 IE7 DNS Error / Firefox Connection Interrupted / Connection Interrupted, Can't get this fixed |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Mar 20 2009, 01:23 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 20-March 09 Member No.: 310,527  |
I'm getting DNS error in IE7 on Windows Vista Business. Also Firefox Gives a Connection Interupted Message. I already tried Google to resolve this error, but she aint allot of help. Herewith a list of attempts I made to fix this error: Renamed Hosts file to hosts.old Ran netsh int ip reset c:\resetlog.txt (No Errors) Ran netsh winsock reset (No Errors) Deleted Temp, history, cookies etc in IE7 Reseted IE7 under advanced IE Options Ran Full System Scan with Windows Defender Ran Full System Scan with Trend Micro Internet Security Pro (Program Version:17.0.1305; Engine Version 8.911.1001; Pattern Version 5.906.01) I am able to connect to https and Web Connections <http://10.2.0.25:8085/> Herewith the DDS log: DDS (Ver_09-03-16.01) - NTFSx86 Run by rok at 7:44:25.45 on 2009/03/20 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vistaâ„¢ Business 6.0.6001.1.1252.27.1033.18.2812.1459 [GMT 2:00] AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\System32\svchost.exe -k Cognizance c:\Program Files\Fingerprint Sensor\AtService.exe C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\windows\system32\svchost.exe -k rpcss C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\Ati2evxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\SLsvc.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\Hpservice.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Trend Micro\BM\TMBMSRV.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\windows\system32\AEADISRV.EXE C:\Windows\system32\agrsmsvc.exe C:\windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe c:\Windows\system32\ifxspmgt.exe c:\Windows\system32\ifxtcs.exe C:\windows\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\windows\system32\MNSFramework.exe C:\windows\system32\taskeng.exe C:\windows\system32\mqsvc.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\windows\System32\svchost.exe -k HPZ12 c:\Windows\system32\IfxPsdSv.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\windows\System32\TUProgSt.exe C:\windows\system32\svchost.exe -k iissvcs C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\SearchIndexer.exe C:\windows\system32\mqtgsvc.exe C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\windows\system32\wbem\wmiprvse.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\mstsc.exe C:\Program Files\IDM Computer Solutions\UEStudio\UEStudio.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE \\sgtestterm\c$\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb uInternet Settings,ProxyServer = 10.2.0.92:3128 uInternet Settings,ProxyOverride = *.local BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe uRun: [KillCopy] "c:\windows\system32\killcopy.exe" /kcresume /startup uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: {D90CA5F7-9D51-4ED8-A2A2-D3B999D68939} = 10.2.0.8,168.210.2.2 Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll AppInit_DLLs: APSHook.dll acaptuser32.dll LSA: Notification Packages = scecli ASWLNPkg ================= FIREFOX =================== FF - ProfilePath - c:\users\rok\appdata\roaming\mozilla\firefox\profiles\t3yob7za.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sourceid=navclient&gfns=1&q= FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 ============= SERVICES / DRIVERS =============== R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2008-3-21 39712] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-16 1176824] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-6-16 77824] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208] R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2007-2-10 17264] R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-3-11 181584] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-3-12 2368] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-8 49680] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-11 36368] R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-11 677128] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-11 603904] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-3-19 223232] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-16 193840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560] S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\solarwinds\engineer's toolset\SolarWinds TFTP Server.exe [2007-12-5 61440] S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264] =============== Created Last 30 ================ 2009-03-19 20:22 <DIR> --d----- C:\lpt906 2009-03-19 18:56 15,215,536 a------- C:\lpt906.zip 2009-03-19 18:26 223,232 a------- c:\windows\system32\drivers\b57nd60x.sys 2009-03-19 14:00 <DIR> --d----- c:\programdata\VanDyke 2009-03-19 14:00 <DIR> --d----- c:\progra~2\VanDyke 2009-03-18 07:50 <DIR> --d----- c:\users\rok\appdata\roaming\DWMRCMSI 2009-03-17 14:14 61,440 a------- c:\windows\system32\DWRCSh32.DLL 2009-03-17 14:14 <DIR> --d----- c:\users\rok\appdata\roaming\DameWare Development 2009-03-17 10:58 <DIR> --d----- c:\programdata\WindowsSearch 2009-03-17 06:59 <DIR> --d----- c:\programdata\Digsby 2009-03-17 06:59 <DIR> --d----- c:\progra~2\Digsby 2009-03-17 06:29 <DIR> --d----- c:\users\rok\appdata\roaming\Digsby 2009-03-17 06:27 <DIR> --d----- c:\program files\Digsby 2009-03-16 18:35 <DIR> --d----- c:\program files\Microsoft Analysis Services 2009-03-16 18:18 125,328 a------- c:\windows\system32\drivers\dne2000.sys 2009-03-16 18:18 106,768 a------- c:\windows\system32\dneinobj.dll 2009-03-16 18:16 <DIR> --d----- c:\program files\common files\Deterministic Networks 2009-03-16 18:16 <DIR> --d----- c:\program files\Cisco Systems 2009-03-16 18:16 1,594 a------- c:\windows\VPNInstall.MIF 2009-03-16 18:10 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-03-16 18:10 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-16 18:10 <DIR> --d----- c:\program files\iPod 2009-03-16 18:10 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 18:10 <DIR> --d----- c:\program files\iTunes 2009-03-16 18:10 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 17:41 <DIR> --d----- c:\program files\Bonjour 2009-03-16 16:28 873,310 a------- c:\windows\system32\oem51.inf 2009-03-16 15:56 <DIR> --d----- c:\programdata\Office Genuine Advantage 2009-03-16 14:58 <DIR> --d----- c:\users\rok\nimbuzz 2009-03-16 14:58 <DIR> --d----- c:\program files\Nimbuzz 2009-03-16 13:45 2,048 a------- c:\windows\system32\tzres.dll 2009-03-16 12:28 <DIR> --d----- c:\program files\Microsoft Games 2009-03-16 12:28 <DIR> --d----- c:\windows\system32\msmq 2009-03-16 12:28 <DIR> --d----- C:\inetpub 2009-03-16 12:00 678,408 a------- c:\windows\system32\gpprefcl.dll 2009-03-16 11:40 97,800 a------- c:\windows\system32\infocardapi.dll 2009-03-16 11:40 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-16 11:40 37,384 a------- c:\windows\system32\infocardcpl.cpl 2009-03-16 11:40 622,080 a------- c:\windows\system32\icardagt.exe 2009-03-16 11:40 43,544 a------- c:\windows\system32\PresentationHostProxy.dll 2009-03-16 11:40 11,264 a------- c:\windows\system32\icardres.dll 2009-03-16 11:40 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll 2009-03-16 11:39 326,160 a------- c:\windows\system32\PresentationHost.exe 2009-03-16 11:13 110,592 a------- c:\windows\system32\keymail.dll 2009-03-16 11:03 96,760 a------- c:\windows\system32\dfshim.dll 2009-03-16 11:03 282,112 a------- c:\windows\system32\mscoree.dll 2009-03-16 11:03 41,984 a------- c:\windows\system32\netfxperf.dll 2009-03-16 11:02 158,720 a------- c:\windows\system32\mscorier.dll 2009-03-16 11:02 83,968 a------- c:\windows\system32\mscories.dll 2009-03-16 11:01 <DIR> --d----- c:\program files\Microsoft SQL Server 2009-03-16 11:00 <DIR> --d----- c:\program files\LSI SoftModem 2009-03-16 10:58 <DIR> --d----- c:\program files\MSXML 4.0 2009-03-16 09:38 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll 2009-03-16 09:38 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll 2009-03-16 09:38 801,280 a------- c:\windows\system32\NaturalLanguage6.dll 2009-03-16 09:24 827,392 a------- c:\windows\system32\wininet.dll 2009-03-16 09:24 1,383,424 a------- c:\windows\system32\mshtml.tlb 2009-03-16 09:13 784,896 a------- c:\windows\system32\rpcrt4.dll 2009-03-16 09:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys 2009-03-16 09:13 72,192 a------- c:\windows\system32\drivers\pacer.sys 2009-03-16 09:13 15,360 a------- c:\windows\system32\pacerprf.dll 2009-03-16 09:13 2,927,104 a------- c:\windows\explorer.exe 2009-03-16 09:13 296,960 a------- c:\windows\system32\gdi32.dll 2009-03-16 09:13 147,456 a------- c:\windows\system32\Faultrep.dll 2009-03-16 09:13 125,952 a------- c:\windows\system32\wersvc.dll 2009-03-16 09:13 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll 2009-03-16 09:12 712,704 a------- c:\windows\system32\WindowsCodecs.dll 2009-03-16 09:12 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll 2009-03-16 09:10 269,312 a------- c:\windows\system32\es.dll 2009-03-16 09:10 220,160 a------- c:\windows\system32\drivers\bthport.sys 2009-03-16 09:10 181,760 a------- c:\windows\system32\fsquirt.exe 2009-03-16 09:10 29,184 a------- c:\windows\system32\drivers\BTHUSB.SYS 2009-03-16 09:09 2,868,736 a------- c:\windows\system32\mf.dll 2009-03-16 09:09 996,352 a------- c:\windows\system32\WMNetMgr.dll 2009-03-16 09:09 94,720 a------- c:\windows\system32\logagent.exe 2009-03-16 09:09 288,768 a------- c:\windows\system32\drivers\srv.sys 2009-03-16 09:09 443,392 a------- c:\windows\system32\win32spl.dll 2009-03-16 09:09 113,664 a------- c:\windows\system32\drivers\rmcast.sys 2009-03-16 09:07 430,080 a------- c:\windows\system32\vbscript.dll 2009-03-16 09:07 180,224 a------- c:\windows\system32\scrobj.dll 2009-03-16 09:07 172,032 a------- c:\windows\system32\scrrun.dll 2009-03-16 09:07 155,648 a------- c:\windows\system32\wscript.exe 2009-03-16 09:07 135,168 a------- c:\windows\system32\wshom.ocx 2009-03-16 09:07 135,168 a------- c:\windows\system32\cscript.exe 2009-03-16 09:07 90,112 a------- c:\windows\system32\wshext.dll 2009-03-16 09:02 738,304 a------- c:\windows\system32\inetcomm.dll 2009-03-16 09:02 1,314,816 a------- c:\windows\system32\quartz.dll 2009-03-16 09:01 1,645,568 a------- c:\windows\system32\connect.dll 2009-03-16 09:01 1,334,272 a------- c:\windows\system32\msxml6.dll 2009-03-16 08:59 2,033,152 a------- c:\windows\system32\win32k.sys 2009-03-16 08:58 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe 2009-03-16 08:58 3,549,240 a------- c:\windows\system32\ntoskrnl.exe 2009-03-14 20:55 <DIR> --d----- c:\programdata\Apple Computer 2009-03-14 20:52 <DIR> --d----- c:\programdata\Apple 2009-03-14 20:48 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-03-14 20:46 <DIR> --d----- c:\programdata\PC Suite 2009-03-14 20:45 <DIR> --d----- c:\program files\common files\PCSuite 2009-03-14 20:45 <DIR> --d----- c:\program files\common files\Nokia 2009-03-14 20:44 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys 2009-03-14 20:42 <DIR> --d----- c:\program files\PC Connectivity Solution 2009-03-14 20:39 91,136 a------- c:\windows\system32\nmwcdcls.dll 2009-03-14 20:39 <DIR> --d----- c:\program files\Nokia 2009-03-14 20:38 <DIR> --d----- c:\programdata\Installations 2009-03-13 14:02 69 a------- c:\windows\NeroDigital.ini 2009-03-13 12:59 <DIR> --d----- c:\program files\DVDFab 5 2009-03-13 12:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-03-13 12:41 <DIR> --d----- c:\programdata\FLEXnet 2009-03-13 10:30 <DIR> --d----- c:\programdata\LightScribe 2009-03-13 10:30 <DIR> --d----- c:\progra~2\LightScribe 2009-03-13 10:02 4,767 a------- c:\windows\Irremote.ini 2009-03-13 06:47 <DIR> --d--r-- c:\program files\Skype 2009-03-13 06:47 <DIR> --d----- c:\programdata\Skype 2009-03-12 16:59 <DIR> --d----- c:\program files\Nero 2009-03-12 16:48 <DIR> --d----- c:\programdata\Nero 2009-03-12 16:48 <DIR> --d----- c:\progra~2\Nero 2009-03-12 15:57 <DIR> --d----- c:\programdata\SolarWinds 2009-03-12 15:57 <DIR> --d----- c:\progra~2\SolarWinds 2009-03-12 15:51 2,368 a------- c:\windows\system32\SVKP.sys 2009-03-12 15:35 <DIR> --d----- c:\program files\SolarWinds 2009-03-12 15:35 <DIR> --d----- c:\program files\common files\SolarWinds 2009-03-12 13:12 <DIR> --d----- c:\users\rok\appdata\roaming\VanDyke 2009-03-12 13:10 <DIR> --d----- c:\program files\VanDyke Software 2009-03-12 09:56 <DIR> --d----- c:\program files\common files\Macrovision Shared 2009-03-12 09:55 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll 2009-03-12 09:46 <DIR> --d----- c:\programdata\Adobe 2009-03-12 09:25 <DIR> --d----- c:\programdata\Martau 2009-03-12 09:25 <DIR> --d----- c:\progra~2\Martau 2009-03-12 09:24 <DIR> --d----- c:\program files\Total Uninstall 5 2009-03-11 17:51 <DIR> --d----- c:\program files\Mobile Net Switch 2009-03-11 17:45 <DIR> --d----- c:\program files\common files\EZB Systems 2009-03-11 17:45 <DIR> --d----- c:\program files\UltraISO 2009-03-11 17:16 <DIR> --d----- c:\users\rok\Tracing 2009-03-11 17:13 <DIR> --d----- c:\program files\Microsoft 2009-03-11 17:12 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-03-11 16:32 <DIR> --d----- c:\windows\system32\appmgmt 2009-03-11 16:25 <DIR> --d----- c:\program files\common files\Windows Live 2009-03-11 16:23 244 a---h--- C:\sqmnoopt00.sqm 2009-03-11 16:23 232 a---h--- C:\sqmdata00.sqm 2009-03-11 14:24 <DIR> --d----- c:\users\rok\appdata\roaming\PLSQL Developer 2009-03-11 14:17 180,000 a------- c:\windows\aaRemove.exe 2009-03-11 14:17 <DIR> --d----- c:\program files\PLSQL Developer 2009-03-11 12:50 <DIR> --d----- c:\program files\KillSoft 2009-03-11 12:02 87,608 a------- c:\users\rok\appdata\roaming\inst.exe 2009-03-11 12:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-03-11 12:02 47,360 a------- c:\users\rok\appdata\roaming\pcouffin.sys 2009-03-11 12:02 217,127 a------- c:\windows\system32\drv43260.dll 2009-03-11 12:02 208,935 a------- c:\windows\system32\drv33260.dll 2009-03-11 12:02 176,165 a------- c:\windows\system32\drv23260.dll 2009-03-11 12:02 102,439 a------- c:\windows\system32\sipr3260.dll 2009-03-11 12:02 1,184,984 a------- c:\windows\system32\wvc1dmod.dll 2009-03-11 12:02 65,602 a------- c:\windows\system32\cook3260.dll 2009-03-11 12:02 <DIR> --d----- c:\program files\VSO 2009-03-11 11:53 <DIR> --d----- c:\programdata\WinZip 2009-03-11 11:16 <DIR> --d----- c:\program files\IDM Computer Solutions 2009-03-11 11:11 168,448 a------- c:\windows\system32\unrar.dll 2009-03-11 11:10 <DIR> --d----- c:\programdata\Real 2009-03-11 11:10 <DIR> --d----- c:\program files\K-Lite Codec Pack 2009-03-11 10:57 <DIR> --d----- c:\program files\Microsoft Visual Studio .NET 2009-03-11 10:55 721,168 a------- c:\windows\system32\VB40032.DLL 2009-03-11 10:53 139,264 a------- c:\windows\system32\JavaAccessBridge.dll 2009-03-11 10:53 77,824 a------- c:\windows\system32\WindowsAccessBridge.dll 2009-03-11 10:53 28,672 a------- c:\windows\system32\JAWTAccessBridge.dll 2009-03-11 10:50 <DIR> --d----- C:\Oracle 2009-03-11 10:47 <DIR> --d----- c:\program files\Oracle 2009-03-11 09:53 <DIR> --d----- c:\users\rok\appdata\roaming\GrabPro 2009-03-11 09:53 <DIR> --d----- C:\downloads 2009-03-11 09:53 <DIR> --d----- c:\program files\Orbitdownloader 2009-03-11 08:15 <DIR> --d----- c:\users\rok\.asdm 2009-03-11 08:04 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-03-11 08:04 27,904 a------- c:\windows\system32\uxtuneup.dll 2009-03-11 08:04 17,152 a------- c:\windows\system32\authuitu.dll 2009-03-11 08:04 360,192 a------- c:\windows\system32\TuneUpDefragService.exe 2009-03-11 08:04 <DIR> --d----- c:\users\rok\appdata\roaming\TuneUp Software 2009-03-11 08:03 <DIR> --d----- c:\programdata\TuneUp Software 2009-03-11 08:03 <DIR> --d----- c:\program files\TuneUp Utilities 2009 2009-03-11 08:03 <DIR> --d----- c:\progra~2\TuneUp Software 2009-03-11 08:01 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-11 08:01 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357} 2009-03-11 07:58 <DIR> --d----- c:\users\rok\appdata\roaming\Intermedia Software 2009-03-11 07:55 <DIR> --d----- c:\programdata\Intermedia Software 2009-03-11 07:55 <DIR> --d----- c:\progra~2\Intermedia Software 2009-03-11 07:55 44,544 a------- c:\windows\system32\msxml4a.dll 2009-03-11 07:55 <DIR> --d----- c:\program files\Intermedia Software 2009-03-11 07:40 39 a------- c:\windows\vbaddin.ini 2009-03-11 07:37 162 a------- c:\windows\ODBC.INI 2009-03-11 07:16 1,524,736 a------- c:\windows\system32\wucltux.dll 2009-03-11 07:16 83,456 a------- c:\windows\system32\wudriver.dll 2009-03-11 07:16 162,064 a------- c:\windows\system32\wuwebv.dll 2009-03-11 07:16 31,232 a------- c:\windows\system32\wuapp.exe 2009-03-11 07:03 30,512 a------- c:\windows\system32\mdimon.dll 2009-03-11 06:57 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys 2009-03-11 06:57 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys 2009-03-11 06:57 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys 2009-03-11 06:52 <DIR> --d----- c:\program files\Microsoft Visual Studio 8 2009-03-11 06:41 <DIR> --d----- c:\windows\LocalSSL 2009-03-11 06:40 <DIR> --d----- c:\windows\system32\Service 2009-03-11 06:36 <DIR> --d----- c:\programdata\Trend Micro 2009-03-11 06:36 <DIR> --d----- c:\progra~2\Trend Micro 2009-03-11 06:36 <DIR> --d----- c:\program files\Trend Micro 2009-03-11 06:32 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-03-11 06:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-03-11 06:32 1,695,744 a------- c:\windows\system32\gameux.dll 2009-03-11 06:11 <DIR> --d----- c:\users\rok\Bluetooth Software 2009-03-11 06:11 <DIR> --d----- c:\users\rok\appdata\roaming\HPQLOG 2009-03-11 06:09 <DIR> --d----- c:\users\rok\appdata\roaming\Infineon 2009-03-11 06:09 <DIR> --d----- c:\users\rok 2009-03-11 04:01 <DIR> --d-h--- c:\programdata\CanonBJ 2009-03-10 21:08 12 a------- c:\windows\bthservsdp.dat 2009-03-10 12:34 44 a------- c:\windows\system\hpsysdrv.dat 2009-03-10 12:30 <DIR> --d----- c:\program files\MSN Messenger 2009-03-10 12:29 <DIR> --d----- c:\program files\HP Webcam Application 2009-03-10 12:28 180,224 a------- c:\windows\system32\rsnp2uvc.dll 2009-03-10 12:28 15,497 a------- c:\windows\snp2uvc.ini 2009-03-10 12:28 13,022 a------- c:\windows\snp2uvc.src 2009-03-10 12:28 <DIR> --d----- c:\program files\common files\SNP2UVC 2009-03-10 12:27 <DIR> --d----- c:\windows\Hewlett-Packard 2009-03-10 12:26 80,936 a------- c:\windows\system32\drivers\btwavdt.sys 2009-03-10 12:26 16,168 a------- c:\windows\system32\drivers\btwrchid.sys 2009-03-10 12:26 80,424 a------- c:\windows\system32\drivers\btwaudio.sys 2009-03-10 12:26 233,472 a------- c:\windows\system32\BtwRSupport.dll 2009-03-10 12:25 <DIR> --d----- c:\windows\system32\es-MX 2009-03-10 12:25 <DIR> --d----- c:\windows\system32\es-AR 2009-03-10 12:25 <DIR> --d----- c:\program files\WIDCOMM 2009-03-10 12:21 870,480 a------- c:\windows\system32\oem20.inf 2009-03-10 12:20 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_6735b_Y5336AN_0U_QCNU9067CC7_E460757-171_4A_I30E3_SHP_V96.1E_68GTT F.0A_T081216_WV6-1_L409_M1789_J160_7AMD_8F31_92.00_#080616_N14E41693_(KU211EA#ACQ)_XMOBILE_CN10_Z _2F.0A_G10029612.MRK 2009-03-08 08:21 144,912 a------- c:\windows\system32\drivers\tmcomm.sys 2009-03-08 08:21 80,400 a------- c:\windows\system32\drivers\tmtdi.sys 2009-03-08 08:21 50,192 a------- c:\windows\system32\drivers\tmactmon.sys 2009-03-08 08:21 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys ==================== Find3M ==================== 2009-03-19 18:28 143,360 a------- c:\windows\inf\infstrng.dat 2009-03-19 18:28 51,200 a------- c:\windows\inf\infpub.dat 2009-03-19 18:28 86,016 a------- c:\windows\inf\infstor.dat 2009-03-16 16:08 665,600 a------- c:\windows\inf\drvindex.dat 2009-03-02 19:10 67,584 a------- c:\windows\system32\ff_vfw.dll 2009-02-26 21:47 2,255,360 a------- c:\windows\system32\x264vfw.dll 2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll 2009-01-07 20:14 60,273 a------- c:\windows\system32\pthreadGC2.dll 2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll 2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe 2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll 2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 7:45:57.28 =============== Many Thanks for your Assistence. Microsoft Windows [Version 6.0.6001] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Users\rok>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : sgitrokv Primary Dns Suffix . . . . . . . : societegenerale.co.za Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : societegenerale.co.za co.za Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet Physical Address. . . . . . . . . : 00-24-81-3C-6C-E5 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::417c:536e:c74a:d805%17(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.11.231(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 10.2.0.45 DNS Servers . . . . . . . . . . . : 10.2.0.8 168.210.2.2 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 16: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 17: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{D90CA5F7-9D51-4ED8-A2A2-D3B999D68 939} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Users\rok> C:\Users\rok>ping 127.0.0.1 Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\rok>ping intranet Pinging intranet.societegenerale.co.za [10.2.0.35] with 32 bytes of data: Reply from 10.2.0.35: bytes=32 time<1ms TTL=127 Reply from 10.2.0.35: bytes=32 time=1ms TTL=127 Reply from 10.2.0.35: bytes=32 time=1ms TTL=127 Reply from 10.2.0.35: bytes=32 time=1ms TTL=127 Ping statistics for 10.2.0.35: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\Users\rok>nslookup www.google.com Server: bdcsrv01.societegenerale.co.za Address: 10.2.0.8 Non-authoritative answer: Name: www.l.google.com Addresses: 209.85.229.99 209.85.229.103 209.85.229.104 209.85.229.147 Aliases: www.google.com C:\Users\rok> This post has been edited by Orange Blossom: Mar 20 2009, 11:12 PM
Reason for edit: Deactivate link. ~ OB
Attached File(s)
|
 |
 
|
|
Mar 20 2009, 01:37 AM
Post
#2
|
|
|
New Member Group: Members Posts: 3 Joined: 20-March 09 Member No.: 310,527 |
My HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:30:21 AM, on 2009/03/20 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\mstsc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\Internet Security\UfNavi.exe C:\windows\system32\cmd.exe C:\windows\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.92:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [IFXSPMGT] c:\Windows\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKCU\..\Run: [KillCopy] "C:\windows\system32\killcopy.exe" /kcresume /startup O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = societegenerale.co.za O17 - HKLM\Software\..\Telephony: DomainName = societegenerale.co.za O17 - HKLM\System\CCS\Services\Tcpip\..\{D90CA5F7-9D51-4ED8-A2A2-D3B999D68939}: NameServer = 10.2.0.8,168.210.2.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = societegenerale.co.za O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O20 - AppInit_DLLs: APSHook.dll acaptuser32.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Windows\system32\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe -- End of file - 14018 bytes |
|
|
|
|
Mar 29 2009, 05:38 PM
Post
#3
|
|
 Bleepin' Texan! Group: HJT Team Coach Posts: 14,055 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello Rudi O'Kelly,
 Sorry about the delay.  If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this: 1. Download HijackThis™ here: http://www.trendsecure.com/portal/en-US/th.../hijackthis.php 2. Click 'Do a System Scan and Save log'. The HJT log will open in notepad. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you!    Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
Mar 29 2009, 11:29 PM
Post
#4
|
|
|
New Member Group: Members Posts: 3 Joined: 20-March 09 Member No.: 310,527 |
Hi Tea
I've stop using the laptop until I can get a fix, so the HJT log attached will be the same. Any suggestions? Thanks |
|
|
|
|
Mar 29 2009, 11:52 PM
Post
#5
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 14,055 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hi there,
Yes, plenty of suggestions.  I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that!  This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
Apr 8 2009, 08:33 AM
Post
#6
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 14,055 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 04:06 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.