TechSpot

3rd part

By elocm
Dec 25, 2009
Topic Status:
Not open for further replies.
  1. ComboFix 09-12-25.02 - Karen 12/25/2009 19:51:05.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.281 [GMT -5:00]
    Running from: c:\documents and settings\Karen.ATHLON\Desktop\deathtoit.exe.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ieupdates.exe.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
    .

    2009-12-25 18:25 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-12-25 18:25 . 2009-12-25 18:25 -------- d-----w- c:\program files\Panda Security
    2009-12-25 18:03 . 2009-12-25 18:03 -------- d-----w- c:\program files\UPHClean
    2009-12-25 17:22 . 2009-12-25 17:22 -------- d-----w- C:\VundoFix Backups
    2009-12-25 16:52 . 2009-12-25 16:52 -------- d-----w- c:\documents and settings\Karen.ATHLON\Local Settings\Application Data\Help
    2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Windows Desktop Search
    2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\program files\Windows Desktop Search
    2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\windows\system32\GroupPolicy
    2009-12-25 15:15 . 2009-12-25 15:15 -------- d-----w- c:\program files\Apple Software Update
    2009-12-25 15:14 . 2009-12-25 15:18 -------- d-----w- c:\program files\Common Files\Apple
    2009-12-25 14:39 . 2009-12-25 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-25 14:24 . 2009-12-25 14:24 -------- d-----w- c:\program files\Bonjour
    2009-12-25 12:54 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2009-12-25 12:54 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2009-12-17 00:54 . 2009-12-17 00:54 -------- d-sh--w- c:\documents and settings\Sarah\IECompatCache
    2009-12-05 15:32 . 2009-12-05 15:32 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-26 00:02 . 2007-11-10 17:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-12-25 23:00 . 2007-11-10 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-25 21:03 . 2009-05-22 20:16 -------- d-----w- c:\program files\AVG
    2009-12-25 16:12 . 2008-08-18 23:28 -------- d-----w- c:\program files\Common Files\Adobe
    2009-12-25 14:19 . 2007-12-22 01:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
    2009-12-24 19:23 . 2009-11-23 19:29 1 ----a-w- c:\documents and settings\Sarah\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-12-22 20:40 . 2009-11-18 17:54 1 ----a-w- c:\documents and settings\Karen.ATHLON\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-12-20 21:02 . 2009-11-15 23:06 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Jarte
    2009-12-12 23:16 . 2007-12-30 16:43 -------- d-----w- c:\documents and settings\Sarah\Application Data\gtk-2.0
    2009-12-09 18:34 . 2008-01-19 13:35 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\gtk-2.0
    2009-12-05 22:21 . 2009-11-18 16:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\Jarte
    2009-11-28 16:14 . 2009-11-15 22:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
    2009-11-28 13:07 . 2007-11-14 22:21 32176 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-26 21:54 . 2007-11-20 00:54 -------- d-----w- c:\program files\Windows Live
    2009-11-23 19:28 . 2009-11-23 19:28 -------- d-----w- c:\documents and settings\Sarah\Application Data\OpenOffice.org
    2009-11-21 15:51 . 2001-08-23 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-20 05:25 . 2007-11-10 16:43 32176 ----a-w- c:\documents and settings\Karen.ATHLON\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-18 17:53 . 2009-11-18 17:53 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\OpenOffice.org
    2009-11-18 17:47 . 2009-11-18 17:47 -------- d-----w- c:\program files\JRE
    2009-11-18 17:47 . 2009-11-18 17:46 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-11-18 17:38 . 2009-11-18 17:38 3584 ----a-r- c:\documents and settings\Karen.ATHLON\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2009-11-18 17:38 . 2009-11-18 17:38 -------- d-----w- c:\program files\Windows Installer Clean Up
    2009-11-18 17:38 . 2009-11-18 17:38 -------- d-----w- c:\program files\MSECACHE
    2009-11-18 17:31 . 2008-01-04 22:52 -------- d-----w- c:\program files\Java
    2009-11-18 17:14 . 2009-11-12 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-18 17:14 . 2009-11-18 17:05 152576 ----a-w- c:\documents and settings\Karen.ATHLON\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-16 00:40 . 2009-05-18 15:53 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\MSN6
    2009-11-15 23:06 . 2009-11-15 23:06 -------- d-----w- c:\program files\Jarte
    2009-11-15 22:44 . 2009-11-15 22:44 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
    2009-11-15 21:15 . 2009-11-15 21:08 130250 ------w- c:\windows\hpoins36.dat
    2009-11-15 21:12 . 2009-11-15 21:12 -------- d-----w- c:\program files\Common Files\HP
    2009-11-12 21:41 . 2008-09-24 22:16 -------- d-----w- c:\program files\Yahoo!
    2009-11-12 20:28 . 2009-11-12 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
    2009-11-12 19:46 . 2009-11-12 19:46 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\IObit
    2009-11-12 19:46 . 2009-11-12 19:46 -------- d-----w- c:\program files\IObit
    2009-11-12 01:09 . 2009-11-12 01:09 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\AVG8
    2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Malwarebytes
    2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-11-10 03:22 . 2007-12-23 16:06 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-11-10 03:16 . 2009-11-10 03:16 -------- d-----w- c:\program files\CCleaner
    2009-10-30 02:46 . 2009-10-30 02:46 -------- d-----w- c:\program files\MSXML 4.0
    2009-10-29 07:45 . 2001-08-23 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-28 22:00 . 2009-10-28 22:00 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2009-10-28 22:00 . 2009-10-28 21:59 -------- d-----w- c:\program files\HP
    2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2001-08-23 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2001-08-23 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2001-08-23 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-08 19:57 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2009-10-08 19:57 . 2001-08-23 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 19:56 . 2001-08-23 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-02 19:03 . 2009-10-02 19:03 16286 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\cache\6.0\5\42c06805-1f909996-n\ShoddyHelper.dll
    2009-07-25 15:51 . 2009-07-25 15:51 56 -csh--r- c:\windows\system32\5FAC356860.sys
    2009-08-03 21:23 . 2009-07-25 15:51 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
    .
  2. elocm

    elocm Newcomer, in training Topic Starter

    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-25 20:00
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0
  3. elocm

    elocm Newcomer, in training Topic Starter

    Application failed to initialize 0x0000005 (3 parts)

    Hi There,

    I'm unable to load any new software without the above error, acrobat, quicktime, Itunes etc.... I have posted HJT and Combofix logs, please help if you can

    Thanks

    Mike
  4. Speedz213

    Speedz213 Newcomer, in training

    Hello elocm,

    The tool that you ran which is ComboFix, is a really powerful tool that should not be used unless under supervision. While very effective in removing malware, it could hinder your computer useless if not used properly. Also, in the future, if the log is too big to post please split the log into two posts or more if required or you can always attach the log file. Please do not make a new topic for each part as it is quite confusing ;)

    Please do the following:

    Please download the current version of HijackThis from HERE
    • Double click and run the installer.
    • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
    • After installing, you should get the user agreement, press accept and Hijack This will run.
    • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  5. elocm

    elocm Newcomer, in training Topic Starter

    btw.....thanks
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please ignore- I'm asking the moderator to merge all three of your threads.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please uninstall Combofix:

    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Then I've asked the moderator to merge your 3 thread.- no further replies on this thread.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This thread is being merged. You don't need 3 thread running.

    You have been instructed to uninstall Combofix:


    Nothing you've said would indicate malware as first place to look for problem. However, if you have any reason to thing the cause of the problem (what is it?) is malware, then you will need to follow the steps HERE.

    When through, attach all 3 logs for review in your next reply.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Hopefully you will understand the threads merged in to one. Please read my reply in Post #8.
  10. elocm

    elocm Newcomer, in training Topic Starter

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you. But where did you get this download? Logfile of Trend Micro HijackThis v2.0.3 (BETA)

    I had this put in because some were finding the Beta version:
    Step 7: Make sure you use the version on the link HERE (and NOT a BETA version)

    Although I can't use this version to check for malware, I can tell you that you still have AVG entries. You may have tried to uninstall it but it wasn't complete. Please use the tool below:

    AVG Removal: Note: You may have to reinstall AVG to uninstall it fully

    Please remove this HijackThis log. Download and run the correct version and paste the new log into your next reply.

    This is the problem you think may be malware related: Is this correct?
    You have Windows XP SP3 and are using IE8- is that correct?

    I'd like you to check the Event Viewer for Error corresponding to the time you get this message:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Right click on the Error> Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.

    Errors are time coded.
    Screen shot of Event Viewer here: http://en.wikipedia.org/wiki/File:Windows_XP_Event_Viewer.png

    If you have either or both of these programs installed, please remove them- they are Rogue Programs:
    ErrorSmart
    RegistryEasy
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.