Home > Hidden Files > Hidden Files Mishap: Malware? (w/ HJT Log)

Hidden Files Mishap: Malware? (w/ HJT Log)

I have re-run anti-virus for directory C:\windows\system32 and it has not detected any problem. You may need several replies to post the requested logs, otherwise they might get cut off. Your system may take longer than usual to load; this is normal. Please thank your helpers and there will always be help here when you need it!======================================================== Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading have a peek here

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send Here in the forums, replies are posted to topics only. o Click on the Logs tab. Please download the OTMoveIt by OldTimer. https://forums.techguy.org/threads/hidden-files-mishap-malware-w-hjt-log.530485/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? c:\documents and settings\All Users\Application Data\CrucialSoft Ltd c:\documents and settings\fullersl\Application Data\GetModule c:\documents and settings\fullersl\Application Data\GetModule\dicik.gz c:\documents and settings\fullersl\Application Data\GetModule\kwdik.gz c:\documents and settings\fullersl\Application Data\GetModule\ofadik.gz c:\documents and settings\fullersl\Local Settings\Temporary Internet Files\fbk.sts c:\program files\GetModule c:\program Please only run the tool once, ty. Oleksii C:\qoobox\Quarantine\Registry_backups moved successfully.

I keep getting the bad image errors on just about everything! field. Shall I delete this directory now? REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon AutoRestartShell REG_DWORD 0x1 DefaultDomainName REG_SZ SILMARIL DefaultUserName REG_SZ Ar-Adunakhor LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe ShutdownWithoutLogon REG_SZ 0 Userinit

button.Close OTMoveItPlease "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.If a file or folder cannot be moved immediately I have to then do an uninstall of the SP2 patch and reinstall most of my drivers. They are free programs and get updated often so you'll be better off to just download them again if you happen to need them. Spy-Bot is however unable to delete these entrys as they are runnning in system memory.

Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system. My HJT log...pleeeease help Started by shafer5 , Feb 02 2009 09:48 PM Page 1 of 3 1 2 3 Next This topic is locked 41 replies to this topic #1 In the System Restore dialog box, click Create a restore point, and then click Next. We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

After the files have been downloaded on the left side of the page in the Scan section select My Computer. http://www.hijackthis.de/ You should also scan your computer with program on a regular basis just as you would an antivirus software. I did a disc search for both but didn't find them. One more time, many thanks!

And one more thing: I cannot view video files on my laptop anymore. http://filealley.com/hidden-files/hidden-files-and-folders.html Simply using a Firewall in its default configuration can lower your risk greatly. Modifying the registry can be dangerous so we will make a backup of the registry first. I'd hang onto to it for a few weeks just to be sure there's nothing in there that you need.

I’ve run HijackThis followed instructions on your forum “Preparation Guide For Use Before Posting A Hijackthis Log” Is anybody having any idea what I should do? If not, are they listed in the Control Panel under Add/Remove programs?If you did not install those on purpose and they are listed in add/remove program, please remove them from there.Let Just paste your complete logfile into the textbox at the bottom of this page. http://filealley.com/hidden-files/hidden-files-help.html Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017

Join the ClassRoom and learn how.MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017 Back to top #3 shafer5 shafer5 Member Members 31 posts Posted 03 February 2009 Delete what you do not need. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

If you are not this user, do NOT follow these directions as they could damage the workings of your system.3.

Looks great And yes, I did include some file to delete that may have been removed previously. Save and extract its contents to the desktop. You can read more about type of data Here. Now, start The Avenger program by clicking on its icon on your desktop.Under "Script file to execute" choose "Input Script Manually".Now click on the Magnifying Glass icon which will open a

Please download The Avenger by Swandog46 to your Desktop.Click on Avenger.zip to open the fileExtract avenger.exe to your desktop2. Now I have on my computer: Symantec AntiVirus, SpyBot S&D, Super Antispyware, Ad-aware, Stinger, ComboFix, HJT, Sygate FireWall and OTMoveIt. Click "Do a System Scan Only", and place a check next to the following items (if found): O17 - HKLM\System\CCS\Services\Tcpip\..\{23C83EFD-0F26-4B1D-B9F4-11FA0CB178B1}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\..\{501CFDD4-8A4B-4AE6-9CB9-08EB346FFCCC}: NameServer =, O17 - http://filealley.com/hidden-files/hidden-files-are-not-shown.html It shouldn't have anything to do with avicap3.dll because that file was malware and shouldn't affect video playback.

A scan of my machine provides various results. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:Disable and Enable System Restore. - If you are using Windows ME or Might have to resort to going through MSCONFIG to disable. I have just one more question.

If the value is lost, it could be due to Malware or Restrictions in the registry. Help would be greatly appreciated. I really do appreciate your help with this, let me know if you need anything else from my end. So this may take a little bit of troubleshooting.

C:\qoobox\Hiv-backup\Users\00000005 moved successfully. Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #3 Oleksii Oleksii Topic Starter Members 7 posts OFFLINE Gender:Male Location:Chicago Local C:\qoobox\Hiv-backup\default scheduled to be moved on reboot.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their The CPU usage was running at 90% before all of this Back to top #18 Juliet Juliet Advanced Member Trusted Malware Techs 23,158 posts Gender:Female Posted 04 February 2009 - 08:11 Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? C:\qoobox\Hiv-backup\SAM scheduled to be moved on reboot.

Go to Start > Run and type in the box: CleanmgrWait while Windows scans your system for files to delete.Make sure these 3 are checkmarked and press *ok* to delete them.Temporary Back to top #9 LS CalamityJane LS CalamityJane Former Lavasoft Staff Members 8814 posts Posted 23 June 2007 - 03:39 PM Good job! In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Look for the *New Topic* Button near the top right when viewing the forums.

Click Next, then Install, make sure "Run fixit" is checked and click Finish. Unfortunately, I cannot, because each time I try to install the software (I already downloaded ok) I get a run-time error mesage and the machine crashes. Backing Up Your Registry Go Here and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore Shall I delete all these files or shall I leave they?