Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] please some advice


  • This topic is locked This topic is locked
25 replies to this topic

#16 69smitty

69smitty

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 17 June 2008 - 12:47 PM

ok when opening up to disable system restore i got program not responding . i t shut down got an error szAppName: rundll32.exe szAppVer:5.1.2600.2180 szmodname :hungapp szModeVer : 0.0.0.0 offset:00000000 error report contents was C:\ docume~1|dwayne~1\locals~1\temp\WER3ae7.dir00\rundll32.exe.mdmp C:\ docume~1|dwayne~1\locals~1\temp\WER3ae7.dir00\appcomppat.txt internet working ok so far but this now :pullhair:

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 June 2008 - 03:27 PM

Open appcomppat.txt with notepad and post the contents here:
C:\ docume~1|dwayne~1\locals~1\temp\WER3ae7.dir00\appcomppat.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 69smitty

69smitty

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 18 June 2008 - 07:19 PM

<?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM"> <MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="gdi32.dll" SIZE="282624" CHECKSUM="0x92E2A72F" BIN_FILE_VERSION="5.1.2600.3316" BIN_PRODUCT_VERSION="5.1.2600.3316" PRODUCT_VERSION="5.1.2600.3316" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3316 (xpsp_sp2_gdr.080219-1316)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4AB95" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3316" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3316" LINK_DATE="02/20/2008 06:51:05" UPTO_LINK_DATE="02/20/2008 06:51:05" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="kernel32.dll" SIZE="984576" CHECKSUM="0xF0B331F6" BIN_FILE_VERSION="5.1.2600.3119" BIN_PRODUCT_VERSION="5.1.2600.3119" PRODUCT_VERSION="5.1.2600.3119" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9293" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3119" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3119" LINK_DATE="04/16/2007 15:52:53" UPTO_LINK_DATE="04/16/2007 15:52:53" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA38DDD0E" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13DC6B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:47" UPTO_LINK_DATE="07/26/2005 04:39:47" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="oleaut32.dll" SIZE="550912" CHECKSUM="0x96DD1D1E" BIN_FILE_VERSION="5.1.2600.3266" BIN_PRODUCT_VERSION="5.1.2600.3266" PRODUCT_VERSION="5.1.2600.3266" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.3266" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x86DD3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3266" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3266" LINK_DATE="12/04/2007 18:38:12" UPTO_LINK_DATE="12/04/2007 18:38:12" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="shell32.dll" SIZE="8454656" CHECKSUM="0x13694C50" BIN_FILE_VERSION="6.0.2900.3241" BIN_PRODUCT_VERSION="6.0.2900.3241" PRODUCT_VERSION="6.00.2900.3241" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.3241 (xpsp_sp2_gdr.071025-1248)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8166C2" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.3241" UPTO_BIN_PRODUCT_VERSION="6.0.2900.3241" LINK_DATE="10/26/2007 03:36:50" UPTO_LINK_DATE="10/26/2007 03:36:50" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="user32.dll" SIZE="577536" CHECKSUM="0x1AB40203" BIN_FILE_VERSION="5.1.2600.3099" BIN_PRODUCT_VERSION="5.1.2600.3099" PRODUCT_VERSION="5.1.2600.3099" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x940E1" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3099" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3099" LINK_DATE="03/08/2007 15:36:28" UPTO_LINK_DATE="03/08/2007 15:36:28" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="wininet.dll" SIZE="826368" CHECKSUM="0xC0613F56" BIN_FILE_VERSION="7.0.6000.16674" BIN_PRODUCT_VERSION="7.0.6000.16674" PRODUCT_VERSION="7.00.6000.16674" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.6000.16674 (vista_gdr.080415-1732)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xCBAE1" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.6000.16674" UPTO_BIN_PRODUCT_VERSION="7.0.6000.16674" LINK_DATE="04/23/2008 04:16:29" UPTO_LINK_DATE="04/23/2008 04:16:29" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" /> </EXE> </DATABASE>

#19 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 June 2008 - 07:25 PM

That didn't shed any light on that error. You only got that when trying to create a restore point?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 69smitty

69smitty

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 18 June 2008 - 08:09 PM

how about this 1 :blush: only ones in there Server=watson.microsoft.com UI LCID=1033 Flags=1671504 Brand=WINDOWS TitleName=DrWatson Postmortem Debugger DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId ErrorText=If you were in the middle of something, the information you were working on might be lost. Stage1URL= Stage1URL=/StageOne/Generic/BEX/drwtsn32_exe/5_1_2600_0/3b7d84a2/dbghelp_dll/5_1_2600_2180/4110969a/0001295d/c0000409/00000000.htm Stage2URL= Stage2URL=/dw/GenericTwo.ASP?EventType=BEX&P1=drwtsn32.exe&P2=5.1.2600.0&P3=3b7d84a2&P4=dbghelp.dll&P5=5.1.2600.2180&P6=4110969a&P7=0001295d&P8=c0000409&P9=00000000 DataFiles=C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\WER76c8.dir00\drwtsn32.exe.mdmp|C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\WER76c8.dir00\appcompat.txt Heap=C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\WER76c8.dir00\drwtsn32.exe.hdmp ErrorSubPath=Generic\BEX\drwtsn32.exe\5.1.2600.0\3b7d84a2\dbghelp.dll\5.1.2600.2180\4110969a\0001295d\c0000409\00000000 DirectoryDelete=C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\WER76c8.dir00

#21 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 June 2008 - 10:30 AM

Try deleting the temp file and folders in this temp folder. C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\ <---- Delete everything in this folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 69smitty

69smitty

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 19 June 2008 - 11:30 AM

ok everything was deleted except for ~dfd4cc.tmp ~dfd494.tmp ~dfe847.tmp an dfe814.tmp when i try i recieve error acess denied make sure the disk is not full or write protected an the file is not currently being used

#23 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 June 2008 - 12:48 PM

ok everything was deleted except for ~dfd4cc.tmp ~dfd494.tmp ~dfe847.tmp an dfe814.tmp when i try i recieve error acess denied make sure the disk is not full or write protected an the file is not currently being used

Those get removed / recreated when you start / shutdown.

How's it running now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 69smitty

69smitty

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 19 June 2008 - 01:04 PM

:thumbup: thanks bud greatly appreciated for your time an efforts all seems to be running somethly at the moment any suggestions on keepin it that way :) i had mcfee purchased it but didnt like it so got rid of it an dl the free avg any good ? an i also run ccleaner an recently dl spybot search an destroy should this be enough if i keep on top of scanning with those. once again bud u the man an thanks for the time !!!!

#25 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 June 2008 - 05:45 PM

I use the free AVG myself.

Be sure to keep your anti-virus, spybot and windows updated.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Great job :thumbup:

You're more then welcome.
Glad we were able to help

Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#26 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 June 2008 - 05:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users