Forum Home
Press F1
Thread ID: 98402	2009-03-24 00:23:00	HiJackThis log	Driftwood (5551)	Press F1

Post ID	Timestamp	Content	User
758850	2009-03-24 06:10:00	Install SP3, thats if its not a pre-made system (Dell/HP). Get the vbs file here (msinfluentials.com) Click on the link wrote a small tool. Then run it first, then install SP3	Speedy Gonzales (78)
758851	2009-03-24 06:22:00	Well sp2 didn't help. Event viewer. Now are you refering to the error that comes in event viewer when I try to start Outlook Express.	Driftwood (5551)
758852	2009-03-24 06:24:00	Any error (about the time that error appears). There maybe more than 1 error	Speedy Gonzales (78)
758853	2009-03-24 06:34:00	Well the only errors are under system. Nothing happens when I click on the icon under the down arrow but the description reads. "The At44.job command failedto start due to the following error. General access denied error" I'll try the sp3 thing after tea. Thanks	Driftwood (5551)
758854	2009-03-24 06:55:00	When you click on the icon under the down arrow, it copies the text (you wont see anything). All you have to do, is paste it Mm not too sure what at44.job is, but some entries in google say its some kind of malware	Speedy Gonzales (78)
758855	2009-03-24 07:04:00	Download Combofix from here, and run it download.bleepingcomputer.com Follow tutorial here www.bleepingcomputer.com You may have some deep infections. After that run Dial a Fix to fix your windows update problem www.softpedia.com Blam	Blam (54)
758856	2009-03-24 07:21:00	Right 1st things 1st, here is the error. Event Type: Error Event Source: Schedule Event Category: None Event ID: 7901 Date: 24/03/2009 Time: 19:00:00 User: N/A Computer: PAUL-KI3MUPLWOO Description: The At44.job command failed to start due to the following error: General access denied error For more information, see Help and Support Center at go.microsoft.com	Driftwood (5551)
758857	2009-03-24 08:09:00	Well now, I downloaded the Combofix & followed the tutorial almost to the letter (there was still 1 reference to avg in the processes list on task manager which didn't want to end) Ran the program but didnt seem to change anything . It did quarantine 6 files & made a log . Here it is if it's any help: ComboFix 09-03-22 . 01 - Paul 2009-03-24 20:33:37 . 1 - NTFSx86 Microsoft Windows XP Home Edition 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 751 . 490 [GMT 13:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix . exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users . WINXP\Application Data\Solt Lake Software c:\documents and settings\All Users . WINXP\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081222120216781 . log . ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))) . 2009-03-24 18:50 . 2004-07-17 11:40 19,528 --a------ c:\winxp\000001_ . tmp 2009-03-24 18:01 . 2009-03-24 18:01 <DIR> d-------- c:\documents and settings\Administrator 2009-03-24 13:02 . 2009-03-24 13:15 1,374 --a------ c:\winxp\imsins . BAK 2009-03-24 11:17 . 2001-08-17 13:28 771,581 --a--c--- c:\winxp\system32\dllcache\winacisa . sys 2009-03-24 11:16 . 2001-08-17 13:28 794,654 --a--c--- c:\winxp\system32\dllcache\usr1801 . sys 2009-03-24 11:15 . 2001-08-17 22:36 495,616 --a--c--- c:\winxp\system32\dllcache\sblfx . dll 2009-03-24 11:14 . 2001-08-17 13:28 899,146 --a--c--- c:\winxp\system32\dllcache\r2mdkxga . sys 2009-03-24 11:13 . 2001-08-17 13:28 802,683 --a--c--- c:\winxp\system32\dllcache\ltsm . sys 2009-03-24 11:12 . 2001-08-17 22:36 372,824 --a--c--- c:\winxp\system32\dllcache\iconf32 . dll 2009-03-24 11:11 . 2001-08-17 14:56 1,733,120 --a--c--- c:\winxp\system32\dllcache\g400d . dll 2009-03-24 11:10 . 2001-08-17 12:14 952,007 --a--c--- c:\winxp\system32\dllcache\diwan . sys 2009-03-24 11:09 . 2001-08-17 12:13 980,034 --a--c--- c:\winxp\system32\dllcache\cicap . sys 2009-03-24 11:08 . 2001-08-17 13:28 871,388 --a--c--- c:\winxp\system32\dllcache\bcmdm . sys 2009-03-24 11:07 . 2001-08-17 13:28 762,780 --a--c--- c:\winxp\system32\dllcache\3cwmcru . sys 2009-03-24 11:07 . 2001-08-17 14:55 689,216 --a--c--- c:\winxp\system32\dllcache\3dfxvs . dll 2009-03-24 11:07 . 2001-08-17 12:48 148,352 --a--c--- c:\winxp\system32\dllcache\3dfxvsm . sys 2009-03-24 11:07 . 2001-08-17 14:56 66,048 --a--c--- c:\winxp\system32\dllcache\s3legacy . dll 2009-03-24 11:07 . 2008-04-14 00:16 48,128 --a--c--- c:\winxp\system32\dllcache\61883 . sys 2009-03-24 11:07 . 2001-08-17 14:55 38,400 --a--c--- c:\winxp\system32\dllcache\8514a . dll 2009-03-24 11:07 . 2008-04-14 00:10 12,288 --a--c--- c:\winxp\system32\dllcache\4mmdat . sys 2009-03-24 11:07 . 2001-08-17 14:06 11,264 --a--c--- c:\winxp\system32\dllcache\1394vdbg . sys 2009-03-24 09:40 . 2009-03-24 09:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-24 09:40 . 2009-03-24 09:40 <DIR> d-------- c:\documents and settings\Paul\Application Data\Malwarebytes 2009-03-24 09:40 . 2009-03-24 09:40 <DIR> d-------- c:\documents and settings\All Users . WINXP\Application Data\Malwarebytes 2009-03-24 09:40 . 2009-02-11 10:19 38,496 --a------ c:\winxp\system32\drivers\mbamswissarmy . sys 2009-03-24 09:40 . 2009-02-11 10:19 15,504 --a------ c:\winxp\system32\drivers\mbam . sys 2009-03-23 16:27 . 2009-03-23 16:27 <DIR> d--hs---- C:\found . 000 2009-03-23 14:35 . 2009-03-23 14:35 <DIR> d--hs---- C:\$RECYCLE . BIN 2009-03-12 23:41 . 2004-08-04 12:56 221,184 --a------ c:\winxp\system32\wmpns . dll 2009-02-25 23:09 . 2009-02-25 23:09 396,032 --a------ c:\winxp\system32\drivers\hcw88vid . sys 2009-02-25 23:09 . 2009-02-25 23:09 320,512 --a------ c:\winxp\system32\drivers\hcw88tse . sys 2009-02-25 23:09 . 2009-02-25 23:09 134,144 --a------ c:\winxp\system32\drivers\hcw88prx . ax 2009-02-25 23:09 . 2009-02-25 23:09 75,904 --a------ c:\winxp\system32\drivers\hcw88tun . sys 2009-02-25 23:09 . 2009-02-25 23:09 17,792 --a------ c:\winxp\system32\drivers\hcw88bar . sys 2009-02-25 23:09 . 2009-02-25 23:09 12,288 --a------ c:\winxp\system32\drivers\hcw88rc5 . sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-03-23 22:55 325,640 ----a-w c:\winxp\system32\drivers\avgldx86 . sys 2009-03-23 22:55 107,912 ----a-w c:\winxp\system32\drivers\avgtdix . sys 2009-03-23 22:55 10,520 ----a-w c:\winxp\system32\avgrsstx . dll 2009-03-23 22:54 --------- d-----w c:\documents and settings\All Users . WINXP\Application Data\avg8 2009-03-23 21:32 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-23 19:46 --------- d-----w c:\program files\AVG 2009-03-23 04:29 --------- d-----w c:\program files\Google 2009-03-12 08:30 --------- d-----w c:\documents and settings\All Users . WINXP\Application Data\Spybot - Search & Destroy 2009-02-22 05:37 --------- d-----w c:\documents and settings\Paul\Application Data\uTorrent 2009-02-22 05:33 --------- d-----w c:\documents and settings\Paul\Application Data\mp3rocket 2009-02-21 12:24 --------- d-----w c:\documents and settings\Paul\Application Data\Azureus 2009-02-21 06:04 --------- d-----w c:\program files\MP3 Rocket 2009-02-01 02:29 --------- d-----w c:\program files\Vuze 2009-01-25 08:32 --------- d-----w c:\documents and settings\Paul\Application Data\FUJIFILM 2009-01-09 08:36 499,712 ----a-w c:\winxp\system32\msvcp71 . dll 2009-01-09 08:36 348,160 ----a-w c:\winxp\system32\msvcr71 . dll 2001-11-23 04:08 712,704 ----a-w c:\winxp\inf\OTHER\AUDIO3D . DLL 2008-04-18 05:03 67,696 ----a-w c:\program files\mozilla firefox\components\jar50 . dll 2008-04-18 05:03 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250 . dll 2008-04-18 05:03 34,952 ----a-w c:\program files\mozilla firefox\components\myspell . dll 2008-04-18 05:03 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk . dll 2008-04-18 05:03 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal . dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon . exe"="c:\winxp\system32\ctfmon . exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-24 11:55 10520 c:\winxp\system32\avgrsstx . dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\winxp\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8 . 0\Reader\reader_sl . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2009-03-24 11:54 1932568 c:\progra~1\AVG\AVG8\avgtray . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:21 1694208 c:\program files\Messenger\msmsgs . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2009-01-09 21:35 185872 c:\program files\Common Files\Real\Update_OB\realsched . exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd . exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc . exe"= R0 viasraid;viasraid;c:\winxp\system32\drivers\viasra id . sys [2008-06-28 76416] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winxp\system32\drivers\avgldx86 . sys [2008-06-28 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\winxp\system32\drivers\avgtdix . sys [2008-06-28 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc . exe [2008-07-16 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc . exe [2008-07-16 298264] R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\winxp\system32\drivers\hcw88rc5 . sys [2009-02-25 12288] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\winxp\system32\drivers\hcw88tse . sys [2009-02-25 320512] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\winxp\system32\drivers\hcw88vid . sys [2009-02-25 396032] S3 Slnt7554;USB Soft Modem Driver;c:\winxp\system32\drivers\slnt7554 . sys [2008-06-28 129535] . Contents of the 'Scheduled Tasks' folder 2009-03-24 c:\winxp\Tasks\At1 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At10 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At11 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At12 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At13 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At14 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At15 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At16 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At17 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At18 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At19 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At2 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At20 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At21 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At22 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At23 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At24 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At25 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At26 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At27 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At28 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At29 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At3 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At30 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At31 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At32 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At33 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At34 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At35 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At36 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At37 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At38 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At39 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At4 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At40 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At41 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At42 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At43 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At44 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At45 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At46 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At47 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At48 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At5 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At6 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At7 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At8 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] 2009-03-24 c:\winxp\Tasks\At9 . job - c:\winxp\system32\A6Ci1Ut4 . exe [] . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe MSConfigStartUp-Cmaudio - cmicnfg . cpl . ------- Supplementary Scan ------- . uStart Page = hxxp://www . google . co . uk/ . ************************************************** ************************ catchme 0 . 3 . 1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2009-03-24 20:37:24 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe c:\program files\AVG\AVG8\avgrsx . exe c:\progra~1\AVG\AVG8\avgnsx . exe c:\program files\AVG\AVG8\avgcsrvx . exe c:\winxp\system32\wscntfy . exe . ************************************************** ************************ . Completion time: 2009-03-24 20:41:29 - machine was rebooted ComboFix-quarantined-files . txt 2009-03-24 07:41:25 Pre-Run: 66,412,285,952 bytes free Post-Run: 66,384,097,280 bytes free 246 I also ran the dial a fix & it sugested I install sp3 . So I will do that now with the small tool thing .	Driftwood (5551)
758858	2009-03-24 09:16:00	I've emailed Pancake, I've never used Comobofix. Lets see what he tells you to fix	Speedy Gonzales (78)
758859	2009-03-24 09:26:00	Maybe I should have waited. Have installed SP3 & just doing latest updates now. This is an interesting problem.	Driftwood (5551)
1 2 3