+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: [HJT] Help (/showthread.php?tid=11426)
Pages:
1
2
[HJT] Help - Smed - 08-20-2010
so basically my comps been doing wierd stuff lately, so can u check this for me:
HiJackThis:
Spoiler (Click to View)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:28:30, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gogole.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
F2 - REG
ystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe,
O1 - Hosts: The IP address should
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HKLM] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [HKCU] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9844 bytes
Scan saved at 02:28:30, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gogole.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
F2 - REG
ystem.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,userinit.exe,O1 - Hosts: The IP address should
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HKLM] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [HKCU] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Java\jre6\bin\/\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9844 bytes
Spoiler (Click to View)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4312
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/08/2010 02:47:39
mbam-log-2010-08-21 (02-47-39).txt
Scan type: Quick scan
Objects scanned: 158219
Time elapsed: 18 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vr7184ih-s54v-2g7n-6o1c-2wqq0ej2v42s} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Nath\Local Settings\Temp\32702.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nath\Local Settings\Temp\87574.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 4312
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/08/2010 02:47:39
mbam-log-2010-08-21 (02-47-39).txt
Scan type: Quick scan
Objects scanned: 158219
Time elapsed: 18 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vr7184ih-s54v-2g7n-6o1c-2wqq0ej2v42s} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Nath\Local Settings\Temp\32702.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nath\Local Settings\Temp\87574.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
Spoiler (Click to View)
QuickScan Beta 32-bit v0.9.9.30
-------------------------------
Scan date: Sat Aug 21 02:27:30 2010
Machine ID: 7CBF5886
No infection found.
-------------------
Processes
---------
<verified> Apple Mobile Device Service 644 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verified> avast! Antivirus 1960 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 3640 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Bonjour 684 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DAEMON Tools Pro 164 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
<verified> Firefox 4300 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Firefox 9004 C:\Program Files\Mozilla Firefox\plugin-container.exe
<verified> Java™ Platform SE 6 U21 1064 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Lexmark Communication System 4424 C:\WINDOWS\system32\lxcecoms.exe
<verified> Malwarebytes' Anti-Malware 1128 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
<verified> Microsoft® Windows® Operating System 2620 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2008 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 6180 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 580 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1472 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1688 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 6840 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 2 1172 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 1204 C:\WINDOWS\system32\PnkBstrA.exe
<verified> PnkBstrB.exe 1268 C:\WINDOWS\system32\PnkBstrB.exe
<verified> Sandboxie 1452 C:\Program Files\Sandboxie\SbieSvc.exe
<verified> Steam 4708 C:\Program Files\Steam\Steam.exe
<verified> TuneUp Utilities 2780 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
<verified> TuneUp Utilities 1436 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
<verified> Windows Live Messenger 3476 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Yahoo! AutoUpdater 1588 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Network activity
----------------
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process Steam.exe (4708) connected on port 27017 --> 208.111.133.85
Process svchost.exe (6840) connected on port 443 (HTTP over SSL) --> 77.67.10.135
Process svchost.exe (1360) listens on ports: 135 (RPC)
Process svchost.exe (6840) listens on ports: 3823
Autoruns and critical files
---------------------------
<unsigned> DAEMON Tools C:\Program Files\D-Tools\daemon.exe
<unsigned> Napoleon - Total War L:\setup.exe
<verified> Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> Microsoft® Visual Studio® 2005 C:\Program Files\Java\jre6\bin\/\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> TuneUp Utilities C:\Program Files\TuneUp Utilities 2010\OneClickStarter.exe
<verified> UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser plugins
---------------
<unsigned> FreeCause Toolbar c:\program files\nectar search toolbar\toolbar.dll
<unsigned> Java™ Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<verified> Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Toolbar c:\program files\ask.com\genericasktoolbar.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
Missing files
-------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"
File not found: system32\DRIVERS\scrcap.sys
--> HKLM\System\ControlSet001\services\scrcap\"ImagePath"
Scan
----
<unsigned> MD5: d5a60760edda204fd47a5077e7b89318 C:\Program Files\Alwil Software\Avast5\defs\10082001\algo.dll
<unsigned> MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
<unsigned> MD5: 804fbb66ec6ca862b840d173efc638a7 C:\Program Files\D-Tools\daemon.exe
<unsigned> MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 10bed437023f93dd1ad8efa80e71280f C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: dce543b6b3ff516bd65c1030e4b933ff C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 222afed911cbf5f9a454adee53d31b30 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c4e8431b8392e1f82b72d52e5aac483a c:\program files\nectar search toolbar\toolbar.dll
<unsigned> MD5: c720f2a93d592398c646bd34d913af1a C:\Program Files\Steam\bin\icudt42.dll
<unsigned> MD5: 30a23a61e651c7487407cf74176c6ab1 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 2e780c639ce12acc6bc929b1413858d3 C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_eng.NLR
<unsigned> MD5: f78fa9a828d685c3e7e0955fec426970 C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> MD5: c4bb8a12843d9cbb65f5ff617f389bbd C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 72c64cf99c10b590fd2198890258cae3 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
<unsigned> MD5: ad87166d0a77e5dc24e869da703fa2c5 L:\setup.exe
<unsigned> MD5: 5776322f93cdb91086111f5ffbfda2a0 system32\DRIVERS\d347bus.sys
<unsigned> MD5: b49f79ace459763f4e0380071be9cb45 System32\Drivers\d347prt.sys
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.01 MB sent, 0.27 KB recvd
Scanned 752 files and modules - 92 seconds
==============================================================================
-------------------------------
Scan date: Sat Aug 21 02:27:30 2010
Machine ID: 7CBF5886
No infection found.
-------------------
Processes
---------
<verified> Apple Mobile Device Service 644 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verified> avast! Antivirus 1960 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 3640 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Bonjour 684 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> DAEMON Tools Pro 164 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
<verified> Firefox 4300 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Firefox 9004 C:\Program Files\Mozilla Firefox\plugin-container.exe
<verified> Java™ Platform SE 6 U21 1064 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Lexmark Communication System 4424 C:\WINDOWS\system32\lxcecoms.exe
<verified> Malwarebytes' Anti-Malware 1128 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
<verified> Microsoft® Windows® Operating System 2620 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2008 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 6180 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 580 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1472 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1688 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 6840 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 2 1172 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 1204 C:\WINDOWS\system32\PnkBstrA.exe
<verified> PnkBstrB.exe 1268 C:\WINDOWS\system32\PnkBstrB.exe
<verified> Sandboxie 1452 C:\Program Files\Sandboxie\SbieSvc.exe
<verified> Steam 4708 C:\Program Files\Steam\Steam.exe
<verified> TuneUp Utilities 2780 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
<verified> TuneUp Utilities 1436 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
<verified> Windows Live Messenger 3476 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Yahoo! AutoUpdater 1588 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Network activity
----------------
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process firefox.exe (4300) connected on port 2082 (cPanel) --> bakawaii.tv
Process Steam.exe (4708) connected on port 27017 --> 208.111.133.85
Process svchost.exe (6840) connected on port 443 (HTTP over SSL) --> 77.67.10.135
Process svchost.exe (1360) listens on ports: 135 (RPC)
Process svchost.exe (6840) listens on ports: 3823
Autoruns and critical files
---------------------------
<unsigned> DAEMON Tools C:\Program Files\D-Tools\daemon.exe
<unsigned> Napoleon - Total War L:\setup.exe
<verified> Adobe Updater Startup Utility C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> Microsoft® Visual Studio® 2005 C:\Program Files\Java\jre6\bin\/\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> TuneUp Utilities C:\Program Files\TuneUp Utilities 2010\OneClickStarter.exe
<verified> UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser plugins
---------------
<unsigned> FreeCause Toolbar c:\program files\nectar search toolbar\toolbar.dll
<unsigned> Java™ Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Nath\Application Data\Mozilla\Firefox\Profiles\o9m57xzi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U21 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<verified> Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Toolbar c:\program files\ask.com\genericasktoolbar.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
Missing files
-------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"
File not found: system32\DRIVERS\scrcap.sys
--> HKLM\System\ControlSet001\services\scrcap\"ImagePath"
Scan
----
<unsigned> MD5: d5a60760edda204fd47a5077e7b89318 C:\Program Files\Alwil Software\Avast5\defs\10082001\algo.dll
<unsigned> MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
<unsigned> MD5: 804fbb66ec6ca862b840d173efc638a7 C:\Program Files\D-Tools\daemon.exe
<unsigned> MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 10bed437023f93dd1ad8efa80e71280f C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: dce543b6b3ff516bd65c1030e4b933ff C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: aad54c516499d4a234422f03c1191320 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 222afed911cbf5f9a454adee53d31b30 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: c4e8431b8392e1f82b72d52e5aac483a c:\program files\nectar search toolbar\toolbar.dll
<unsigned> MD5: c720f2a93d592398c646bd34d913af1a C:\Program Files\Steam\bin\icudt42.dll
<unsigned> MD5: 30a23a61e651c7487407cf74176c6ab1 C:\Program Files\WinRAR\RarExt.dll
<unsigned> MD5: 2e780c639ce12acc6bc929b1413858d3 C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_eng.NLR
<unsigned> MD5: f78fa9a828d685c3e7e0955fec426970 C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> MD5: c4bb8a12843d9cbb65f5ff617f389bbd C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 72c64cf99c10b590fd2198890258cae3 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
<unsigned> MD5: ad87166d0a77e5dc24e869da703fa2c5 L:\setup.exe
<unsigned> MD5: 5776322f93cdb91086111f5ffbfda2a0 system32\DRIVERS\d347bus.sys
<unsigned> MD5: b49f79ace459763f4e0380071be9cb45 System32\Drivers\d347prt.sys
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.01 MB sent, 0.27 KB recvd
Scanned 752 files and modules - 92 seconds
==============================================================================
RE: [HJT] Help - Eve - 08-20-2010
Post this on HF as well.
RE: [HJT] Help - Reality - 08-23-2010
Open MBAM
Update it, and then run a full scan as opposed to a quick scan. Post the log and reboot, then post another HJT Log
If you've posted on HF, ignore this.
RE: [HJT] Help - Kanee - 08-24-2010
Hello Smed Since, no official HJT helper has posted on this, I will help you today. Please be patient while I look over your logs.
Please run a full scan of Malwarebtyes' Anti-Malware. Post your log in your next reply.
Next, please run ESET Online scanner, you can find that Here
In your next reply, please post the following:
A fresh HJT log
MBAM Log
ESET Log.
RE: [HJT] Help - Daniel Faraday - 08-24-2010
(08-23-2010, 09:55 PM)ReaLiTy Wrote: Open MBAM
Update it, and then run a full scan as opposed to a quick scan. Post the log and reboot, then post another HJT Log
If you've posted on HF, ignore this.
Quote:WARNING: As a trainee, you are NOT allowed to post help for HJT logs or any other analysis tools until you are an undergraduate, onsite or offsite. There are special rules after you become an undergraduate. If you are found to be posting help to victims' logs elsewhere, you will be expelled immediately with no notice.
If trainees aren't allowed to help I don't think people applying to get in are either.
RE: [HJT] Help - Cybr - 08-24-2010
(08-24-2010, 04:35 PM)Road Kamelot Wrote:Quote:WARNING: As a trainee, you are NOT allowed to post help for HJT logs or any other analysis tools until you are an undergraduate, onsite or offsite. There are special rules after you become an undergraduate. If you are found to be posting help to victims' logs elsewhere, you will be expelled immediately with no notice.
If trainees aren't allowed to help I don't think people applying to get in are either.
Well, he hasn't got accepted, so he can't really get expelled...
RE: [HJT] Help - Daniel Faraday - 08-24-2010
Blacklisted would be worst then getting expelled IMO.
RE: [HJT] Help - Reality - 08-25-2010
I'm more experienced then anyone who has posted in this log so far, so I replied
RE: [HJT] Help - Daniel Faraday - 08-25-2010
(08-25-2010, 02:08 PM)ReaLiTy Wrote: I'm more experienced then anyone who has posted in this log so far, so I replied
If you don't get a reply in three days your supposed to PM a HJT Member though.
It would be Yin, but he's on vacation.
RE: [HJT] Help - Kanee - 08-25-2010
I was doing it because no official HJT member is helping him, i'm just trying to help him.