Thank you so much for helping people (including me) suffering from virus!
Sorry, my story is a little bit complicated.
1. Remove virus and created a backup on Apr 3, 2010
My computer (Lenovo Thinkpad T60, XP professional SP2) was infected with search engine-redirecting virus and Trojan a month ago. Reading instructions from several forums, I tried to remove the virus. Updated full scan with MBAM and Symantec AV, found no threat.
Hitman Pro3.5 found and deleted 3 flies: isapnp.sys [rootkit], idemua.exe [Trojan] apulozuge.dll [malware]. Run Ccleaner+registry.
Then I was unable to start any application.
Use Link file fix for XP registry from http://www.kellys-ko...m/xp_tweaks.htm
Now can start a program. I then created a backup of entire system using Lenovo’s Rescue and Recovery on Apr 3, 2010.
2. BSOD after running GooredFix.exe
After that, search engine-redirecting still occur even MBAM, HitmanPro, UnhackMe did not detect any threat. I ran HiJackThis and save a log file.
Then I found the great guide from you
http://www.geekstogo.com/forum/How-to-fix-...ts-t267407.html
followed the instruction there. Run TFC; GooredFix.exe, TDSSKiller, found iaStor.sys infected
Restart Windows, got the BSOD (blue screen of death) and warning “recover from serious error”. I know GooredFix.exe fixed the virus but also caused the BSOD because I restored the system to an early backup and repeated the above steps and tested reboot. TFC was OK. But after running GooredFix.exe, I restarted the computer, got BSOD.
3. Restore to the state of Apr 3, unable to run application
I restored the entire system with the backup created on Apr 3.
Run TDSSKiller, no threats found
Run updated full scan with MBAM and Symantec AV
Found and deleted 2 files: ExLang32.CHS (Trojan dropper) and 95DA~1.exe(Trojan horse)
Now IE function properly, the redirecting virus seems having been removed. But frequently get error message say “application error…..” or “Bad image….” And I cannot run any program and then computer often freeze.
But I noticed that the computer sometimes can start normally and I can start and use the applications without getting any warning. But very often I bump into these application error warning and had to shut down the computer.
Below is representative sample of the error message I get.
I thank you very much for your time and effort!
Mbam-log-2010-04-22.txt. Not enough quota is available to process this command.
C:\…..\..\Chromas.exe Insufficient system resources exist to complete the requested service.
C:\Program Files\Windows media player\wmplayer.exe Insufficient system resources exist to complete the requested service.
BTTray.exe- unable to…This application has failed to start because mis.dll was not found. Re-installing the application may fix this problem.
DLG.exe-application error. This application failed to initialize properly (0xc0000142). Click OK to terminate the application.
VPTray.exe- application error. The application failed to initialize properly (0xc0000142). Click OK to terminate the application.
AcWLIconWnd.exe-application error. The exception unknown software exception (0x000006b9) occurred in the application at location 0x7c812a6b.
scheduler_proxy.exe -application error.
The instruction at “0x7c91ab0a” referenced memory at “0x00000010”. The memory could not be “written”.
Click on OK to terminate the program.
StatusClient.exe-Bad image. The application or DLL C:\Windows\system32\hpbpro.dll is not a valid windows image. Please check this against your installation diskette.
hpbpsttp.exe-Bad image. The application or DLL C:\Windows\system32\ faultrep.dll is not a valid windows image. Please check this against your installation diskette. ® OK
vpngui.exe-Bad image. The application or DLL C:\program files\cisco systems\VPN client\qt-mt311.dll is not a valid windows image. Please check this against your installation diskette.
scheduler_proxy.exe -application error.
The instruction at “0x7c91ab0a” referenced memory at “0x00000010”. The memory could not be “written”.
Click on OK to terminate the program.
Adobe Gamma loader..exe-application error.
The instruction at “0x7c91ab0a” referenced memory at “0x00000010”. The memory could not be “written”.
Click on OK to terminate the program.
C:\Windows\system32\cleanmgr.exe This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem
Problem with Shortcut. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, of if the Windows Installer is not correctly installed. Contact your support personnel for assistance
