08-20-2010, 06:33 PM
so basically my comps been doing wierd stuff lately, so can u check this for me:
HiJackThis:
MalwareBytes:
BitDefender Online Scan:
HiJackThis:
Spoiler (Click to View)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:28:30, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gogole.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
F2 - REG
ystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe,
O1 - Hosts: The IP address should
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HKLM] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [HKCU] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...rtScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9844 bytes
Scan saved at 02:28:30, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gogole.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
F2 - REG
ystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe,O1 - Hosts: The IP address should
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HKLM] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [HKCU] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...rtScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9844 bytes
Spoiler (Click to View)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4312
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/08/2010 02:47:39
mbam-log-2010-08-21 (02-47-39).txt
Scan type: Quick scan
Objects scanned: 158219
Time elapsed: 18 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vr7184ih-s54v-2g7n-6o1c-2wqq0ej2v42s} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Nath\Local Settings\Temp\32702.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nath\Local Settings\Temp\87574.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 4312
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/08/2010 02:47:39
mbam-log-2010-08-21 (02-47-39).txt
Scan type: Quick scan
Objects scanned: 158219
Time elapsed: 18 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vr7184ih-s54v-2g7n-6o1c-2wqq0ej2v42s} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Nath\Local Settings\Temp\32702.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nath\Local Settings\Temp\87574.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
Spoiler (Click to View)
QuickScan Beta 32-bit v0.9.9.30
-------------------------------
Scan date: Sat Aug 21 02:27:30 2010
Machine ID: 7CBF5886
No infection found.
-------------------
Processes
---------
<verified> Apple Mobile Device Service 644 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verified> avast! Antivirus 1960 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 3640 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Bonjour 684 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DAEMON Tools Pro 164 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
<verified> Firefox 4300 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Firefox 9004 C:\Program Files\Mozilla Firefox\plugin-container.exe
<verified> Java™ Platform SE 6 U21 1064 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Lexmark Communication System 4424 C:\WINDOWS\system32\lxcecoms.exe
<verified> Malwarebytes' Anti-Malware 1128 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
<verified> Microsoft® Windows® Operating System 2620 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2008 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 6180 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 580 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1472 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1688 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 6840 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 2 1172 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 1204 C:\WINDOWS\system32\PnkBstrA.exe
<verified> PnkBstrB.exe 1268 C:\WINDOWS\system32\PnkBstrB.exe
<verified> Sandboxie 1452 C:\Program Files\Sandboxie\SbieSvc.exe
<verified> Steam 4708 C:\Program Files\Steam\Steam.exe
<verified> TuneUp Utilities 2780 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
<verified> TuneUp Utilities 1436 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
<verified> Windows Live Messenger 3476 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Yahoo! AutoUpdater 1588 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Network activity
----------------
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process Steam.exe (4708) connected on port 27017 --> 208.111.133.85
Process svchost.exe (6840) connected on port 443 (HTTP over SSL) --> 77.67.10.135
Process svchost.exe (1360) listens on ports: 135 (RPC)
Process svchost.exe (6840) listens on ports: 3823
Autoruns and critical files
---------------------------
<unsigned> DAEMON Tools C:\Program Files\D-Tools\daemon.exe
<unsigned> Napoleon - Total War L:\setup.exe
<verified> Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> Microsoft® Visual Studio® 2005 C:\Program Files\Java\jre6\bin\/\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> TuneUp Utilities C:\Program Files\TuneUp Utilities 2010\OneClickStarter.exe
<verified> UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser plugins
---------------
<unsigned> FreeCause Toolbar c:\program files\nectar search toolbar\toolbar.dll
<unsigned> Java™ Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<verified> Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Toolbar c:\program files\ask.com\genericasktoolbar.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
Missing files
-------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"
File not found: system32\DRIVERS\scrcap.sys
--> HKLM\System\ControlSet001\services\scrcap\"ImagePath"
Scan
----
<unsigned> MD5: d5a60760edda204fd47a5077e7b89318 C:\Program Files\Alwil Software\Avast5\defs\10082001\algo.dll
<unsigned> MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
<unsigned> MD5: 804fbb66ec6ca862b840d173efc638a7 C:\Program Files\D-Tools\daemon.exe
<unsigned> MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 10bed437023f93dd1ad8efa80e71280f C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: dce543b6b3ff516bd65c1030e4b933ff C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 222afed911cbf5f9a454adee53d31b30 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c4e8431b8392e1f82b72d52e5aac483a c:\program files\nectar search toolbar\toolbar.dll
<unsigned> MD5: c720f2a93d592398c646bd34d913af1a C:\Program Files\Steam\bin\icudt42.dll
<unsigned> MD5: 30a23a61e651c7487407cf74176c6ab1 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 2e780c639ce12acc6bc929b1413858d3 C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_eng.NLR
<unsigned> MD5: f78fa9a828d685c3e7e0955fec426970 C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> MD5: c4bb8a12843d9cbb65f5ff617f389bbd C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 72c64cf99c10b590fd2198890258cae3 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
<unsigned> MD5: ad87166d0a77e5dc24e869da703fa2c5 L:\setup.exe
<unsigned> MD5: 5776322f93cdb91086111f5ffbfda2a0 system32\DRIVERS\d347bus.sys
<unsigned> MD5: b49f79ace459763f4e0380071be9cb45 System32\Drivers\d347prt.sys
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.01 MB sent, 0.27 KB recvd
Scanned 752 files and modules - 92 seconds
==============================================================================
-------------------------------
Scan date: Sat Aug 21 02:27:30 2010
Machine ID: 7CBF5886
No infection found.
-------------------
Processes
---------
<verified> Apple Mobile Device Service 644 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verified> avast! Antivirus 1960 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 3640 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Bonjour 684 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DAEMON Tools Pro 164 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
<verified> Firefox 4300 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Firefox 9004 C:\Program Files\Mozilla Firefox\plugin-container.exe
<verified> Java™ Platform SE 6 U21 1064 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Lexmark Communication System 4424 C:\WINDOWS\system32\lxcecoms.exe
<verified> Malwarebytes' Anti-Malware 1128 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
<verified> Microsoft® Windows® Operating System 2620 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2008 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 6180 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 580 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1472 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1688 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 6840 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 2 1172 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 1204 C:\WINDOWS\system32\PnkBstrA.exe
<verified> PnkBstrB.exe 1268 C:\WINDOWS\system32\PnkBstrB.exe
<verified> Sandboxie 1452 C:\Program Files\Sandboxie\SbieSvc.exe
<verified> Steam 4708 C:\Program Files\Steam\Steam.exe
<verified> TuneUp Utilities 2780 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
<verified> TuneUp Utilities 1436 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
<verified> Windows Live Messenger 3476 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Yahoo! AutoUpdater 1588 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Network activity
----------------
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process Steam.exe (4708) connected on port 27017 --> 208.111.133.85
Process svchost.exe (6840) connected on port 443 (HTTP over SSL) --> 77.67.10.135
Process svchost.exe (1360) listens on ports: 135 (RPC)
Process svchost.exe (6840) listens on ports: 3823
Autoruns and critical files
---------------------------
<unsigned> DAEMON Tools C:\Program Files\D-Tools\daemon.exe
<unsigned> Napoleon - Total War L:\setup.exe
<verified> Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> Microsoft® Visual Studio® 2005 C:\Program Files\Java\jre6\bin\/\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> TuneUp Utilities C:\Program Files\TuneUp Utilities 2010\OneClickStarter.exe
<verified> UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser plugins
---------------
<unsigned> FreeCause Toolbar c:\program files\nectar search toolbar\toolbar.dll
<unsigned> Java™ Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<verified> Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Toolbar c:\program files\ask.com\genericasktoolbar.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
Missing files
-------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"
File not found: system32\DRIVERS\scrcap.sys
--> HKLM\System\ControlSet001\services\scrcap\"ImagePath"
Scan
----
<unsigned> MD5: d5a60760edda204fd47a5077e7b89318 C:\Program Files\Alwil Software\Avast5\defs\10082001\algo.dll
<unsigned> MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
<unsigned> MD5: 804fbb66ec6ca862b840d173efc638a7 C:\Program Files\D-Tools\daemon.exe
<unsigned> MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 10bed437023f93dd1ad8efa80e71280f C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: dce543b6b3ff516bd65c1030e4b933ff C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 222afed911cbf5f9a454adee53d31b30 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c4e8431b8392e1f82b72d52e5aac483a c:\program files\nectar search toolbar\toolbar.dll
<unsigned> MD5: c720f2a93d592398c646bd34d913af1a C:\Program Files\Steam\bin\icudt42.dll
<unsigned> MD5: 30a23a61e651c7487407cf74176c6ab1 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 2e780c639ce12acc6bc929b1413858d3 C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_eng.NLR
<unsigned> MD5: f78fa9a828d685c3e7e0955fec426970 C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> MD5: c4bb8a12843d9cbb65f5ff617f389bbd C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 72c64cf99c10b590fd2198890258cae3 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
<unsigned> MD5: ad87166d0a77e5dc24e869da703fa2c5 L:\setup.exe
<unsigned> MD5: 5776322f93cdb91086111f5ffbfda2a0 system32\DRIVERS\d347bus.sys
<unsigned> MD5: b49f79ace459763f4e0380071be9cb45 System32\Drivers\d347prt.sys
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.01 MB sent, 0.27 KB recvd
Scanned 752 files and modules - 92 seconds
==============================================================================
