Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please hijack this


  • This topic is locked This topic is locked
2 replies to this topic

#1 pouringreign

pouringreign

  • Members
  • 231 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 February 2010 - 01:15 PM

Just making sure my hijackthis is free of any malware that you can see.
This is Windows 7

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:42 PM, on 2/28/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\aol\1266852587\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1266852587\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel« Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Intel« Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Intel« Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8741 bytes

DDS (Ver_09-12-01.01) - NTFSx86
Run by Matthew at 14:23:20.17 on Sun 02/28/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.2325 [GMT -5:00]

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\aol\1266852587\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95IJMG19\dds[1].scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HostManager] c:\program files\common files\aol\1266852587\ee\AOLSoftware.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-2-22 291920]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-22 162512]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-2-27 142592]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-9 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-22 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-22 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-22 40384]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 UNS;Intel« Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-2-8 2066968]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-22 40384]
R3 e1kexpress;Intel« PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-2-9 202408]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]

=============== Created Last 30 ================

2010-02-28 18:11:29 0 d-----w- c:\program files\Trend Micro
2010-02-28 17:34:42 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-28 17:33:03 0 d-----w- c:\windows\system32\Wat
2010-02-28 17:32:29 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-28 17:32:29 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-28 17:32:29 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-28 17:20:22 0 d-----w- c:\program files\Secunia
2010-02-28 00:10:35 0 d-----w- C:\HP Universal Print Driver v5.0.3 for Windows - PCL 6
2010-02-28 00:05:47 0 ----a-w- c:\windows\HPMProp.INI
2010-02-28 00:05:41 0 d-----w- c:\programdata\Hewlett-Packard
2010-02-28 00:05:31 64024 ----a-w- c:\windows\system32\hppccompio.dll
2010-02-28 00:05:31 299008 ----a-w- c:\windows\system32\hpmml094.DLL
2010-02-28 00:05:31 249856 ----a-w- c:\windows\system32\hpmpm081.DLL
2010-02-28 00:05:31 233472 ----a-w- c:\windows\system32\hpmtp094.dll
2010-02-28 00:05:31 225280 ----a-w- c:\windows\system32\hpmja094.DLL
2010-02-28 00:05:31 208896 ----a-w- c:\windows\system32\hpmpw081.DLL
2010-02-28 00:05:31 18944 ----a-w- c:\windows\system32\hppmopjl.dll
2010-02-28 00:05:30 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2010-02-28 00:05:30 161280 ----a-w- c:\windows\system32\hpcpn094.dll
2010-02-28 00:05:29 49252 ----a-w- c:\windows\system32\HPMNQUE.DLL
2010-02-28 00:05:29 49250 ----a-w- c:\windows\system32\HPMNNDPS.DLL
2010-02-27 23:27:24 0 d-----w- c:\users\matthew\appdata\roaming\CheckPoint
2010-02-27 23:27:21 0 d-----w- c:\program files\CheckPoint
2010-02-27 23:27:16 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-02-27 23:27:03 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-02-27 23:27:03 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-02-27 23:27:03 0 d-----w- c:\windows\system32\ZoneLabs
2010-02-27 23:27:03 0 d-----w- c:\program files\Zone Labs
2010-02-27 23:26:19 0 d-----w- c:\programdata\CheckPoint
2010-02-27 23:26:18 0 d-----w- c:\windows\Internet Logs
2010-02-27 23:25:23 0 d-----w- c:\users\matthew\appdata\roaming\Malwarebytes
2010-02-27 23:25:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 23:25:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 23:25:19 0 d-----w- c:\programdata\Malwarebytes
2010-02-27 23:25:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 23:09:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-27 23:09:01 0 d-----w- c:\users\matthew\appdata\roaming\Spyware Terminator
2010-02-27 23:09:00 0 d-----w- c:\programdata\Spyware Terminator
2010-02-27 23:08:58 0 d-----w- c:\program files\Spyware Terminator
2010-02-27 23:04:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-27 23:04:19 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-27 23:04:19 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-27 23:04:19 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-27 23:04:19 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-27 23:01:59 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-27 22:52:56 0 d-----w- c:\program files\MSXML 4.0
2010-02-22 17:40:04 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-22 17:37:05 0 d-----w- c:\programdata\Microsoft Help
2010-02-22 17:00:10 291920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-02-22 17:00:09 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-22 16:51:00 0 d-----w- c:\programdata\Alwil Software
2010-02-22 16:01:09 0 d-----w- c:\programdata\ESET
2010-02-22 15:36:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 15:30:29 0 d-----w- c:\users\matthew\appdata\roaming\AOL
2010-02-22 15:30:29 0 d-----w- c:\programdata\Macromedia
2010-02-22 15:30:14 54832 ----a-w- c:\windows\system32\AOLParconLink.exe
2010-02-22 15:30:14 0 d-----w- c:\programdata\Viewpoint
2010-02-22 15:30:14 0 d-----w- c:\program files\Viewpoint
2010-02-22 15:30:09 0 d-----w- c:\programdata\AOL Toolbar
2010-02-22 15:30:09 0 d-----w- c:\program files\AOL Toolbar
2010-02-22 15:30:07 0 d-----w- c:\program files\common files\Software Update Utility
2010-02-22 15:29:57 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2010-02-22 15:29:55 0 d-----w- c:\programdata\AOL OCP
2010-02-22 15:29:42 0 d-----w- c:\programdata\AOL
2010-02-22 15:29:42 0 d-----w- c:\program files\common files\aolshare
2010-02-22 15:29:42 0 d-----w- c:\program files\common files\aol
2010-02-22 15:29:42 0 d-----w- c:\program files\AOL 9.5
2010-02-22 14:21:23 0 d-----w- c:\programdata\AOL Downloads
2010-02-22 14:20:01 0 d-----w- c:\users\matthew\appdata\roaming\Wave Systems Corp
2010-02-22 14:20:01 0 d-----w- c:\users\matthew\appdata\roaming\Broadcom
2010-02-09 07:26:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-09 07:26:32 0 d-----w- c:\programdata\SonicFocus
2010-02-09 07:26:31 0 d-----w- c:\program files\Analog Devices
2010-02-09 07:22:38 4084 ---ha-r- C:\dell.sdr
2010-02-09 07:22:10 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-02-09 07:22:10 507568 ----a-w- c:\windows\system32\winload.exe
2010-02-09 07:22:10 442920 ----a-w- c:\windows\system32\winresume.exe
2010-02-09 07:22:10 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-02-09 07:22:10 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-02-09 07:22:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-09 07:22:09 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-02-09 07:22:09 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-09 07:22:09 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-02-09 07:21:05 72288 ----a-w- c:\windows\system32\e1kmsg.dll
2010-02-09 07:21:05 61632 ----a-w- c:\windows\system32\NicInstK.dll
2010-02-09 07:21:05 3122 ----a-w- c:\windows\system32\e1k6232.din
2010-02-09 07:21:05 28792 ----a-w- c:\windows\system32\NicCo36.dll
2010-02-09 07:21:05 202408 ----a-w- c:\windows\system32\drivers\e1k6232.sys
2010-02-09 07:21:03 40832 ----a-w- c:\windows\system32\drivers\HECI.sys
2010-02-09 07:18:55 0 d-----w- c:\windows\system32\oem
2010-02-09 07:18:54 0 d-----w- c:\windows\Panther
2010-02-09 07:18:54 0 d-----w- C:\Drivers
2010-02-09 07:15:56 0 d-----w- C:\dell
2010-02-09 04:46:08 0 d-----w- c:\programdata\ATI
2010-02-09 04:41:20 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-09 04:41:08 20 ----a-w- c:\windows\Xˇ-
2010-02-09 04:41:08 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-09 04:40:03 0 d-----w- c:\program files\Microsoft
2010-02-09 04:39:40 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-09 04:39:08 0 d-----w- c:\windows\PCHEALTH
2010-02-09 04:37:16 0 d-----w- c:\program files\common files\Windows Live
2010-02-09 04:37:10 0 d-----w- c:\programdata\Uninstall
2010-02-09 04:37:10 0 d-----w- c:\program files\common files\SureThing Shared
2010-02-09 04:36:52 0 d-----w- c:\programdata\Sonic
2010-02-09 04:36:50 0 d-----w- c:\program files\common files\Sonic Shared
2010-02-09 04:36:50 0 d-----w- c:\program files\common files\PX Storage Engine
2010-02-09 04:36:45 0 d-----w- c:\programdata\InstallShield
2010-02-09 04:36:44 0 d-----w- c:\program files\Roxio
2010-02-09 04:36:23 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-02-09 04:36:08 0 d-----w- c:\programdata\Dell
2010-02-09 04:36:03 0 d-----w- c:\windows\system32\wbem\Performance
2010-02-09 04:35:30 736 ----a-w- c:\windows\system32\InstallUtil.InstallLog
2010-02-09 04:33:44 0 d-----w- c:\program files\Wave Systems Corp
2010-02-09 04:33:38 0 d-----w- c:\windows\system32\Test
2010-02-09 04:33:37 0 d-----w- c:\windows\Downloaded Installations
2010-02-09 04:33:37 0 d-----w- c:\programdata\Wave Systems Corp
2010-02-09 04:33:24 0 d-----w- c:\programdata\NTRU Cryptosystems
2010-02-09 04:33:24 0 d-----w- c:\program files\NTRU Cryptosystems
2010-02-09 04:33:01 0 d-----w- c:\windows\system32\Lang
2010-02-09 04:33:01 0 d-----w- c:\program files\common files\postureAgent
2010-02-09 04:33:00 1006104 ----a-w- c:\windows\system32\mesoludlg.exe
2010-02-09 04:32:58 0 d-----w- c:\program files\common files\Intel
2010-02-09 04:32:42 0 d-----w- C:\Intel
2010-02-09 04:32:08 0 d-----w- c:\program files\ATI Technologies
2010-02-09 04:31:22 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2010-02-09 04:31:22 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2010-02-09 04:31:09 0 d-----w- c:\windows\system32\BioAPIFFDB
2010-02-09 04:30:25 0 d-----w- c:\program files\Dell
2010-02-09 04:30:22 55072 ----a-w- c:\windows\system32\jureg.exe
2010-02-09 04:30:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-09 04:30:22 386872 ----a-w- c:\windows\system32\jucheck.exe
2010-02-09 04:30:22 149280 ----a-w- c:\windows\system32\jusched.exe
2010-02-09 04:29:18 0 d-----w- c:\program files\Dell Inc
2010-02-09 04:29:17 0 d-sh--w- c:\windows\Installer

==================== Find3M ====================

2010-02-09 07:20:37 4084 ----a-w- c:\windows\system32\drivers\1028_Dell_OPT_780.mrk
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 16:12:02 309760 ----a-w- c:\windows\system32\SET367C.tmp
2009-12-04 16:11:58 86016 ----a-w- c:\windows\system32\hpmco094.dll
2009-12-04 16:11:36 309760 ----a-w- c:\windows\system32\SETDA15.tmp
2009-12-04 16:11:24 372736 ----a-w- c:\windows\system32\hpmprein.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:23:51.17 ===============

The reason I posted all of this, was that I got a fake download screen for a rogue antivirus and I want to make sure everything is secure

It passed the Secunia PSI...(cant copy it). I posted also on another forum, which was not for hijack logs. Maybe the fake antivirus thing was just a fluke, because I ran security tests on it and it seems all up to date.

Merged 4 posts. ~ OB

Edited by Orange Blossom, 28 February 2010 - 03:43 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:29 PM

Posted 05 March 2010 - 08:56 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:29 PM

Posted 10 March 2010 - 08:53 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users