Solved Redirecting virus, and possibly more viruses

Status
Not open for further replies.
Still scanning, just a word here: I could have sworn I've deleted Ask Toolbar before.... I can dare say 'several' times, but it comes back... Maybe it's my memories problem and this is the first time deleting it, but I can swear I've deleted it a few times before... Has there been such problems? If not, I'm probably just paranoid...
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4729

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/10/2010 10:04:40 PM
mbam-log-2010-10-03 (22-04-40).txt

Scan type: Quick scan
Objects scanned: 179717
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
AskToolbar is a sneaky one, because it installs very often during installations of some other programs - "drive-by-install".

Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 116):
0x804D7000 \windows\system32\ntoskrnl.exe
0x806EE000 \windows\system32\hal.dll
0xF7E4F000 \windows\system32\KDCOM.DLL
0xF7D5F000 \windows\system32\BOOTVID.dll
0xF7900000 ACPI.sys
0xF7E51000 \windows\System32\DRIVERS\WMILIB.SYS
0xF78EF000 pci.sys
0xF794F000 isapnp.sys
0xF7E53000 viaide.sys
0xF7BCF000 \windows\System32\DRIVERS\PCIIDEX.SYS
0xF795F000 MountMgr.sys
0xF78D0000 ftdisk.sys
0xF7E55000 dmload.sys
0xF78AA000 dmio.sys
0xF7BD7000 PartMgr.sys
0xF796F000 VolSnap.sys
0xF7892000 ATAPI.SYS
0xF797F000 disk.sys
0xF798F000 \windows\System32\DRIVERS\CLASSPNP.SYS
0xF7872000 fltmgr.sys
0xF7860000 sr.sys
0xF7849000 KSecDD.sys
0xF7836000 WudfPf.sys
0xF77A9000 Ntfs.sys
0xF777C000 NDIS.sys
0xF799F000 viaagp.sys
0xF7762000 Mup.sys
0xF6F3B000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF6EF2000 \SystemRoot\system32\DRIVERS\s3gnbm.sys
0xF6EDE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C87000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6EBA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7C8F000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF79EF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7C97000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7C9F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF79FF000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7E27000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6E61000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7A0F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7A1F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6E3E000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7CA7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6DE3000 \SystemRoot\system32\drivers\viaudios.sys
0xF6DBF000 \SystemRoot\system32\drivers\portcls.sys
0xF7A2F000 \SystemRoot\system32\drivers\drmk.sys
0xF7A4F000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7FFF000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7ADF000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7E3F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6DA8000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7B0F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7B2F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7CAF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6D97000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7B4F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7CB7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7CBF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6D67000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7B8F000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7CC7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7EC1000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7736000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7B9F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7BBF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7EC5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7ED1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8016000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ED3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7CE7000 \SystemRoot\System32\drivers\vga.sys
0xF7ED5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ED7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7CEF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7CF7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7DF7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4C94000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4C3B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4C13000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4BF1000 \SystemRoot\System32\drivers\afd.sys
0xF6F5B000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7CFF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF4BC6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4B56000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF6F2B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4B30000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF6F1B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4B0E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7EDB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF4ACF000 \SystemRoot\system32\DRIVERS\P0630Vid.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF49BC000 \SystemRoot\system32\DRIVERS\P0630EVX.SYS
0xF7A3F000 \SystemRoot\system32\drivers\libusb0.sys
0xF7A6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6D5B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7D0F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6D57000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF4904000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7EE7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6D43000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7D17000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7FDA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\s3gnb.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF01D7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF02BC000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xF01B3000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEFF2A000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7E97000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFDBB000 \SystemRoot\System32\DRIVERS\srv.sys
0xEF996000 \SystemRoot\system32\drivers\wdmaud.sys
0xEFC1B000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF33A000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
532 C:\WINDOWS\system32\smss.exe
604 csrss.exe
628 C:\WINDOWS\system32\winlogon.exe
672 C:\WINDOWS\system32\services.exe
684 C:\WINDOWS\system32\lsass.exe
852 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1356 svchost.exe
1456 C:\WINDOWS\system32\spoolsv.exe
1500 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1564 svchost.exe
1652 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1668 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1680 C:\Program Files\Bonjour\mDNSResponder.exe
1820 C:\Program Files\Java\jre6\bin\jqs.exe
1860 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1888 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1972 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
244 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
392 C:\WINDOWS\system32\svchost.exe
1372 alg.exe
1580 C:\WINDOWS\explorer.exe
2360 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2588 C:\Program Files\Creative\Shared Files\CamTray.exe
2604 C:\Program Files\Brownie\BrStsWnd.exe
2612 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2648 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2660 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2696 C:\Program Files\iTunes\iTunesHelper.exe
2704 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2756 C:\Program Files\Brownie\brpjp04a.exe
2808 C:\Program Files\Skype\Phone\Skype.exe
3036 C:\Program Files\iPod\bin\iPodService.exe
3048 C:\WINDOWS\system32\ctfmon.exe
3380 C:\Program Files\Skype\Plugin Manager\skypePM.exe
1244 C:\Program Files\Mozilla Firefox\firefox.exe
2140 C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
4000 C:\Documents and Settings\Ant\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000011`7737be00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!
 
Looks perfectly clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.85.3
Adobe Reader 9.1.2
Chinese Traditional Fonts Support For Adobe Reader 9
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

GOOD! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Alright, I'll do ESET now, and question: Why does FireFox, the newer ones, tend to be more slow... and laggy on certain sites like Twitter? curious
 
Why does FireFox, the newer ones, tend to be more slow... and laggy on certain sites like Twitter?
Could be some of your add-ons.

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?
 
Could be some of your add-ons.

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?

Unfortunately, the same. Oh well. ESET's going slow, so I may cancel and do it tomorrow if it gets too late, I hope you understand!
 
That's fine. Just try to stay safe and don't download any crap until we're done :)
 
WILL DO! I'll stop it now, it was STILL at 9% :S... I'll go now, good night Broni! and thank you so much for going out of your way to help me. Appreciate it! Have a good night, and good night's sleep!
 
You're very welcome
smiley_says_hello.gif
 
Yea.. I got back from school, and I've been doing ESET for about an hour and seven minutes, and it's still stuck at 9%... I will continue to let it scan, I am just giving an update, incase you think there might be a problem with ESET.
 
If it's really stuck with no files flying around....

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
It started again... it's at.. 10% -.-" ... Files are flying.. but..... 10%... such a downer... haha.
 
QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Mon Oct 04 18:17:18 2010
Machine ID: D88A815F



No infection found.
-------------------



Processes
---------
AntiVir Desktop 3084 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 1652 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 120 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
AntiVir Desktop 1500 C:\Program Files\Avira\AntiVir Desktop\sched.exe
Apple Mobile Device Service 1664 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Bonjour 1680 C:\Program Files\Bonjour\mDNSResponder.exe
brother brstswnd 3056 C:\Program Files\Brownie\BrStsWnd.exe
brother pjl parser 3200 C:\Program Files\Brownie\brpjp04a.exe
Creative Cam Detector 3040 C:\Program Files\Creative\Shared Files\CamTray.exe
distnoted 2740 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
Firefox 272 C:\Program Files\Mozilla Firefox\firefox.exe
HongKong Toolbar Manager Module 1220 C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
iTunes 3456 C:\Program Files\iPod\bin\iPodService.exe
iTunes 1892 C:\Program Files\iTunes\iTunes.exe
iTunes 3220 C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE 6 U21 1772 C:\Program Files\Java\jre6\bin\jqs.exe
Java(TM) Platform SE Auto Updater 2 0 3120 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Distributed Transaction Coord 1976 C:\WINDOWS\system32\msdtc.exe
Microsoft Search Enhancement Pack 160 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Visual Studio .NET 1836 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Microsoft® Windows® Operating System 2196 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 1340 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 3272 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\dllhost.exe
Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1452 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1596 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1048 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 292 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 952 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1084 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 628 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 3664 C:\WINDOWS\system32\wscntfy.exe
Microsoft® Windows® Operating System 3928 C:\WINDOWS\system32\wuauclt.exe
MobileDeviceHelper 2268 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PowerDVD 2952 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
RealPlayer (32-bit) 3064 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RichVideo Module 2012 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Skype 3264 C:\Program Files\Skype\Phone\Skype.exe
Skype Extras Manager 3956 C:\Program Files\Skype\Plugin Manager\skypePM.exe
Windows Live Communications Platform 2272 C:\Program Files\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 3248 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process firefox.exe (272) connected on port 80 (HTTP) --> 209.85.225.101
Process firefox.exe (272) connected on port 80 (HTTP) --> 173.194.34.104
Process msnmsgr.exe (3248) connected on port 1863 (MSN) --> 64.4.61.42
Process msnmsgr.exe (3248) connected on port 80 (HTTP) --> 65.55.15.242
Process msnmsgr.exe (3248) connected on port 1863 (MSN) --> 207.46.125.53
Process Skype.exe (3264) connected on port 15807 --> 173.25.76.33

Process svchost.exe (952) listens on ports: 135 (RPC)
Process iTunes.exe (1892) listens on ports: 3689 (iTunes)
Process Skype.exe (3264) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 3499


Autoruns and critical files
---------------------------
Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
brother brstswnd C:\Program Files\Brownie\BrStsWnd.exe
Creative Cam Detector C:\Program Files\Creative\Shared Files\CamTray.exe
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\windows\system32\logonui.exe
Microsoft® Windows® Operating System C:\windows\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
Skype C:\Program Files\Skype\Phone\Skype.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
BitDefender QuickScan C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
dsaudio.dll C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
dsaudioEx.dll C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
Facebook Photo Uploader 5 C:\windows\Downloaded Program Files\PhotoUploader55.ocx
Google Update C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
Hong Kong Toolbar IE ToolBar Module c:\program files\881903\ietoolbar\hktbar.dll
Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U21 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\windows\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\windows\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MSN® Games by Zone.com C:\windows\Downloaded Program Files\MessengerStatsPAClient.dll
MSN® Games by Zone.com C:\windows\Downloaded Program Files\MineSweeper.dll
MSN® Games by Zone.com C:\windows\Downloaded Program Files\msgrchkr.dll
MySpace Uploader C:\windows\Downloaded Program Files\MySpaceUploader2.ocx
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\windows\system32\Macromed\Flash\NPSWF32.dll
nsDES.dll C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
nsDESEx.dll C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
RealPlayer(tm) HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--> HKLM\System\ControlSet001\services\avg8wd\"ImagePath"

File not found: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
--> HKLM\System\ControlSet001\services\ASKUpgrade\"ImagePath"

File not found: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--> HKLM\System\ControlSet001\services\Apple Mobile Device\"ImagePath"

File not found: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--> HKLM\System\ControlSet001\services\gusvc\"ImagePath"

File not found: C:\windows\System32\Drivers\avgldx86.sys
--> HKLM\System\ControlSet001\services\AvgLdx86\"ImagePath"

File not found: C:\windows\System32\Drivers\avgmfx86.sys
--> HKLM\System\ControlSet001\services\AvgMfx86\"ImagePath"

File not found: C:\windows\System32\Drivers\avgtdix.sys
--> HKLM\System\ControlSet001\services\AvgTdiX\"ImagePath"

File not found: C:\windows\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"


Scan
----


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 1.16 KB recvd
Scanned 1050 files and modules - 102 seconds

==============================================================================
 
Status
Not open for further replies.
Back