Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

strange computers in network and cant repair hijack 015

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

strange computers in network and cant repair hijack 015

Unread postby rext » February 24th, 2012, 6:54 pm

015 - protocol defaults file protocol is my computer zone - should be internet zone

thanks much for your time

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by RexT at 17:21:51 on 2012-02-24
Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7601.1.1252.1.1033.18.6143.3887 [GMT -5:00]
.
.
============== Running Processes ===============
.
E:\Windows\system32\wininit.exe
E:\Windows\system32\lsm.exe
E:\Windows\system32\svchost.exe -k DcomLaunch
E:\Windows\system32\svchost.exe -k RPCSS
E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
E:\Windows\system32\svchost.exe -k netsvcs
E:\Windows\system32\svchost.exe -k LocalService
E:\Windows\system32\svchost.exe -k NetworkService
E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
E:\Windows\system32\SearchIndexer.exe
E:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Windows\System32\svchost.exe -k secsvcs
E:\Windows\servicing\TrustedInstaller.exe
E:\Windows\SysWOW64\notepad.exe
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
E:\Program Files (x86)\iTunes\iTunes.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
E:\Windows\system32\conhost.exe
E:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
E:\Windows\system32\conhost.exe
E:\Windows\system32\taskeng.exe
E:\Program Files\Microsoft IntelliPoint\IPoint.exe
E:\Program Files\Yamicsoft\Windows 7 Manager\Windows7Manager.exe
E:\Windows\explorer.exe
E:\Windows\explorer.exe
E:\Windows\system32\taskhost.exe
E:\Windows\System32\spoolsv.exe
E:\Windows\system32\WUDFHost.exe
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
E:\Windows\system32\conhost.exe
E:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
E:\Windows\system32\conhost.exe
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Windows\SysWOW64\NOTEPAD.EXE
E:\Windows\SysWOW64\NOTEPAD.EXE
E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Windows\system32\SearchProtocolHost.exe
E:\Windows\system32\SearchFilterHost.exe
E:\Windows\SysWOW64\cmd.exe
E:\Windows\system32\conhost.exe
E:\Windows\SysWOW64\cscript.exe
E:\Windows\system32\wbem\wmiprvse.exe
E:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uRun: [HijackThis startup scan] E:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe /startupscan
mRun: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78FEE5E4-6A81-4F07-8B7B-DA39AC160E69} : DhcpNameServer = 192.168.2.1
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - E:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mRun-x64: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - E:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;E:\Windows\system32\DRIVERS\xfiltx64.sys --> E:\Windows\system32\DRIVERS\xfiltx64.sys [?]
R2 AODDriver4.01;AODDriver4.01;E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 ekrn;ESET Service;E:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-3-19 731840]
R2 epfwwfp;epfwwfp;E:\Windows\system32\DRIVERS\epfwwfp.sys --> E:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R3 amdiox64;AMD IO Driver;E:\Windows\system32\DRIVERS\amdiox64.sys --> E:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;E:\Windows\system32\DRIVERS\atikmdag.sys --> E:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;E:\Windows\system32\DRIVERS\atikmpag.sys --> E:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;E:\Windows\system32\drivers\AtihdW76.sys --> E:\Windows\system32\drivers\AtihdW76.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 usbfilter;AMD USB Filter Driver;E:\Windows\system32\DRIVERS\usbfilter.sys --> E:\Windows\system32\DRIVERS\usbfilter.sys [?]
S0 johci;JMicron 1394 Filter Driver;E:\Windows\system32\DRIVERS\johci.sys --> E:\Windows\system32\DRIVERS\johci.sys [?]
S2 .EsetTrialReset;Trial Reset;C:\Program Files\ESET\ESET Smart Security\Shahed.exe /s --> C:\Program Files\ESET\ESET Smart Security\Shahed.exe [?]
S3 AmUStor;AM USB Stroage Driver;E:\Windows\system32\drivers\AmUStor.SYS --> E:\Windows\system32\drivers\AmUStor.SYS [?]
S3 HECIx64;Intel(R) Management Engine Interface;E:\Windows\system32\DRIVERS\HECIx64.sys --> E:\Windows\system32\DRIVERS\HECIx64.sys [?]
S3 hptmv;hptmv;E:\Windows\system32\DRIVERS\hptmv.sys --> E:\Windows\system32\DRIVERS\hptmv.sys [?]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;E:\Windows\system32\DRIVERS\IAMTVE.sys --> E:\Windows\system32\DRIVERS\IAMTVE.sys [?]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;E:\Windows\system32\DRIVERS\IAMTXPE.sys --> E:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
S3 ioatdma;Intel(R) QuickData Technology device;E:\Windows\system32\Drivers\qd260x64.sys --> E:\Windows\system32\Drivers\qd260x64.sys [?]
S3 ioatdma1;ioatdma1;E:\Windows\system32\Drivers\qd162x64.sys --> E:\Windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;E:\Windows\system32\Drivers\qd262x64.sys --> E:\Windows\system32\Drivers\qd262x64.sys [?]
S3 iSSetup;iSSetup;E:\Windows\system32\DRIVERS\iSSetup.sys --> E:\Windows\system32\DRIVERS\iSSetup.sys [?]
S3 MegaSR1;MegaSR1;E:\Windows\system32\DRIVERS\MegaSR1.sys --> E:\Windows\system32\DRIVERS\MegaSR1.sys [?]
S3 nvamacpi;nvamacpi;E:\Windows\system32\DRIVERS\NVAMACPI.sys --> E:\Windows\system32\DRIVERS\NVAMACPI.sys [?]
S3 O2MDRDR;O2MDRDR;E:\Windows\system32\DRIVERS\o2mdx64.sys --> E:\Windows\system32\DRIVERS\o2mdx64.sys [?]
S3 O2SDRDR;O2SDRDR;E:\Windows\system32\DRIVERS\o2sdx64.sys --> E:\Windows\system32\DRIVERS\o2sdx64.sys [?]
S3 Pnp680;Pnp680;E:\Windows\system32\DRIVERS\pnp680.sys --> E:\Windows\system32\DRIVERS\pnp680.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys --> E:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rimspci;rimspci;E:\Windows\system32\DRIVERS\rimspe64.sys --> E:\Windows\system32\DRIVERS\rimspe64.sys [?]
S3 risdpcie;risdpcie;E:\Windows\system32\DRIVERS\risdpe64.sys --> E:\Windows\system32\DRIVERS\risdpe64.sys [?]
S3 rixdpcie;rixdpcie;E:\Windows\system32\DRIVERS\rixdpe64.sys --> E:\Windows\system32\DRIVERS\rixdpe64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;E:\Windows\system32\Drivers\RtsUStor.sys --> E:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SI3112r;SI3112r;E:\Windows\system32\DRIVERS\SI3112r.sys --> E:\Windows\system32\DRIVERS\SI3112r.sys [?]
S3 SI3114;SI3114;E:\Windows\system32\DRIVERS\SI3114.sys --> E:\Windows\system32\DRIVERS\SI3114.sys [?]
S3 SI3124;SI3124;E:\Windows\system32\DRIVERS\SI3124.sys --> E:\Windows\system32\DRIVERS\SI3124.sys [?]
S3 Si3124r5;Si3124r5;E:\Windows\system32\DRIVERS\Si3124r5.sys --> E:\Windows\system32\DRIVERS\Si3124r5.sys [?]
S3 Si3531;Si3531;E:\Windows\system32\DRIVERS\Si3531.sys --> E:\Windows\system32\DRIVERS\Si3531.sys [?]
S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
S3 viamrx64;viamrx64;E:\Windows\system32\DRIVERS\viamrx64.sys --> E:\Windows\system32\DRIVERS\viamrx64.sys [?]
S3 ViBusX64;ViBusX64;E:\Windows\system32\DRIVERS\ViBusX64.sys --> E:\Windows\system32\DRIVERS\ViBusX64.sys [?]
S3 videX64;videX64;E:\Windows\system32\DRIVERS\videX64.sys --> E:\Windows\system32\DRIVERS\videX64.sys [?]
S3 ViPrtX64;ViPrtX64;E:\Windows\system32\DRIVERS\ViPrtX64.sys --> E:\Windows\system32\DRIVERS\ViPrtX64.sys [?]
S3 vm3dmp;vm3dmp;E:\Windows\system32\DRIVERS\vm3dmp.sys --> E:\Windows\system32\DRIVERS\vm3dmp.sys [?]
S3 vmmouse;VMware Pointing Device;E:\Windows\system32\DRIVERS\vmmouse.sys --> E:\Windows\system32\DRIVERS\vmmouse.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;E:\Windows\system32\atiesrxx.exe --> E:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
S4 gupdate;Google Update Service (gupdate);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
S4 gupdatem;Google Update Service (gupdatem);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-8 136176]
.
=============== Created Last 30 ================
.
2012-02-24 20:21:47 -------- d-----w- E:\Windows\SysWow64\wbem\Performance
2012-02-24 20:14:55 -------- d-----w- E:\ProgramData\GroupPolicy
2012-02-24 18:24:02 8643640 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C80AC2CE-F82E-4D77-A12C-FEE03877795D}\mpengine.dll
2012-02-24 18:22:32 -------- d-----w- E:\Program Files\Microsoft IntelliPoint
2012-02-24 18:22:27 -------- d-----w- E:\Windows\PCHEALTH
2012-02-24 18:04:35 -------- d-----w- E:\Users\RexT\AppData\Local\Apple Computer
2012-02-24 18:04:27 34152 ----a-w- E:\Windows\System32\drivers\GEARAspiWDM.sys
2012-02-24 18:04:27 126312 ----a-w- E:\Windows\System32\GEARAspi64.dll
2012-02-24 18:04:27 107368 ----a-w- E:\Windows\SysWow64\GEARAspi.dll
2012-02-24 18:03:33 -------- d-----w- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-24 18:03:33 -------- d-----w- E:\Program Files\iTunes
2012-02-24 18:03:33 -------- d-----w- E:\Program Files\iPod
2012-02-24 18:03:33 -------- d-----w- E:\Program Files (x86)\iTunes
2012-02-24 18:03:03 -------- d-----w- E:\Users\RexT\AppData\Local\Apple
2012-02-24 18:02:36 -------- d-----w- E:\Program Files\Bonjour
2012-02-24 18:02:36 -------- d-----w- E:\Program Files (x86)\Bonjour
2012-02-24 08:11:13 2491552 ----a-w- E:\wubi.exe
2012-02-24 08:11:13 201293 ----a-w- E:\ubnldr.exe
2012-02-24 08:10:27 -------- d-----w- E:\preseed
2012-02-24 08:10:27 -------- d-----w- E:\pool
2012-02-24 08:10:27 -------- d-----w- E:\pics
2012-02-24 08:10:27 -------- d-----w- E:\isolinux
2012-02-24 08:10:27 -------- d-----w- E:\install
2012-02-24 08:10:27 -------- d-----w- E:\efi
2012-02-24 08:10:27 -------- d-----w- E:\dists
2012-02-24 08:10:27 -------- d-----w- E:\casper
2012-02-24 08:10:27 -------- d-----w- E:\boot
2012-02-24 08:10:27 -------- d-----w- E:\.disk
2012-02-24 08:10:25 -------- d-----w- E:\unetbtin
2012-02-24 04:41:58 -------- d-----w- E:\Windows\pss
2012-02-22 10:11:48 -------- d-----w- E:\Windows\System32\SPReview
2012-02-22 10:10:56 -------- d-----w- E:\Windows\System32\EventProviders
2012-02-22 10:07:53 562176 ----a-w- E:\Windows\System32\VMCPropertyHandler.dll
2012-02-22 10:06:59 692224 ----a-w- E:\Windows\System32\cscsvc.dll
2012-02-22 10:05:59 99328 ----a-w- E:\Windows\SysWow64\QSVRMGMT.DLL
2012-02-22 10:03:56 529408 ----a-w- E:\Windows\System32\wbemcomn.dll
2012-02-22 10:03:56 244736 ----a-w- E:\Program Files\Windows Portable Devices\sqmapi.dll
2012-02-22 10:03:55 244736 ----a-w- E:\Windows\System32\sqmapi.dll
2012-02-22 09:47:01 98816 ----a-w- E:\Windows\System32\drivers\usbccgp.sys
2012-02-22 09:47:01 7936 ----a-w- E:\Windows\System32\drivers\usbd.sys
2012-02-22 09:47:01 52736 ----a-w- E:\Windows\System32\drivers\usbehci.sys
2012-02-22 09:47:01 343040 ----a-w- E:\Windows\System32\drivers\usbhub.sys
2012-02-22 09:47:01 325120 ----a-w- E:\Windows\System32\drivers\usbport.sys
2012-02-22 09:47:01 30720 ----a-w- E:\Windows\System32\drivers\usbuhci.sys
2012-02-22 09:47:01 25600 ----a-w- E:\Windows\System32\drivers\usbohci.sys
2012-02-22 06:34:16 4754944 ----a-w- E:\unetbtin.exe
2012-02-21 09:06:09 -------- d-----r- E:\Users\RexT\Virtual Machines
2012-02-21 08:42:28 0 ----a-w- E:\Windows\ativpsrm.bin
2012-02-15 23:24:31 404480 ----a-w- E:\Windows\System32\umpnpmgr.dll
2012-02-15 23:24:31 252928 ----a-w- E:\Windows\SysWow64\drvinst.exe
2012-02-15 23:24:31 207872 ----a-w- E:\Windows\System32\cfgmgr32.dll
2012-02-15 23:24:31 145920 ----a-w- E:\Windows\SysWow64\cfgmgr32.dll
2012-02-15 23:24:30 64512 ----a-w- E:\Windows\SysWow64\devobj.dll
2012-02-15 23:24:30 44544 ----a-w- E:\Windows\SysWow64\devrtl.dll
2012-02-15 23:24:05 43520 ----a-w- E:\Windows\System32\csrsrv.dll
2012-02-15 23:21:05 509952 ----a-w- E:\Windows\System32\ntshrui.dll
2012-02-15 23:21:05 442880 ----a-w- E:\Windows\SysWow64\ntshrui.dll
2012-02-15 23:19:56 613376 ----a-w- E:\Windows\System32\vbscript.dll
2012-02-15 23:19:55 428032 ----a-w- E:\Windows\SysWow64\vbscript.dll
2012-02-15 23:19:34 642944 ----a-w- E:\Windows\System32\winload.efi
2012-02-15 23:19:34 605552 ----a-w- E:\Windows\System32\winload.exe
2012-02-15 23:19:34 566208 ----a-w- E:\Windows\System32\winresume.efi
2012-02-15 23:19:34 518672 ----a-w- E:\Windows\System32\winresume.exe
2012-02-15 23:19:33 20352 ----a-w- E:\Windows\System32\kdusb.dll
2012-02-15 23:19:33 19328 ----a-w- E:\Windows\System32\kd1394.dll
2012-02-15 23:19:33 17792 ----a-w- E:\Windows\System32\kdcom.dll
2012-02-15 23:19:32 63488 ----a-w- E:\Windows\System32\setbcdlocale.dll
2012-02-15 23:19:02 2048 ----a-w- E:\Windows\SysWow64\tzres.dll
2012-02-15 23:19:02 2048 ----a-w- E:\Windows\System32\tzres.dll
2012-02-15 23:17:55 1731920 ----a-w- E:\Windows\System32\ntdll.dll
2012-02-15 23:17:55 1292080 ----a-w- E:\Windows\SysWow64\ntdll.dll
2012-02-15 23:17:49 976896 ----a-w- E:\Windows\System32\inetcomm.dll
2012-02-15 23:17:48 741376 ----a-w- E:\Windows\SysWow64\inetcomm.dll
2012-02-15 23:16:52 715776 ----a-w- E:\Windows\System32\kerberos.dll
2012-02-15 23:16:52 542208 ----a-w- E:\Windows\SysWow64\kerberos.dll
2012-02-15 23:15:58 886784 ----a-w- E:\Program Files\Common Files\System\wab32.dll
2012-02-15 23:15:57 708608 ----a-w- E:\Program Files (x86)\Common Files\System\wab32.dll
2012-02-15 23:15:49 1572864 ----a-w- E:\Windows\System32\quartz.dll
2012-02-15 23:15:49 1328128 ----a-w- E:\Windows\SysWow64\quartz.dll
2012-02-15 23:15:48 514560 ----a-w- E:\Windows\SysWow64\qdvd.dll
2012-02-15 23:15:48 366592 ----a-w- E:\Windows\System32\qdvd.dll
2012-02-15 23:15:04 288768 ----a-w- E:\Windows\System32\drivers\mrxsmb10.sys
2012-02-15 23:15:04 158208 ----a-w- E:\Windows\System32\drivers\mrxsmb.sys
2012-02-15 23:15:04 128000 ----a-w- E:\Windows\System32\drivers\mrxsmb20.sys
2012-02-15 23:14:34 1110528 ----a-w- E:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-02-15 23:14:33 759296 ----a-w- E:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-02-15 23:13:54 1923952 ----a-w- E:\Windows\System32\drivers\tcpip.sys
2012-02-15 23:13:53 288640 ----a-w- E:\Windows\System32\drivers\FWPKCLNT.SYS
2012-02-15 23:13:36 515584 ----a-w- E:\Windows\System32\timedate.cpl
2012-02-15 23:13:36 478720 ----a-w- E:\Windows\SysWow64\timedate.cpl
2012-02-15 23:11:50 870912 ----a-w- E:\Windows\SysWow64\XpsPrint.dll
2012-02-15 23:11:50 1465344 ----a-w- E:\Windows\System32\XpsPrint.dll
2012-02-15 23:09:35 367616 ----a-w- E:\Windows\System32\atmfd.dll
2012-02-15 23:09:34 70656 ----a-w- E:\Windows\SysWow64\fontsub.dll
2012-02-15 23:09:34 46080 ----a-w- E:\Windows\System32\atmlib.dll
2012-02-15 23:09:34 34304 ----a-w- E:\Windows\SysWow64\atmlib.dll
2012-02-15 23:09:34 294912 ----a-w- E:\Windows\SysWow64\atmfd.dll
2012-02-15 23:09:34 100864 ----a-w- E:\Windows\System32\fontsub.dll
2012-02-15 23:09:27 3145728 ----a-w- E:\Windows\System32\win32k.sys
2012-02-15 23:09:23 27520 ----a-w- E:\Windows\System32\drivers\Diskdump.sys
2012-02-15 23:08:02 321024 ----a-w- E:\Windows\System32\d3d10_1core.dll
2012-02-15 23:08:02 219136 ----a-w- E:\Windows\SysWow64\d3d10_1core.dll
2012-02-15 23:08:02 197120 ----a-w- E:\Windows\System32\d3d10_1.dll
2012-02-15 23:08:01 161792 ----a-w- E:\Windows\SysWow64\d3d10_1.dll
2012-02-15 23:06:33 498688 ----a-w- E:\Windows\System32\drivers\afd.sys
2012-02-15 23:06:19 6144 ----a-w- E:\Program Files\Internet Explorer\iecompat.dll
2012-02-15 23:06:19 6144 ----a-w- E:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-02-15 23:06:00 634880 ----a-w- E:\Windows\System32\msvcrt.dll
2012-02-15 23:05:59 690688 ----a-w- E:\Windows\SysWow64\msvcrt.dll
2012-02-15 23:03:37 1164288 ----a-w- E:\Windows\SysWow64\mfc42u.dll
2012-02-15 23:03:36 1395712 ----a-w- E:\Windows\System32\mfc42.dll
2012-02-15 23:03:36 1359872 ----a-w- E:\Windows\System32\mfc42u.dll
2012-02-15 23:03:36 1137664 ----a-w- E:\Windows\SysWow64\mfc42.dll
2012-02-15 23:03:35 31232 ----a-w- E:\Windows\SysWow64\prevhost.exe
2012-02-15 23:03:35 31232 ----a-w- E:\Windows\System32\prevhost.exe
2012-02-15 23:02:08 974336 ----a-w- E:\Windows\System32\WFS.exe
2012-02-15 23:02:08 267776 ----a-w- E:\Windows\System32\FXSCOVER.exe
2012-02-15 23:01:57 142336 ----a-w- E:\Windows\System32\poqexec.exe
2012-02-15 23:01:57 123904 ----a-w- E:\Windows\SysWow64\poqexec.exe
2012-02-15 23:01:49 2871808 ----a-w- E:\Windows\explorer.exe
2012-02-15 23:01:49 2616320 ----a-w- E:\Windows\SysWow64\explorer.exe
2012-02-15 22:14:50 163328 ----a-w- E:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-02-15 22:14:47 189952 ----a-w- E:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-02-15 22:14:40 1638912 ----a-w- E:\Windows\SysWow64\mshtml.tlb
2012-02-15 22:14:40 1638912 ----a-w- E:\Windows\System32\mshtml.tlb
2012-02-15 21:55:00 388096 ----a-r- E:\Users\RexT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-15 21:55:00 -------- d-----w- E:\Program Files (x86)\Trend Micro
2012-02-15 21:51:03 723456 ----a-w- E:\Windows\System32\EncDec.dll
2012-02-15 21:51:03 534528 ----a-w- E:\Windows\SysWow64\EncDec.dll
2012-02-15 21:50:59 861696 ----a-w- E:\Windows\System32\oleaut32.dll
2012-02-15 21:50:59 571904 ----a-w- E:\Windows\SysWow64\oleaut32.dll
2012-02-15 21:50:59 331776 ----a-w- E:\Windows\System32\oleacc.dll
2012-02-15 21:50:59 233472 ----a-w- E:\Windows\SysWow64\oleacc.dll
2012-02-15 21:49:57 5561216 ----a-w- E:\Windows\System32\ntoskrnl.exe
2012-02-15 21:49:52 3912576 ----a-w- E:\Windows\SysWow64\ntoskrnl.exe
2012-02-15 21:49:49 3967872 ----a-w- E:\Windows\SysWow64\ntkrnlpa.exe
2012-02-15 21:48:27 90624 ----a-w- E:\Windows\System32\drivers\bowser.sys
2012-02-15 21:47:09 58696 ------w- E:\Windows\System32\drivers\PROCMON20.SYS
2012-02-15 21:46:14 77312 ----a-w- E:\Windows\System32\packager.dll
2012-02-15 21:46:13 67072 ----a-w- E:\Windows\SysWow64\packager.dll
2012-02-15 21:43:11 1776904 ------w- E:\Users\RexT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\SysinternalsSuite\Procmon64.exe
2012-02-12 00:16:48 -------- d-----w- E:\Users\RexT\AppData\Local\AMD
2012-02-12 00:16:40 -------- d-----w- E:\Users\RexT\AppData\Local\ATI
2012-02-10 21:11:27 -------- d-----w- E:\Program Files (x86)\AMD APP
2012-02-10 21:11:21 54400 ----a-w- E:\Windows\System32\drivers\usbfilter.sys
2012-02-10 21:10:25 -------- d-----w- E:\ProgramData\AMD
2012-02-10 21:10:18 46136 ----a-w- E:\Windows\System32\drivers\amdiox64.sys
2012-02-10 21:09:58 -------- d-----w- E:\Program Files (x86)\ATI Technologies
2012-02-10 21:09:30 -------- d-----w- E:\Program Files\ATI Technologies
2012-02-10 21:09:27 -------- d-----w- E:\Program Files\ATI
2012-02-10 20:28:59 -------- d-----w- E:\Users\RexT\AppData\Local\Adobe
2012-02-10 04:23:04 -------- dc----w- E:\Users\RexT\AppData\Local\MigWiz
2012-02-09 22:03:14 -------- d-----w- E:\Users\RexT\AppData\Roaming\LockHunter
2012-02-09 01:27:20 -------- d-----w- E:\Windows.old
2012-02-09 01:01:48 -------- d-----w- E:\Users\RexT\AppData\Local\Google
2012-02-09 01:01:31 -------- d-----w- E:\Users\RexT\AppData\Roaming\IrfanView
2012-02-09 01:01:30 -------- d-----w- E:\Program Files (x86)\IrfanView
2012-02-09 00:54:27 -------- d-----w- E:\Users\RexT\AppData\Local\Opera
2012-02-09 00:43:11 -------- d-----w- E:\Users\RexT\AppData\Local\ESET
2012-02-09 00:20:54 -------- d-sh--w- E:\Diskeeper
2012-02-09 00:04:31 -------- d-----w- E:\Users\RexT\AppData\Local\ElevatedDiagnostics
2012-02-08 23:10:44 -------- d-----w- E:\Users\RexT\AppData\Roaming\ESET
2012-02-08 22:56:42 834544 ----a-w- E:\Windows\System32\drivers\sptd.sys
.
==================== Find3M ====================
.
2012-02-22 10:56:27 175616 ----a-w- E:\Windows\System32\msclmd.dll
2012-02-22 10:56:27 152576 ----a-w- E:\Windows\SysWow64\msclmd.dll
2012-02-10 04:01:05 20889600 ----a-w- E:\Windows\System32\imageres.dll
2012-01-29 10:10:42 279656 ------w- E:\Windows\System32\MpSigStub.exe
2011-12-16 08:47:38 1188864 ----a-w- E:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- E:\Windows\SysWow64\wininet.dll
2011-12-06 03:04:06 69632 ----a-w- E:\Windows\System32\OpenVideo64.dll
2011-12-06 03:04:00 59904 ----a-w- E:\Windows\SysWow64\OpenVideo.dll
2011-12-06 03:03:54 61952 ----a-w- E:\Windows\System32\OVDecode64.dll
2011-12-06 03:03:52 54784 ----a-w- E:\Windows\SysWow64\OVDecode.dll
2011-12-06 03:03:42 17580544 ----a-w- E:\Windows\System32\amdocl64.dll
2011-12-06 03:03:04 14499328 ----a-w- E:\Windows\SysWow64\amdocl.dll
2011-12-06 03:02:20 51200 ----a-w- E:\Windows\System32\OpenCL.dll
2011-12-06 03:02:16 44032 ----a-w- E:\Windows\SysWow64\OpenCL.dll
.
============= FINISH: 17:22:30.92 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Extreme Edition R1 - x64
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2012 5:56:58 PM
System Uptime: 2/24/2012 12:56:22 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78-E
Processor: AMD Phenom(tm) II X2 550 Processor | AM2 | 775/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 138 GiB total, 6.44 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 6.9 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 46.308 GiB free.
F: is FIXED (NTFS) - 19 GiB total, 17.856 GiB free.
G: is FIXED (NTFS) - 596 GiB total, 458.17 GiB free.
H: is FIXED (NTFS) - 932 GiB total, 371.757 GiB free.
I: is FIXED (NTFS) - 136 GiB total, 136.011 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: VIA 1394 OHCI Compliant Host Controller
Device ID: PCI\VEN_1106&DEV_3403&SUBSYS_83841043&REV_00\4&32CBD392&0&0038
Manufacturer: VIA
Name: VIA 1394 OHCI Compliant Host Controller
PNP Device ID: PCI\VEN_1106&DEV_3403&SUBSYS_83841043&REV_00\4&32CBD392&0&0038
Service: 1394ohci
.
==== System Restore Points ===================
.
RP52: 2/24/2012 4:43:52 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advertising Center
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
DolbyFiles
Google Chrome
Google Update Helper
HiJackThis
IconPackager
ImagXpress
IrfanView (remove only)
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 5.5.0
Menu Templates - Starter Kit
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Service Pack 1 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.5)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Rescue Agent
NeroBurningROM
NeroExpress
Notepad++
Opera 11.61
Ubuntu
UltraISO Premium V9.35
UNetbootin
Universal Extractor 1.6
Windows Live Communications Platform
Windows Live Messenger
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/24/2012 3:18:40 PM, Error: Virtual Disk Service [1] - Unexpected failure.

Error code: 5@02000028
2/24/2012 2:52:11 PM, Error: volsnap [35] - The shadow copies of volume E: were

aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================
rext
Active Member
 
Posts: 2
Joined: February 24th, 2012, 6:30 pm
Advertisement
Register to Remove

Re: strange computers in network and cant repair hijack 015

Unread postby pgmigg » February 24th, 2012, 7:00 pm

Hello rext,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: strange computers in network and cant repair hijack 015

Unread postby rext » February 24th, 2012, 10:01 pm

ok. thanks pgmigg. much appreciated.
rext
Active Member
 
Posts: 2
Joined: February 24th, 2012, 6:30 pm

Re: strange computers in network and cant repair hijack 015

Unread postby pgmigg » February 26th, 2012, 4:01 pm

Hello rext,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it:
>>>> Microsoft Windows 7 Extreme Edition R1 - x64
Eset Smart Security - Business Edition 4 – x64 <<<<<

Our forum policy Here says we will not help people who use cracked or pirated software. You likely got infected by using cracked software or visiting crack sites.

I have no choice but to closed this thread.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: strange computers in network and cant repair hijack 015

Unread postby deltalima » February 26th, 2012, 4:05 pm

Unlicensed software

There are clear signs in the logs that you have software installed for which you do not have a valid license.

Our forum policy Here says we will not help people who use cracked or pirated software.

This topic will now be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware