3rd part

[elocm]

ComboFix 09-12-25.02 - Karen 12/25/2009 19:51:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.281 [GMT -5:00]
Running from: c:\documents and settings\Karen.ATHLON\Desktop\deathtoit.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieupdates.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-25 18:25 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-25 18:25 . 2009-12-25 18:25 -------- d-----w- c:\program files\Panda Security
2009-12-25 18:03 . 2009-12-25 18:03 -------- d-----w- c:\program files\UPHClean
2009-12-25 17:22 . 2009-12-25 17:22 -------- d-----w- C:\VundoFix Backups
2009-12-25 16:52 . 2009-12-25 16:52 -------- d-----w- c:\documents and settings\Karen.ATHLON\Local Settings\Application Data\Help
2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Windows Desktop Search
2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-25 16:28 . 2009-12-25 16:28 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-25 15:15 . 2009-12-25 15:15 -------- d-----w- c:\program files\Apple Software Update
2009-12-25 15:14 . 2009-12-25 15:18 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 14:39 . 2009-12-25 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 14:24 . 2009-12-25 14:24 -------- d-----w- c:\program files\Bonjour
2009-12-25 12:54 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-25 12:54 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 00:54 . 2009-12-17 00:54 -------- d-sh--w- c:\documents and settings\Sarah\IECompatCache
2009-12-05 15:32 . 2009-12-05 15:32 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 00:02 . 2007-11-10 17:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-12-25 23:00 . 2007-11-10 17:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-25 21:03 . 2009-05-22 20:16 -------- d-----w- c:\program files\AVG
2009-12-25 16:12 . 2008-08-18 23:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 14:19 . 2007-12-22 01:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-12-24 19:23 . 2009-11-23 19:29 1 ----a-w- c:\documents and settings\Sarah\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-22 20:40 . 2009-11-18 17:54 1 ----a-w- c:\documents and settings\Karen.ATHLON\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-20 21:02 . 2009-11-15 23:06 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Jarte
2009-12-12 23:16 . 2007-12-30 16:43 -------- d-----w- c:\documents and settings\Sarah\Application Data\gtk-2.0
2009-12-09 18:34 . 2008-01-19 13:35 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\gtk-2.0
2009-12-05 22:21 . 2009-11-18 16:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\Jarte
2009-11-28 16:14 . 2009-11-15 22:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-11-28 13:07 . 2007-11-14 22:21 32176 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 21:54 . 2007-11-20 00:54 -------- d-----w- c:\program files\Windows Live
2009-11-23 19:28 . 2009-11-23 19:28 -------- d-----w- c:\documents and settings\Sarah\Application Data\OpenOffice.org
2009-11-21 15:51 . 2001-08-23 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 05:25 . 2007-11-10 16:43 32176 ----a-w- c:\documents and settings\Karen.ATHLON\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-18 17:53 . 2009-11-18 17:53 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\OpenOffice.org
2009-11-18 17:47 . 2009-11-18 17:47 -------- d-----w- c:\program files\JRE
2009-11-18 17:47 . 2009-11-18 17:46 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-18 17:38 . 2009-11-18 17:38 3584 ----a-r- c:\documents and settings\Karen.ATHLON\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-18 17:38 . 2009-11-18 17:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-18 17:38 . 2009-11-18 17:38 -------- d-----w- c:\program files\MSECACHE
2009-11-18 17:31 . 2008-01-04 22:52 -------- d-----w- c:\program files\Java
2009-11-18 17:14 . 2009-11-12 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-18 17:14 . 2009-11-18 17:05 152576 ----a-w- c:\documents and settings\Karen.ATHLON\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 00:40 . 2009-05-18 15:53 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\MSN6
2009-11-15 23:06 . 2009-11-15 23:06 -------- d-----w- c:\program files\Jarte
2009-11-15 22:44 . 2009-11-15 22:44 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-15 21:15 . 2009-11-15 21:08 130250 ------w- c:\windows\hpoins36.dat
2009-11-15 21:12 . 2009-11-15 21:12 -------- d-----w- c:\program files\Common Files\HP
2009-11-12 21:41 . 2008-09-24 22:16 -------- d-----w- c:\program files\Yahoo!
2009-11-12 20:28 . 2009-11-12 20:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2009-11-12 19:46 . 2009-11-12 19:46 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\IObit
2009-11-12 19:46 . 2009-11-12 19:46 -------- d-----w- c:\program files\IObit
2009-11-12 01:09 . 2009-11-12 01:09 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\AVG8
2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\documents and settings\Karen.ATHLON\Application Data\Malwarebytes
2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 17:14 . 2009-11-11 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-10 03:22 . 2007-12-23 16:06 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-10 03:16 . 2009-11-10 03:16 -------- d-----w- c:\program files\CCleaner
2009-10-30 02:46 . 2009-10-30 02:46 -------- d-----w- c:\program files\MSXML 4.0
2009-10-29 07:45 . 2001-08-23 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 22:00 . 2009-10-28 22:00 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-28 22:00 . 2009-10-28 21:59 -------- d-----w- c:\program files\HP
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-23 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 19:57 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57 . 2001-08-23 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56 . 2001-08-23 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-02 19:03 . 2009-10-02 19:03 16286 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\cache\6.0\5\42c06805-1f909996-n\ShoddyHelper.dll
2009-07-25 15:51 . 2009-07-25 15:51 56 -csh--r- c:\windows\system32\5FAC356860.sys
2009-08-03 21:23 . 2009-07-25 15:51 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

 

[elocm]

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

 

[elocm]

Application failed to initialize 0x0000005 (3 parts)

Hi There,

I'm unable to load any new software without the above error, acrobat, quicktime, Itunes etc.... I have posted HJT and Combofix logs, please help if you can

Thanks

Mike

 

[Speedz213]

Hello elocm,

The tool that you ran which is ComboFix, is a really powerful tool that should not be used unless under supervision. While very effective in removing malware, it could hinder your computer useless if not used properly. Also, in the future, if the log is too big to post please split the log into two posts or more if required or you can always attach the log file. Please do not make a new topic for each part as it is quite confusing

Please do the following:

Please download the current version of HijackThis from HERE

• Double click and run the installer.
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
• After installing, you should get the user agreement, press accept and Hijack This will run.
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

 

[elocm]

btw.....thanks

 

[Bobbye]

Please ignore- I'm asking the moderator to merge all three of your threads.

 

[Bobbye]

Please uninstall Combofix:

Uninstall ComboFix.exe And all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Then I've asked the moderator to merge your 3 thread.- no further replies on this thread.

 

[Bobbye]

This thread is being merged. You don't need 3 thread running.

You have been instructed to uninstall Combofix:

Nothing you've said would indicate malware as first place to look for problem. However, if you have any reason to thing the cause of the problem (what is it?) is malware, then you will need to follow the steps HERE.

When through, attach all 3 logs for review in your next reply.

 

[Bobbye]

Hopefully you will understand the threads merged in to one. Please read my reply in Post #8.

 

[elocm]

logfiles

Here are the three log files.

View attachment 55108

View attachment 55109

View attachment 55112

 

[Bobbye]

Thank you. But where did you get this download? Logfile of Trend Micro HijackThis v2.0.3 (BETA)

I had this put in because some were finding the Beta version:
Step 7: Make sure you use the version on the link HERE (and NOT a BETA version)

Although I can't use this version to check for malware, I can tell you that you still have AVG entries. You may have tried to uninstall it but it wasn't complete. Please use the tool below:

AVG Removal: Note: You may have to reinstall AVG to uninstall it fully

Please remove this HijackThis log. Download and run the correct version and paste the new log into your next reply.

This is the problem you think may be malware related: Is this correct?

I'm unable to load any new software without the error Application failed to initialize 0x0000005, acrobat, quicktime, Itunes etc

You have Windows XP SP3 and are using IE8- is that correct?

I'd like you to check the Event Viewer for Error corresponding to the time you get this message:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Errors are time coded.
Screen shot of Event Viewer here: http://en.wikipedia.org/wiki/File:Windows_XP_Event_Viewer.png

If you have either or both of these programs installed, please remove them- they are Rogue Programs:
ErrorSmart
RegistryEasy