.cache.dsk - Deleted C:\WINNT\system32\es.dat - Deleted C:\WINNT\system32\interns32.dll - Deleted C:\WINNT\system32\targetedbanner-uninst.exe - Deleted C:\WINNT\system32\tb.dr - Deleted C:\WINNT\system32\drivers\ICHAUDD.sys - Deleted Folder C:\Temp\1cb - Removed Folder C:\Temp\tn3 - Removed Folder C:\WINNT\system32\bharebio01 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-15 22:22:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*isabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire" "C:\\Program Files\\Common Files\\AOL\\1148022903\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1148022903\\ee\\aim6.exe:*isabled:AIM" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*isabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1148022903\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1148022903\\ee\\aolsoftware.exe:*isabled:AOL Services" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\iTunes\\iTunesHelper.exe"="C:\\Program Files\\iTunes\\iTunesHelper.exe:*isabled:iTunesHelper Module" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\WINNT\\Explorer.EXE"="C:\\WINNT\\Explorer.EXE:*:Enabled:explorer" "\\??\\C:\\WINNT\\system32\\winlogon.exe"="\\??\\C:\\WINNT\\system32\\winlogon.exe:*:Enabled:explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDfix\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 19 May 2006 435 A..H. --- "C:\Documents and Settings\Authorized User\IPH.BAK" Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Fri 19 May 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 19 Oct 2004 19,456 A..H. --- "C:\Documents and Settings\Authorized User\Fizzy's Documents\Old Documents\~WRL2921.tmp" Sun 26 Aug 2007 19,968 ...H. --- "C:\Documents and Settings\Authorized User\Application Data\Microsoft\Word\~WRL0004.tmp" Wed 24 Oct 2007 22,016 ...H. --- "C:\Documents and Settings\Authorized User\Application Data\Microsoft\Word\~WRL3171.tmp" Wed 24 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\Authorized User\Application Data\Microsoft\Word\~WRL3236.tmp" Wed 24 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Authorized User\Application Data\Microsoft\Word\~WRL3868.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Authorized User\Application Data\U3\temp\Launchpad Removal.exe" Fri 19 May 2006 4,348 ...H. --- "C:\Documents and Settings\Authorized User\Fizzy's Documents\Quraan\License Backup\drmv1key.bak" Tue 15 Jan 2008 20 A..H. --- "C:\Documents and Settings\Authorized User\Fizzy's Documents\Quraan\License Backup\drmv1lic.bak" Fri 19 May 2006 312 A.SH. --- "C:\Documents and Settings\Authorized User\Fizzy's Documents\Quraan\License Backup\drmv2key.bak" Finished!
