Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper  (Read 10190 times)

0 Members and 1 Guest are viewing this topic.

jonnyD

    Topic Starter


    Intermediate

    Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
    « Reply #15 on: March 19, 2009, 01:19:41 PM »

    DDS (Ver_09-03-16.01) - NTFSx86 
    Run by user pc at 15:16:53.00 on Thu 03/19/2009
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.1056 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireTray.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    svchost.exe
    C:\Documents and Settings\user pc\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/puccini/start
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=localhost:7171
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [dll] rundll32 dll32,sm
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
    mRun: [McAfeeFireTray] c:\progra~1\networ~1\mcafee~1\Firetray.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175397160937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\userpc~1\applic~1\mozilla\firefox\profiles\y7jwtw3n.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
    FF - plugin: c:\documents and settings\user pc\application data\mozilla\firefox\profiles\y7jwtw3n.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp07100121.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-24 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-5 27656]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-24 107272]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-24 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-24 298264]
    S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2004-5-16 102463]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

    =============== Created Last 30 ================

    2009-03-19 15:15   <DIR>   --d-h---   c:\windows\PIF
    2009-03-19 14:26   <DIR>   --d-----   C:\ComboFix
    2009-03-19 00:45   <DIR>   --d-----   C:\cmdcons
    2009-03-18 19:09   410,984   a-------   c:\windows\system32\deploytk.dll
    2009-03-18 18:42   15,504   a-------   c:\windows\system32\drivers\mbam.sys
    2009-03-18 18:41   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-18 18:41   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
    2009-03-18 18:41   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-03-18 15:11   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
    2009-03-18 15:11   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
    2009-03-18 15:04   <DIR>   --d-----   c:\program files\CCleaner
    2009-03-17 15:50   116,224   ac------   c:\windows\system32\dllcache\xrxwiadr.dll
    2009-03-17 15:50   23,040   ac------   c:\windows\system32\dllcache\xrxwbtmp.dll
    2009-03-17 15:50   27,648   ac------   c:\windows\system32\dllcache\xrxftplt.exe
    2009-03-17 15:50   18,944   ac------   c:\windows\system32\dllcache\xrxscnui.dll
    2009-03-17 15:50   4,608   ac------   c:\windows\system32\dllcache\xrxflnch.exe
    2009-03-17 15:50   99,865   ac------   c:\windows\system32\dllcache\xlog.exe
    2009-03-17 15:50   16,970   ac------   c:\windows\system32\dllcache\xem336n5.sys
    2009-03-17 15:50   19,455   ac------   c:\windows\system32\dllcache\wvchntxx.sys
    2009-03-17 15:50   12,063   ac------   c:\windows\system32\dllcache\wsiintxx.sys
    2009-03-17 15:50   8,192   ac------   c:\windows\system32\dllcache\wshirda.dll
    2009-03-17 15:50   8,832   ac------   c:\windows\system32\dllcache\wmiacpi.sys
    2009-03-17 15:48   11,520   ac------   c:\windows\system32\dllcache\twotrack.sys
    2009-03-17 15:47   58,368   ac------   c:\windows\system32\dllcache\smiminib.sys
    2009-03-17 15:46   79,104   ac------   c:\windows\system32\dllcache\rocket.sys
    2009-03-17 15:45   61,696   ac------   c:\windows\system32\dllcache\ohci1394.sys
    2009-03-17 15:44   6,016   ac------   c:\windows\system32\dllcache\msfsio.sys
    2009-03-17 15:43   6,144   ac------   c:\windows\system32\dllcache\kbd106.dll
    2009-03-17 15:42   19,456   ac------   c:\windows\system32\dllcache\hr1w.dll
    2009-03-17 15:41   45,568   ac------   c:\windows\system32\dllcache\esunib.dll
    2009-03-17 15:40   49,792   ac------   c:\windows\system32\dllcache\cyzport.sys
    2009-03-17 15:33   13,824   ac------   c:\windows\system32\dllcache\bulltlp3.sys
    2009-03-17 15:32   342,336   ac------   c:\windows\system32\dllcache\banshee.dll
    2009-03-17 15:31   97,354   ac------   c:\windows\system32\dllcache\aspndis3.sys
    2009-03-17 15:30   762,780   ac------   c:\windows\system32\dllcache\3cwmcru.sys
    2009-03-17 15:30   689,216   ac------   c:\windows\system32\dllcache\3dfxvs.dll
    2009-03-17 15:30   53,376   ac------   c:\windows\system32\dllcache\1394bus.sys
    2009-03-17 15:30   11,264   ac------   c:\windows\system32\dllcache\1394vdbg.sys
    2009-03-17 15:30   66,048   ac------   c:\windows\system32\dllcache\s3legacy.dll

    ==================== Find3M  ====================

    2009-03-15 17:35   138,624   a-------   c:\windows\system32\drivers\PnkBstrK.sys
    2009-03-15 17:34   202,352   a-------   c:\windows\system32\PnkBstrB.exe
    2009-02-10 22:24   34   a-------   c:\documents and settings\user pc\jagex_runescape_preferences.dat
    2009-02-09 07:13   1,846,784   a-------   c:\windows\system32\win32k.sys
    2009-01-27 11:56   325,128   a-------   c:\windows\system32\drivers\avgldx86.sys
    2009-01-27 11:56   10,520   a-------   c:\windows\system32\avgrsstx.dll
    2009-01-27 11:55   107,272   a-------   c:\windows\system32\drivers\avgtdix.sys
    2009-01-24 17:59   0   a---h---   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2009-01-24 17:59   0   a---h---   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

    ============= FINISH: 15:17:26.68 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/31/2007 10:28:28 PM
    System Uptime: 3/19/2009 3:05:54 PM (0 hours ago)

    Motherboard:   |  | KM266-8235
    Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1990/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 32.746 GiB free.
    D: is FIXED (NTFS) - 75 GiB total, 33.606 GiB free.
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP311: 3/19/2009 2:26:58 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    7-Zip 4.53 beta
    Abexo Free Registry Cleaner
    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9
    Adobe Flash Player ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 7.1.0
    Adobe Shockwave Player
    Amazing Slow Downer (remove only)
    America's Army Deploy Client
    America's Army Server Manager
    America Online (Choose which version to remove)
    Any Video Converter 2.6.7
    Apple Software Update
    As Simple As Photoshop  5.2
    Audacity 1.2.6
    AVG Free 8.0
    Belarc Advisor 7.2
    BUM
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner (remove only)
    Creative Media Lite
    Creative ZEN Stone User's Guide
    DVD Decrypter (Remove Only)
    DVD Flick
    DVD Shrink 3.2
    DVDStyler v1.7.1
    EphPod
    Google Toolbar for Internet Explorer
    Google Video Player
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    hp LaserJet 1150 / 1300
    ImgBurn
    Improvisation
    iPod for Windows 2005-10-12
    iTunes
    Java(TM) 6 Update 12
    Java(TM) 6 Update 7
    KODAK EASYSHARE Gallery Easy Upload, v2.0
    Malwarebytes' Anti-Malware
    Mavis Beacon Teaches Typing 15
    McAfee Desktop Firewall 8.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Encarta Reference Library 2003
    Microsoft IntelliPoint 6.01
    Microsoft IntelliType Pro 6.01
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2000 SR-1 Premium
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 2000
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.7)
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Nero OEM
    NVIDIA Drivers
    PowerDVD
    QuickTime
    RealPlayer
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Shockwave
    SoulSeek 157 NS 13c
    SUPERAntiSpyware Free Edition
    Switch Uninstall
    TablEdit 2.64
    Tablet
    Torrent Harvester
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VIA Audio Driver Setup Program
    VIA Rhine-Family Fast-Ethernet Adapter
    Videora iPod Converter 0.91
    Viewpoint Media Player
    VLC media player 0.9.8a
    WebFldrs XP
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Windward Studios Page 2 Stage 1.02
    WinRAR archiver
    Yahoo! Customizations
    Yahoo! Internet Mail
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    3/14/2009 10:02:48 AM, error: Service Control Manager [7000]  - The My Web Search Service service failed to start due to the following error:  The system cannot find the path specified.
    3/15/2009 11:38:47 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the TabletService service.
    3/17/2009 12:21:04 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'pp03.exe' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
    3/17/2009 4:09:14 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    3/18/2009 7:04:40 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  viaagp
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The TabletService service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The PnkBstrB service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The CT Device Query service service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The AVG Free8 E-mail Scanner service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7034]  - The McAfee Desktop Firewall Service service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:00 AM, error: Service Control Manager [7031]  - The AVG Free8 WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/19/2009 11:37:01 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
    3/19/2009 11:37:01 AM, error: Service Control Manager [7034]  - The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).
    3/17/2009 3:29:19 PM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.
    3/17/2009 3:32:53 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\inetsrv\authfilt.dll could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:33:15 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\big5.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:35:02 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_1047.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:35:07 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_1140.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:35:10 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_1141.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:35:13 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_1142.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:35:16 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_1143.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:36:58 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_20108.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:37:01 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_20269.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:37:34 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_20273.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:37:43 PM, information: Windows File Protection [64021]  - The system file c:\windows\system32\c_20277.nls could not be copied into the DLL cache.  The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    3/17/2009 3:50:46 PM, information: Windows File Protection [64017]  - Windows File Protection file scan completed successfully.
    3/18/2009 10:22:50 AM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

    ==== End Of File ===========================
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
    « Reply #16 on: March 19, 2009, 01:44:47 PM »
    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note:  It is important that it is saved directly to your Desktop

    DO NOT run it yet!

    Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

    Delete these files/folders, as follows:

    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

    Code: [Select]
    KillAll::

    DDS::
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [dll] rundll32 dll32,sm
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000

    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

    Upon restart the error should not happen again.

    ----------

    Go to Add or Remove Programs and uninstall:
    • Java(TM) 6 Update 7
    Logged

    jonnyD

      Topic Starter


      Intermediate

      Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
      « Reply #17 on: March 19, 2009, 04:24:28 PM »
      ComboFix 09-03-18.01 - user pc 2009-03-19 18:12:52.4 - NTFSx86
      Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.1083 [GMT -4:00]
      Running from: c:\documents and settings\user pc\Desktop\ComboFix.exe
      Command switches used :: c:\documents and settings\user pc\Desktop\CFScript..txt
      AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
       * Created a new restore point
      .

      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\user pc\Desktop\notepad.exe

      .
      (((((((((((((((((((((((((   Files Created from 2009-02-19 to 2009-03-19  )))))))))))))))))))))))))))))))
      .

      2009-03-19 15:15 . 2009-03-19 15:15   <DIR>   d--h-----   c:\windows\PIF
      2009-03-18 19:09 . 2009-03-18 19:09   410,984   --a------   c:\windows\system32\deploytk.dll
      2009-03-18 18:42 . 2009-03-18 18:42   <DIR>   d--------   c:\documents and settings\Becky\Application Data\Malwarebytes
      2009-03-18 18:42 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
      2009-03-18 18:41 . 2009-03-18 18:42   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
      2009-03-18 18:41 . 2009-03-18 18:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-03-18 18:41 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
      2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\program files\SUPERAntiSpyware
      2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
      2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
      2009-03-18 15:04 . 2009-03-18 15:04   <DIR>   d--------   c:\program files\CCleaner
      2009-03-17 15:50 . 2008-04-13 20:12   116,224   --a--c---   c:\windows\system32\dllcache\xrxwiadr.dll
      2009-03-17 15:50 . 2001-08-17 22:37   99,865   --a--c---   c:\windows\system32\dllcache\xlog.exe
      2009-03-17 15:50 . 2001-08-17 22:37   27,648   --a--c---   c:\windows\system32\dllcache\xrxftplt.exe
      2009-03-17 15:50 . 2001-08-17 22:36   23,040   --a--c---   c:\windows\system32\dllcache\xrxwbtmp.dll
      2009-03-17 15:50 . 2004-08-03 22:29   19,455   --a--c---   c:\windows\system32\dllcache\wvchntxx.sys
      2009-03-17 15:50 . 2008-04-13 20:12   18,944   --a--c---   c:\windows\system32\dllcache\xrxscnui.dll
      2009-03-17 15:50 . 2001-08-17 12:11   16,970   --a--c---   c:\windows\system32\dllcache\xem336n5.sys
      2009-03-17 15:50 . 2004-08-03 22:29   12,063   --a--c---   c:\windows\system32\dllcache\wsiintxx.sys
      2009-03-17 15:50 . 2008-04-13 14:36   8,832   --a--c---   c:\windows\system32\dllcache\wmiacpi.sys
      2009-03-17 15:50 . 2008-04-13 20:12   8,192   --a--c---   c:\windows\system32\dllcache\wshirda.dll
      2009-03-17 15:50 . 2001-08-17 22:37   4,608   --a--c---   c:\windows\system32\dllcache\xrxflnch.exe
      2009-03-17 15:48 . 2001-08-17 22:36   525,568   --a--c---   c:\windows\system32\dllcache\tridxp.dll
      2009-03-17 15:47 . 2001-08-17 22:36   495,616   --a--c---   c:\windows\system32\dllcache\sblfx.dll
      2009-03-17 15:46 . 2001-08-17 13:28   899,146   --a--c---   c:\windows\system32\dllcache\r2mdkxga.sys
      2009-03-17 15:45 . 2001-08-17 12:50   198,144   --a--c---   c:\windows\system32\dllcache\nv3.sys
      2009-03-17 15:44 . 2001-08-17 13:28   802,683   --a--c---   c:\windows\system32\dllcache\ltsm.sys
      2009-03-17 15:43 . 2008-04-13 20:11   702,845   --a--c---   c:\windows\system32\dllcache\i81xdnt5.dll
      2009-03-17 15:42 . 2001-08-17 14:56   1,733,120   --a--c---   c:\windows\system32\dllcache\g400d.dll
      2009-03-17 15:41 . 2001-08-17 12:14   952,007   --a--c---   c:\windows\system32\dllcache\diwan.sys
      2009-03-17 15:40 . 2001-08-17 12:13   980,034   --a--c---   c:\windows\system32\dllcache\cicap.sys
      2009-03-17 15:33 . 2001-08-17 13:28   871,388   --a--c---   c:\windows\system32\dllcache\bcmdm.sys
      2009-03-17 15:32 . 2001-08-17 14:55   382,592   --a--c---   c:\windows\system32\dllcache\atidrab.dll
      2009-03-17 15:31 . 2001-08-17 12:19   747,392   --a--c---   c:\windows\system32\dllcache\adm8830.sys
      2009-03-17 15:30 . 2001-08-17 13:28   762,780   --a--c---   c:\windows\system32\dllcache\3cwmcru.sys
      2009-03-17 15:30 . 2001-08-17 14:55   689,216   --a--c---   c:\windows\system32\dllcache\3dfxvs.dll
      2009-03-17 15:30 . 2001-08-17 14:56   66,048   --a--c---   c:\windows\system32\dllcache\s3legacy.dll
      2009-03-17 15:30 . 2008-04-13 14:46   53,376   --a--c---   c:\windows\system32\dllcache\1394bus.sys
      2009-03-17 15:30 . 2001-08-17 14:06   11,264   --a--c---   c:\windows\system32\dllcache\1394vdbg.sys
      2009-03-11 21:16 . 2009-03-11 21:16   <DIR>   d--------   c:\documents and settings\David\Application Data\AVGTOOLBAR

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-19 22:18   ---------   d-----w   c:\documents and settings\user pc\Application Data\WTablet
      2009-03-18 23:12   ---------   d-----w   c:\program files\Java
      2009-03-18 19:00   ---------   d-----w   c:\program files\Lavasoft
      2009-03-18 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
      2009-03-17 16:21   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
      2009-03-17 09:26   ---------   d-----w   c:\documents and settings\user pc\Application Data\uTorrent
      2009-03-15 21:35   138,624   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
      2009-03-15 04:15   ---------   d-----w   c:\documents and settings\user pc\Application Data\DVD Flick
      2009-03-15 01:38   ---------   d-----w   c:\documents and settings\user pc\Application Data\dvdcss
      2009-03-07 17:20   ---------   d-----w   c:\program files\Ahead
      2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\ZoomBrowser EX
      2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\CameraWindowDC
      2009-02-25 15:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\AVGTOOLBAR
      2009-02-12 16:12   ---------   d-----w   c:\program files\Google
      2009-02-11 02:24   34   ----a-w   c:\documents and settings\user pc\jagex_runescape_preferences.dat
      2009-02-10 04:35   ---------   d-----w   c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
      2009-02-10 04:19   ---------   d-----w   c:\documents and settings\Leanne\Application Data\vlc
      2009-02-09 03:08   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Apple Computer
      2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\WTablet
      2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Network Associates
      2009-02-09 02:42   ---------   d-----w   c:\documents and settings\Becky\Application Data\AVGTOOLBAR
      2009-02-09 02:38   ---------   d-----w   c:\documents and settings\Becky\Application Data\vlc
      2009-02-05 18:37   ---------   d-----w   c:\documents and settings\user pc\Application Data\vlc
      2009-02-05 18:16   ---------   d-----w   c:\program files\VideoLAN
      2009-02-03 19:16   ---------   d-----w   c:\program files\Improvisation
      2009-01-27 15:56   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
      2009-01-27 15:55   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
      2009-01-25 05:54   ---------   d-----w   c:\documents and settings\user pc\Application Data\Any Video Converter
      2009-01-24 22:06   ---------   d-----w   c:\program files\AVG
      2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
      2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
      2009-01-24 20:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\nView_Profiles
      2008-09-27 02:22   24   ----a-w   c:\documents and settings\David\jagex_runescape_preferences.dat
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
      "McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
      "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
      "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
      "NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
      backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
      backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
      backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
      backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
      backup=c:\windows\pss\Personal Coach.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
      --a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
      R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
      R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
      R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
      S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
      .
      Contents of the 'Scheduled Tasks' folder

      2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

      2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
      - c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

      2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
      - c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.aol.com/puccini/start
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      mDefault_Search_URL = hxxp://www.google.com/ie
      uInternet Settings,ProxyOverride = *.local;<local>
      uInternet Settings,ProxyServer = http=localhost:7171
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      FF - ProfilePath - c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
      FF - prefs.js: browser.search.selectedEngine - AIM Search
      FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
      FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
      FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
      FF - plugin: c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-19 18:18:11
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ... 

      scanning hidden autostart entries ...

      scanning hidden files ... 

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
      @Allowed: (Read) (RestrictedCode)
      @Allowed: (Read) (RestrictedCode)

      [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
      @DACL=(02 0000)
      @="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(648)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\CTSVCCDA.EXE
      c:\program files\Creative\Shared Files\CTDevSrv.exe
      c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\nvsvc32.exe
      c:\windows\system32\PnkBstrA.exe
      c:\windows\system32\PnkBstrB.exe
      c:\program files\AVG\AVG8\avgrsx.exe
      c:\progra~1\AVG\AVG8\avgnsx.exe
      c:\windows\system32\Tablet.exe
      c:\windows\wanmpsvc.exe
      c:\windows\system32\WTablet\TabUserW.exe
      c:\windows\system32\Tablet.exe
      c:\windows\system32\rundll32.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\Canon\CAL\CALMAIN.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Completion time: 2009-03-19 18:22:01 - machine was rebooted
      ComboFix-quarantined-files.txt  2009-03-19 22:21:13
      ComboFix2.txt  2009-03-19 18:17:07

      Pre-Run: 35,068,616,704 bytes free
      Post-Run: 35,049,369,600 bytes free

      Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
      245   --- E O F ---   2009-03-13 22:12:01
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
      « Reply #18 on: March 19, 2009, 04:41:03 PM »
      Are you still getting the dll error?

      Delete these files/folders, as follows:

      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]
      KillAll::

      RegLock::
      [-HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]

      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
      Logged

      jonnyD

        Topic Starter


        Intermediate

        Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
        « Reply #19 on: March 20, 2009, 08:21:21 AM »
        The dll error message has not been appearing now when I start up.  Thank you very much.  What was it's cause?

        ComboFix 09-03-19.01 - user pc 2009-03-20  9:58:33.5 - NTFSx86
        Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.1066 [GMT -4:00]
        Running from: c:\documents and settings\user pc\Desktop\ComboFix.exe
        Command switches used :: c:\documents and settings\user pc\Desktop\CFScript.txt
        AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
         * Created a new restore point
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\documents and settings\user pc\Desktop\notepad.exe

        .
        (((((((((((((((((((((((((   Files Created from 2009-02-20 to 2009-03-20  )))))))))))))))))))))))))))))))
        .

        2009-03-19 15:15 . 2009-03-19 15:15   <DIR>   d--h-----   c:\windows\PIF
        2009-03-18 19:09 . 2009-03-18 19:09   410,984   --a------   c:\windows\system32\deploytk.dll
        2009-03-18 18:42 . 2009-03-18 18:42   <DIR>   d--------   c:\documents and settings\Becky\Application Data\Malwarebytes
        2009-03-18 18:42 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
        2009-03-18 18:41 . 2009-03-18 18:42   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
        2009-03-18 18:41 . 2009-03-18 18:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
        2009-03-18 18:41 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
        2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\program files\SUPERAntiSpyware
        2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
        2009-03-18 15:11 . 2009-03-18 15:11   <DIR>   d--------   c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
        2009-03-18 15:04 . 2009-03-18 15:04   <DIR>   d--------   c:\program files\CCleaner
        2009-03-17 15:50 . 2008-04-13 20:12   116,224   --a--c---   c:\windows\system32\dllcache\xrxwiadr.dll
        2009-03-17 15:50 . 2001-08-17 22:37   99,865   --a--c---   c:\windows\system32\dllcache\xlog.exe
        2009-03-17 15:50 . 2001-08-17 22:37   27,648   --a--c---   c:\windows\system32\dllcache\xrxftplt.exe
        2009-03-17 15:50 . 2001-08-17 22:36   23,040   --a--c---   c:\windows\system32\dllcache\xrxwbtmp.dll
        2009-03-17 15:50 . 2004-08-03 22:29   19,455   --a--c---   c:\windows\system32\dllcache\wvchntxx.sys
        2009-03-17 15:50 . 2008-04-13 20:12   18,944   --a--c---   c:\windows\system32\dllcache\xrxscnui.dll
        2009-03-17 15:50 . 2001-08-17 12:11   16,970   --a--c---   c:\windows\system32\dllcache\xem336n5.sys
        2009-03-17 15:50 . 2004-08-03 22:29   12,063   --a--c---   c:\windows\system32\dllcache\wsiintxx.sys
        2009-03-17 15:50 . 2008-04-13 14:36   8,832   --a--c---   c:\windows\system32\dllcache\wmiacpi.sys
        2009-03-17 15:50 . 2008-04-13 20:12   8,192   --a--c---   c:\windows\system32\dllcache\wshirda.dll
        2009-03-17 15:50 . 2001-08-17 22:37   4,608   --a--c---   c:\windows\system32\dllcache\xrxflnch.exe
        2009-03-17 15:48 . 2001-08-17 22:36   525,568   --a--c---   c:\windows\system32\dllcache\tridxp.dll
        2009-03-17 15:47 . 2001-08-17 22:36   495,616   --a--c---   c:\windows\system32\dllcache\sblfx.dll
        2009-03-17 15:46 . 2001-08-17 13:28   899,146   --a--c---   c:\windows\system32\dllcache\r2mdkxga.sys
        2009-03-17 15:45 . 2001-08-17 12:50   198,144   --a--c---   c:\windows\system32\dllcache\nv3.sys
        2009-03-17 15:44 . 2001-08-17 13:28   802,683   --a--c---   c:\windows\system32\dllcache\ltsm.sys
        2009-03-17 15:43 . 2008-04-13 20:11   702,845   --a--c---   c:\windows\system32\dllcache\i81xdnt5.dll
        2009-03-17 15:42 . 2001-08-17 14:56   1,733,120   --a--c---   c:\windows\system32\dllcache\g400d.dll
        2009-03-17 15:41 . 2001-08-17 12:14   952,007   --a--c---   c:\windows\system32\dllcache\diwan.sys
        2009-03-17 15:40 . 2001-08-17 12:13   980,034   --a--c---   c:\windows\system32\dllcache\cicap.sys
        2009-03-17 15:33 . 2001-08-17 13:28   871,388   --a--c---   c:\windows\system32\dllcache\bcmdm.sys
        2009-03-17 15:32 . 2001-08-17 14:55   382,592   --a--c---   c:\windows\system32\dllcache\atidrab.dll
        2009-03-17 15:31 . 2001-08-17 12:19   747,392   --a--c---   c:\windows\system32\dllcache\adm8830.sys
        2009-03-17 15:30 . 2001-08-17 13:28   762,780   --a--c---   c:\windows\system32\dllcache\3cwmcru.sys
        2009-03-17 15:30 . 2001-08-17 14:55   689,216   --a--c---   c:\windows\system32\dllcache\3dfxvs.dll
        2009-03-17 15:30 . 2001-08-17 14:56   66,048   --a--c---   c:\windows\system32\dllcache\s3legacy.dll
        2009-03-17 15:30 . 2008-04-13 14:46   53,376   --a--c---   c:\windows\system32\dllcache\1394bus.sys
        2009-03-17 15:30 . 2001-08-17 14:06   11,264   --a--c---   c:\windows\system32\dllcache\1394vdbg.sys
        2009-03-11 21:16 . 2009-03-11 21:16   <DIR>   d--------   c:\documents and settings\David\Application Data\AVGTOOLBAR

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-03-20 14:05   ---------   d-----w   c:\documents and settings\user pc\Application Data\WTablet
        2009-03-18 23:12   ---------   d-----w   c:\program files\Java
        2009-03-18 19:00   ---------   d-----w   c:\program files\Lavasoft
        2009-03-18 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
        2009-03-17 16:21   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
        2009-03-17 09:26   ---------   d-----w   c:\documents and settings\user pc\Application Data\uTorrent
        2009-03-15 21:35   138,624   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
        2009-03-15 04:15   ---------   d-----w   c:\documents and settings\user pc\Application Data\DVD Flick
        2009-03-15 01:38   ---------   d-----w   c:\documents and settings\user pc\Application Data\dvdcss
        2009-03-07 17:20   ---------   d-----w   c:\program files\Ahead
        2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\ZoomBrowser EX
        2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\CameraWindowDC
        2009-02-25 15:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\AVGTOOLBAR
        2009-02-12 16:12   ---------   d-----w   c:\program files\Google
        2009-02-11 02:24   34   ----a-w   c:\documents and settings\user pc\jagex_runescape_preferences.dat
        2009-02-10 04:35   ---------   d-----w   c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
        2009-02-10 04:19   ---------   d-----w   c:\documents and settings\Leanne\Application Data\vlc
        2009-02-09 03:08   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Apple Computer
        2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\WTablet
        2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Network Associates
        2009-02-09 02:42   ---------   d-----w   c:\documents and settings\Becky\Application Data\AVGTOOLBAR
        2009-02-09 02:38   ---------   d-----w   c:\documents and settings\Becky\Application Data\vlc
        2009-02-05 18:37   ---------   d-----w   c:\documents and settings\user pc\Application Data\vlc
        2009-02-05 18:16   ---------   d-----w   c:\program files\VideoLAN
        2009-02-03 19:16   ---------   d-----w   c:\program files\Improvisation
        2009-01-27 15:56   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
        2009-01-27 15:55   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
        2009-01-25 05:54   ---------   d-----w   c:\documents and settings\user pc\Application Data\Any Video Converter
        2009-01-24 22:06   ---------   d-----w   c:\program files\AVG
        2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
        2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
        2009-01-24 20:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\nView_Profiles
        2008-09-27 02:22   24   ----a-w   c:\documents and settings\David\jagex_runescape_preferences.dat
        .

        (((((((((((((((((((((((((((((   SnapShot@2009-03-19_18.20.12.31   )))))))))))))))))))))))))))))))))))))))))
        .
        + 2009-03-20 14:02:59   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_61c.dat
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
        "McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
        "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
        "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
        "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
        "NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
        2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
        backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
        backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
        backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
        backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
        backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
        path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
        backup=c:\windows\pss\Personal Coach.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
        --a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
        --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
        --a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
        --a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusOverride"=dword:00000001
        "FirewallOverride"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\uTorrent\\uTorrent.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=

        R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
        R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
        R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
        R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
        .
        Contents of the 'Scheduled Tasks' folder

        2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
        - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

        2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
        - c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

        2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
        - c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.aol.com/puccini/start
        uSearch Page = hxxp://www.google.com
        uSearch Bar = hxxp://www.google.com/ie
        uInternet Settings,ProxyOverride = *.local;<local>
        uInternet Settings,ProxyServer = http=localhost:7171
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
        DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
        FF - ProfilePath - c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
        FF - prefs.js: browser.search.selectedEngine - AIM Search
        FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
        FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
        FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
        FF - plugin: c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
        .

        **************************************************************************

        catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-03-20 10:07:35
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------

        [HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
        @Allowed: (Read) (RestrictedCode)
        @Allowed: (Read) (RestrictedCode)
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(648)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\system32\CTSVCCDA.EXE
        c:\program files\Creative\Shared Files\CTDevSrv.exe
        c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\windows\system32\nvsvc32.exe
        c:\windows\system32\PnkBstrA.exe
        c:\program files\AVG\AVG8\avgrsx.exe
        c:\windows\system32\PnkBstrB.exe
        c:\progra~1\AVG\AVG8\avgnsx.exe
        c:\windows\system32\Tablet.exe
        c:\windows\wanmpsvc.exe
        c:\program files\AVG\AVG8\avgcsrvx.exe
        c:\program files\Canon\CAL\CALMAIN.exe
        c:\windows\system32\WTablet\TabUserW.exe
        c:\windows\system32\Tablet.exe
        c:\windows\system32\rundll32.exe
        c:\program files\iPod\bin\iPodService.exe
        .
        **************************************************************************
        .
        Completion time: 2009-03-20 10:10:52 - machine was rebooted
        ComboFix-quarantined-files.txt  2009-03-20 14:10:14
        ComboFix2.txt  2009-03-19 22:22:06
        ComboFix3.txt  2009-03-19 18:17:07

        Pre-Run: 34,987,728,896 bytes free
        Post-Run: 34,974,998,528 bytes free

        Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
        244   --- E O F ---   2009-03-13 22:12:01
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper
        « Reply #20 on: March 20, 2009, 12:27:07 PM »
        The cause was this: uRun: [dll] rundll32 dll32,sm. It is part of the adware that wasn't completely removed so was causing the error.

        • Click START then RUN
        • Now type Combofix /u in the runbox
        • Make sure there's a space between Combofix and /u
        • Then hit Enter.
        .
        .
        The above procedure will:
        • Delete:
          • ComboFix and its associated files and folders.
          • VundoFix backups, if present
          • The C:\Deckard folder, if present
          • The C:_OtMoveIt folder, if present
          • Reset the clock settings.
          • Hide file extensions, if required.
          • Hide System/Hidden files, if required.
          • Set a new, clean Restore Point.
          .
          ----------

          Use the Secunia Software Inspector to check for out of date software.
          • Click Start Now
          • Check the box next to Enable thorough system inspection.
          • Click Start
          • Allow the scan to finish and scroll down to see if any updates are needed.
          • Update anything listed.
          .
          ----------

          Go to Microsoft Windows Update and get all critical updates.

          ----------

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see here

          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
          Logged
          Pages: 1 [2]  All   Go Up
          « previous next »