Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log windows 7 64 bit


  • This topic is locked This topic is locked
2 replies to this topic

#1 boblewis72

boblewis72

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 20 May 2011 - 02:43 PM

Hi guys noob here trying to figure out what is wrong with my system. when i first ran hijack this i got an error right off the bat about not being able to read or write hosts file. told me to delete it . so i tried and i didnt have permission even though i am admin. i am runnning windows 7 64 bit. thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:36:02 PM, on 5/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Windows Activation Technologies Service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6414 bytes

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by livery at 4:31:45 on 2011-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2589 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\Titanium\Remove.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\livery\Desktop\dds(1).scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title =
uSearch Page =
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
BHO-X64: Download Accelerator Plus Integration - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
mRun-x64: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\livery\AppData\Roaming\Mozilla\Firefox\Profiles\lz6sg37v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/homepage.aspx?tbid=60076
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\livery\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\livery\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\livery\AppData\Roaming\Mozilla\Firefox\Profiles\lz6sg37v.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S?2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-5-19 256336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 Angel;Angel MPEG Device;C:\Windows\system32\DRIVERS\Angel.sys --> C:\Windows\system32\DRIVERS\Angel.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 evserial7;Virtual Serial Ports Driver 7 (Eltima Softwate);C:\Windows\system32\DRIVERS\evserial7.sys --> C:\Windows\system32\DRIVERS\evserial7.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 gupdate;Google Update Service (gupdate); [x]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSBC7;Virtual Serial Bus Enumerator 7 (Eltima Software);C:\Windows\system32\DRIVERS\evsbc7.sys --> C:\Windows\system32\DRIVERS\evsbc7.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 18:47:10 388096 ----a-r- C:\Users\livery\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 16:18:20 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37920D25-FAF6-4675-BCF3-AD7AC4DAB160}\mpengine.dll
2011-05-20 05:39:30 339536 ----a-w- C:\Windows\System32\drivers\tmwfp.sys
2011-05-20 05:39:30 194640 ----a-w- C:\Windows\System32\drivers\tmlwf.sys
2011-05-20 03:10:50 -------- d-----w- C:\temp
2011-05-20 02:26:23 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2011-05-20 02:25:59 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2011-05-20 02:25:58 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2011-05-20 02:25:58 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2011-05-20 02:04:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-20 01:58:01 -------- d-----w- C:\Program Files (x86)\Image-Line
2011-05-20 01:54:50 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-05-20 01:52:38 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-05-20 01:51:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-20 01:50:39 -------- d-----w- C:\ProgramData\Trend Micro
2011-05-20 01:50:38 -------- d-----w- C:\Program Files\Trend Micro
2011-05-20 01:40:52 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-05-19 13:07:39 -------- d-----w- C:\Users\livery\AppData\Local\Downloaded Installations
2011-05-19 12:36:31 -------- d-----w- C:\Program Files (x86)\DrWeb
2011-05-19 11:58:11 -------- d-----w- C:\Users\livery\AppData\Roaming\TuneUp Software
2011-05-19 11:57:21 -------- d-----w- C:\ProgramData\TuneUp Software
2011-05-19 11:52:59 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-19 11:46:58 -------- d-----w- C:\Users\livery\AppData\Local\PackageAware
2011-05-17 21:24:52 -------- d-----w- C:\Users\livery\AppData\Roaming\Big Fish Games
2011-05-17 09:17:22 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 09:17:22 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-17 05:15:03 -------- d-----w- C:\Users\livery\AppData\Local\InternetTV
2011-05-17 03:04:42 -------- d-----w- C:\Users\livery\DoctorWeb
2011-05-17 03:02:46 -------- d-----w- C:\Users\livery\AppData\Local\Bump Technologies, Inc
2011-05-17 03:00:17 -------- d-----w- C:\Users\livery\AppData\Roaming\Bump Technologies, Inc
2011-05-16 18:31:53 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-05-16 18:20:32 -------- d-----w- C:\Users\livery\AppData\Local\Innovative Solutions
2011-05-16 18:20:23 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2011-05-16 18:20:20 47984 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl
2011-05-16 18:20:20 -------- d-----w- C:\ProgramData\Innovative Solutions
2011-05-16 18:20:12 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2011-05-16 18:19:08 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-05-16 18:14:11 -------- d-----w- C:\Users\livery\AppData\Roaming\GetRightToGo
2011-05-16 07:49:29 -------- d-----w- C:\Users\livery\AppData\Roaming\YoudaGames
2011-05-16 07:47:24 -------- d-----w- C:\Program Files (x86)\FishBone Games
2011-05-16 07:47:20 -------- d-----w- C:\Downloads
2011-05-16 03:53:48 -------- d-----w- C:\Users\livery\AppData\Local\PunkBuster
2011-05-12 01:17:45 90784 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2011-05-12 01:17:45 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2011-05-12 01:17:45 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2011-05-12 01:15:41 -------- d-----w- C:\Program Files (x86)\SpeedBit Video Accelerator
2011-05-12 01:15:34 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2011-05-12 01:15:34 -------- d-----w- C:\ProgramData\SpeedBit
2011-05-11 21:38:14 -------- d-----w- C:\Windows\SysWow64\ac2
2011-05-11 21:37:17 80724432 ----a-w- C:\Program Files (x86)\ac2_update.exe
2011-05-11 02:19:59 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 02:19:56 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:19:55 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 02:19:52 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 02:19:52 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 02:19:52 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 02:19:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 02:19:52 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 02:19:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-04-30 16:16:31 -------- d-----w- C:\Users\livery\AppData\Local\EA Games
2011-04-27 17:43:11 -------- d-----w- C:\Users\livery\AppData\Local\Logitech
2011-04-27 13:17:26 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 13:16:36 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 13:16:36 31232 ----a-w- C:\Windows\System32\prevhost.exe
.
==================== Find3M ====================
.
2011-05-24 09:14:21 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-05-24 09:14:21 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-24 09:09:41 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-05-20 01:40:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-16 03:50:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-23 17:20:36 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-04-05 19:54:58 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-03-21 12:58:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-21 12:58:19 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-15 07:45:26 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-09 14:22:44 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-09 10:41:54 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
2011-03-09 10:19:24 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-03-09 09:57:06 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-03-09 09:56:56 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-03-09 09:55:54 795136 ----a-w- C:\Windows\System32\aticfx64.dll
2011-03-09 09:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-03-09 09:53:36 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-03-09 09:53:06 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-03-09 09:52:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-03-09 09:51:50 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-03-09 09:51:44 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-03-09 09:51:36 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-03-09 09:51:30 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-03-09 09:51:28 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-03-09 09:51:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-03-09 09:48:48 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-03-09 09:40:24 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
2011-03-09 09:34:38 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-03-09 09:34:36 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-03-09 09:34:26 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-03-09 09:34:24 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-03-09 09:34:14 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-03-09 09:32:34 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-03-09 09:30:32 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-03-09 09:24:50 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
2011-03-09 09:18:18 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-03-09 09:18:12 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-03-09 09:18:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-03-09 09:17:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-03-09 09:17:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-03-09 09:17:56 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-03-09 09:17:50 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-03-09 09:17:44 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-09 09:17:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-03-09 09:17:02 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-03-09 09:16:56 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-03-09 09:16:50 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-03-09 09:16:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-03-09 09:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-03-09 08:42:42 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-03-09 08:42:08 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-03-09 08:41:54 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-03-09 08:34:14 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-03-09 08:19:00 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-03-09 08:19:00 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-03-09 08:18:54 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-03-09 08:18:54 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-28 15:44:56 42664 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2011-02-28 15:36:12 574632 ----a-w- C:\Windows\SysWow64\msvcp50.dll
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-25 02:05:36 34032 ----a-w- C:\Windows\System32\drivers\seehcri.sys
2011-02-25 02:05:03 27176 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2011-02-25 02:05:03 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-02-25 02:05:03 13352 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
.
============= FINISH: 4:32:41.91 ===============

any help would be appreciated. many thanks in advance

Is this the same computer as your other topic here: http://www.bleepingcomputer.com/forums/topic398522.html


yes it is sorry . kind of new to all this. was trying to find out how to delete it. didnt see that i wasnt supposed to post hijack this log until after the fact. sorry again.

EDIT: Topics merged ~Budapest

Attached Files


Edited by hamluis, 25 May 2011 - 11:14 AM.
Merged posts.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:55 PM

Posted 28 May 2011 - 05:09 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:55 PM

Posted 07 June 2011 - 02:06 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users