DaniWeb Forum Index > Hardware and Software > Microsoft Windows > Windows NT / 2000 / XP

Windows NT / 2000 / XP RSS

I keep getting an application error message that comes to most things i close.

Thread Solved

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

I keep getting an application error message that comes to most things i close.

Aug 4th, 2008

I am getting an error that sais: The instruction at "0x636e315e" refrenced memory at "0x00c6c0b0". The memory could not be "read".

Click on OK to terminate the program and a message like that comes 6 times for every time i close somthing.

I need help on fixing this error please help me.

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 4th, 2008

I'm guessing that you have some malware in your sys. Maybe you could give us a glimpse of some things...
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Deep, deep in the woods, but walking about.

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 4th, 2008

here is the combofix log

ComboFix 08-08-04.01 - Owner 2008-08-04 14:10:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\LBDDJXMD\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\LBDDJXMD\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\BMd3e981d3.txt
C:\WINDOWS\BMd3e981d3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\ntndis.exe
C:\WINDOWS\system32\drivers\ntndis.sys
C:\WINDOWS\system32\gdiwxp.dll
C:\WINDOWS\system32\icdnvjvp.dll
C:\WINDOWS\system32\logon16x.dll
C:\WINDOWS\system32\mmlogon.sys
C:\WINDOWS\system32\MSplg7.dll
C:\WINDOWS\system32\ntio256.sys
C:\WINDOWS\system32\omdtcjcj.dll
C:\WINDOWS\system32\rAJkknpo.ini
C:\WINDOWS\system32\rAJkknpo.ini2
C:\WINDOWS\system32\rsdapi.dll
C:\WINDOWS\system32\sefuydav.dll
C:\WINDOWS\system32\utonlpnj.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 05:01 . 2008-08-04 05:01 <DIR> d-------- C:\aa0019f0269a2bb7fa4d45
2008-08-04 05:00 . 2008-08-04 05:00 1,137 --a------ C:\WINDOWS\system32\msexcr.ini
2008-08-03 17:53 . 2008-08-03 17:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-01 05:30 . 2007-03-25 19:01 39,208 --a------ C:\WINDOWS\system32\drivers\amonlwlh.sys
2008-08-01 04:39 . 2008-08-04 04:25 5,947,903 --a------ C:\WINDOWS\system32\AhnSZds.szd
2008-08-01 04:39 . 2008-08-04 04:29 4,687,354 --a------ C:\WINDOWS\system32\AhnSZhs.szd
2008-08-01 04:39 . 2008-08-04 04:24 2,469,430 --a------ C:\WINDOWS\system32\AhnSZns.szd
2008-08-01 04:39 . 2008-08-04 05:34 1,484,032 --a------ C:\WINDOWS\system32\drivers\v3engine.sys
2008-08-01 04:39 . 2008-07-28 01:49 70,528 --a------ C:\WINDOWS\system32\drivers\AhnSZE.sys
2008-08-01 04:39 . 2007-03-19 20:28 24,667 --a------ C:\WINDOWS\system32\V3W32SE2.dll
2008-08-01 04:38 . 2008-08-01 04:40 <DIR> d-------- C:\Program Files\Common Files\AhnLab
2008-08-01 04:38 . 2008-08-01 04:39 <DIR> d-------- C:\Program Files\AhnLab
2008-08-01 04:38 . 2008-01-11 11:57 86,278 --a------ C:\WINDOWS\system32\drivers\AMonTDnt.sys
2008-08-01 04:38 . 2008-01-11 11:57 78,336 --a------ C:\WINDOWS\system32\drivers\AMonTDLH.sys
2008-08-01 04:38 . 2008-01-09 11:53 47,327 --a------ C:\WINDOWS\system32\drivers\AhnFltNt.sys
2008-08-01 04:38 . 2008-04-07 11:30 46,438 --a------ C:\WINDOWS\system32\drivers\AMonHKnt.sys
2008-08-01 04:38 . 2008-01-09 11:53 45,824 --a------ C:\WINDOWS\system32\drivers\AhnFlt2k.sys
2008-08-01 04:38 . 2008-01-09 11:54 28,672 --a------ C:\WINDOWS\system32\drivers\AhnRghNt.sys
2008-08-01 04:38 . 2007-03-19 20:08 13,696 --a------ C:\WINDOWS\system32\drivers\AhnRec2k.sys
2008-08-01 04:38 . 2007-03-19 20:08 13,599 --a------ C:\WINDOWS\system32\drivers\AhnRecNt.sys
2008-08-01 04:38 . 2007-10-01 10:39 12,893 --a------ C:\WINDOWS\system32\drivers\CdmDrvNT.sys
2008-08-01 04:36 . 2008-08-01 04:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-08-01 04:35 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-01 04:35 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-01 04:35 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-01 04:35 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-01 04:34 . 2008-08-04 02:35 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-01 04:34 . 2008-08-01 04:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-01 04:29 . 2008-08-01 04:30 <DIR> d-------- C:\Program Files\Google
2008-08-01 04:29 . 2008-08-04 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-01 04:18 . 2008-08-01 04:18 <DIR> d-------- C:\Program Files\PSTRUH
2008-07-31 21:35 . 2008-07-31 22:44 <DIR> d-------- C:\Program Files\Norton 360
2008-07-31 21:32 . 2008-07-31 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 21:25 . 2008-07-31 22:42 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 21:22 . 2008-07-31 22:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-27 13:12 . 2008-07-27 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-27 13:09 . 2008-07-27 13:09 <DIR> d-------- C:\Program Files\GALA-NET
2008-07-27 13:09 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-07-24 21:54 . 2008-07-25 01:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-07-24 21:54 . 2008-07-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-16 09:33 . 2008-07-16 09:33 <DIR> d-------- C:\Program Files\Red Kawa
2008-07-15 20:57 . 2008-07-15 20:57 <DIR> d-------- C:\ConverterOutput
2008-07-15 20:56 . 2008-07-15 20:56 <DIR> d-------- C:\Program Files\Cucusoft
2008-07-15 20:56 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-15 20:56 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-15 20:56 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-15 20:56 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-15 20:56 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-15 20:56 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-07-15 16:09 . 2008-07-15 16:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-15 00:40 . 2008-07-15 00:40 <DIR> d-------- C:\Program Files\Advanced Batch Converter
2008-07-14 13:44 . 2008-07-14 13:44 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-07-13 22:26 . 2008-07-13 22:26 <DIR> d-------- C:\WINDOWS\Sun
2008-07-12 20:27 . 2008-07-31 20:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-07-12 20:26 . 2008-07-12 20:27 <DIR> d-------- C:\Program Files\LimeWire
2008-07-12 15:34 . 2008-07-12 15:34 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-09 17:01 . 2008-07-09 21:08 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2008-07-08 14:22 . 2008-07-14 16:02 <DIR> d-------- C:\Fraps
2008-07-08 11:05 . 2008-07-08 11:05 336 --a------ C:\DVD.cue
2008-07-08 10:41 . 2008-07-08 10:41 <DIR> d-------- C:\Program Files\Smart Projects
2008-07-06 16:27 . 2008-07-06 16:27 <DIR> d--h----- C:\BJPrinter
2008-07-06 16:27 . 1998-10-30 00:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-06 16:27 . 2001-07-25 21:00 94,720 --a------ C:\WINDOWS\system32\CNMLM38.DLL
2008-07-06 16:27 . 2001-07-25 21:00 94,720 --a------ C:\WINDOWS\system32\CNMLM38(2).DLL
2008-07-06 16:27 . 2001-08-01 15:46 36,864 --a------ C:\WINDOWS\system32\CNMCP38.EXE
2008-07-06 16:27 . 2001-07-25 21:00 5,632 --a------ C:\WINDOWS\system32\CNMVS38.DLL
2008-07-06 16:27 . 2008-07-06 16:27 260 --a------ C:\WINDOWS\_delis32.ini
2008-07-06 16:24 . 2008-07-06 16:24 <DIR> d-------- C:\Program Files\uTorrent
2008-07-06 16:24 . 2008-07-31 22:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-06 16:11 . 2008-07-06 16:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:26 . 2008-07-06 12:26 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-06 11:47 . 2008-07-06 11:48 <DIR> d-------- C:\Program Files\BannedStory
2008-07-04 01:17 . 2008-07-04 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 21:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 05:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-07-31 19:45 --------- d-----w C:\Program Files\Xfire
2008-07-27 20:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 20:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 20:44 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-30 09:29 --------- d-----w C:\Program Files\Java
2008-06-30 09:26 --------- d-----w C:\Program Files\Common Files\Java
2008-06-29 20:02 --------- d-----w C:\Documents and Settings\Nevenka\Application Data\Gtek
2008-06-28 17:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-06-28 17:16 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-06-28 06:09 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-28 06:09 --------- d--h--w C:\Documents and Settings\Owner\Application Data\GTek
2008-06-28 06:09 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-06-28 05:30 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-26 01:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
.

------- Sigcheck -------

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-07-14 13:44 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-14 13:44 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-01 04:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 22:05 344064]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 10:32 405504]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 17:22 794713]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AhnLab Session Process"="C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2007-11-20 03:10 54862]
"AHNSD"="C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe" [2008-01-28 18:23 199368]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-07-15 16:09:02 3050832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\\Resources\\LogonUI\\playin-catch\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe

Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe

Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-11 11:57]
R2 AhnLab Application Service;AhnLab Application Service;C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe [2007-09-09 17:25]
R2 AhnLab Guarantee Service;AhnLab Guarantee Service;C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe [2007-11-22 10:56]
R2 AhnLab Information Service;AhnLab Information Service;C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe [2007-09-09 17:26]
R2 AhnLab Log Service;AhnLab Log Service;C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe [2007-08-10 10:55]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 18:23]
R2 AMonHKnt;AMonHKnt;C:\WINDOWS\system32\Drivers\AMonHKnt.sys [2008-04-07 11:30]
R3 AhnFlt2k;AhnFlt2k;C:\WINDOWS\system32\Drivers\AhnFlt2k.sys [2008-01-09 11:53]
R3 AhnRec2k;AhnRec2k;C:\WINDOWS\system32\Drivers\AhnRec2k.sys [2007-03-19 20:08]
R3 AhnRghNt;AhnRghNt;C:\WINDOWS\system32\Drivers\AhnRghNt.sys [2008-01-09 11:54]
R3 AhnSZE;AhnSZE;C:\WINDOWS\system32\drivers\AhnSZE.sys [2008-07-28 01:49]
R3 ASZFltNt;ASZFltNt;C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys [2008-01-09 12:10]
R3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-10-01 10:39]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]
R3 ISFWEnt;ISFWEnt;C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys [2008-01-09 12:10]
R3 ISIPSEnt;ISIPSEnt;C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys [2008-02-18 23:38]
R3 ISPIBEnt;ISPIBEnt;C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys [2007-10-05 11:42]
R3 ISPrxEnt;ISPrxEnt;C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys [2007-10-03 23:39]
R3 ISTrkEnt;ISTrkEnt;C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys [2007-03-19 20:28]
R3 v3engine;v3engine;C:\WINDOWS\system32\drivers\v3engine.sys [2008-08-04 05:34]
R3 V3Flt2K;V3Flt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys [2008-02-18 23:39]
R3 V3IFt2K;V3IFt2K;C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys [2008-01-09 12:11]
S3 ArfMonNt;ArfMonNt;C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys [2008-02-18 23:39]
S3 ATICDSDr;ATICDSDr;C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys [2005-12-02 02:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8dfecb6-c0e7-11db-a10c-806d6172696f}]
\Shell\AutoRun\command - E:\bit.exe -S "LTFT.bits"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-BMd3e981d3 - C:\WINDOWS\system32\sefuydav.dll
Notify-nnnkKcyy - nnnkKcyy.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://basilmarket.com/

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 14:14:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2008-08-04 14:17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 21:17:45

Pre-Run: 30,634,532,864 bytes free
Post-Run: 30,761,857,024 bytes free

242 --- E O F --- 2008-08-04 12:06:44

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 4th, 2008

here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\abcd\imabunny.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://basilmarket.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Log Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACALS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5824 bytes

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 4th, 2008

Ah, that was a nice cleanup.
Navigate to and drag this file into an open notepad:
C:\WINDOWS\_delis32.ini
- attach that notepad to your next post.
Delete these files:

C:\aa0019f0269a2bb7fa4d45
C:\WINDOWS\system32\msexcr.ini
C:\WINDOWS\_delis32.ini

Start hijackthis, open the Misc Tools section, choose the Open ADS Spy button, then uncheck Quick Scan box, and finally press Scan.
Please save and post the log file.

**When this is done with, go to the Symantec site, find the tool suited to the removal of your version of their AV, dl and run it.

Last edited by gerbil; Aug 4th, 2008 at 11:00 pm.

Deep, deep in the woods, but walking about.

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 5th, 2008

this is _delis32.ini

[file0]
main=C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_INS5576._MP
dir=C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR
exeostype=2
alt0=C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\ZDataI51.dll
alt1=C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_WUTL951.DLL

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 5th, 2008

this is the hijackthis log. question: was i supose to select all and remove secected because i didn't.

C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)
C:\Documents and Settings\Owner\Favorites\EUdict Rust English-Japanese dictionary Options.url : favicon (1406 bytes)
C:\Documents and Settings\Owner\Favorites\http--www.daniweb.com-forums-post662403.html#post662403.url : favicon (3128 bytes)
C:\Documents and Settings\Owner\Favorites\IP Address Locator - Enter an IP address to find its location - Lookup Country Region City etc.url : favicon (766 bytes)
C:\Documents and Settings\Owner\Favorites\Mininova The ultimate BitTorrent source!.url : favicon (318 bytes)
C:\Documents and Settings\Owner\Favorites\Search results for higurashi no naku koro ni kai sub - Mininova.url : favicon (318 bytes)
C:\Documents and Settings\Owner\Favorites\[download] Higurashi no Naku Koro ni - HongFire Anime Network.url : favicon (3638 bytes)

•

Join Date: Aug 2008

Posts: 16

Reputation: savo187 is an unknown quantity at this point

Solved Threads: 0

savo187

Offline

Newbie Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 5th, 2008

ran the norton removal tool

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: I keep getting an application error message that comes to most things i close.

Aug 5th, 2008

Last edited by gerbil; Aug 5th, 2008 at 7:32 am.

Deep, deep in the woods, but walking about.

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: I keep getting an application error message that comes to most things i close.

#10

Aug 5th, 2008

Good work. Okay, navigate to this directory:
C:\DOCUMENTS & SETTINGS\Owner\LOCAL SETTINGS \Temp\_ISTMP1.DIR\
Delete these 3 files, and then the directory _ISTMP1.DIR :

_INS5576._MP
ZDataI51.dll
_WUTL951.DLL

Only if the files prove difficult to find or delete, use this Killbox deletion tool:
==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

Help with Code Tags

(Toggle Plain Text)

C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_INS5576._MP
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\ZDataI51.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_WUTL951.DLL
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR

-in killbox, go File menu, choose Paste from clipboard.

Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" button.
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.

Good. Now run the ADS scan again and place checkmarks against these four for deletion:
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)

Repeat the ADS scan to see that they, or similarly named files, do not re-occur. And then please say how things are, now.

Deep, deep in the woods, but walking about.