IE7 DNS Error / Firefox Connection Interrupted / Connection Interrupted

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

IE7 DNS Error / Firefox Connection Interrupted / Connection Interrupted Can't get this fixed

#1 Rudi O'Kelly

New Member

Group: Members
Posts: 3
Joined: 20-March 09

Posted 20 March 2009 - 01:23 AM

Hi All,

I'm getting DNS error in IE7 on Windows Vista Business. Also Firefox Gives a Connection Interupted Message.

I already tried Google to resolve this error, but she aint allot of help.

Herewith a list of attempts I made to fix this error:

Renamed Hosts file to hosts.old
Ran netsh int ip reset c:\resetlog.txt (No Errors)
Ran netsh winsock reset (No Errors)
Deleted Temp, history, cookies etc in IE7
Reseted IE7 under advanced IE Options
Ran Full System Scan with Windows Defender
Ran Full System Scan with Trend Micro Internet Security Pro (Program Version:17.0.1305;
Engine Version 8.911.1001; Pattern Version 5.906.01)

I am able to connect to https and Web Connections <http://10.2.0.25:8085/>

Herewith the DDS log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by rok at 7:44:25.45 on 2009/03/20
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Business 6.0.6001.1.1252.27.1033.18.2812.1459 [GMT 2:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Windows\system32\ifxspmgt.exe
c:\Windows\system32\ifxtcs.exe
C:\windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\MNSFramework.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe -k HPZ12
c:\Windows\system32\IfxPsdSv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\windows\System32\TUProgSt.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\IDM Computer Solutions\UEStudio\UEStudio.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
\\sgtestterm\c$\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyServer = 10.2.0.92:3128
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [KillCopy] "c:\windows\system32\killcopy.exe" /kcresume /startup
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: {D90CA5F7-9D51-4ED8-A2A2-D3B999D68939} = 10.2.0.8,168.210.2.2
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
AppInit_DLLs: APSHook.dll acaptuser32.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\rok\appdata\roaming\mozilla\firefox\profiles\t3yob7za.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sourceid=navclient&gfns=1&q=
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2008-3-21 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-16 1176824]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-6-16 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\reporting services\reportserver\bin\ReportingServicesService.exe [2007-2-10 17264]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-3-11 181584]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-3-12 2368]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-8 49680]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-11 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-11 677128]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-11 603904]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-3-19 223232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-16 193840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\solarwinds\engineer's toolset\SolarWinds TFTP Server.exe [2007-12-5 61440]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]

=============== Created Last 30 ================

2009-03-19 20:22 <DIR> --d----- C:\lpt906
2009-03-19 18:56 15,215,536 a------- C:\lpt906.zip
2009-03-19 18:26 223,232 a------- c:\windows\system32\drivers\b57nd60x.sys
2009-03-19 14:00 <DIR> --d----- c:\programdata\VanDyke
2009-03-19 14:00 <DIR> --d----- c:\progra~2\VanDyke
2009-03-18 07:50 <DIR> --d----- c:\users\rok\appdata\roaming\DWMRCMSI
2009-03-17 14:14 61,440 a------- c:\windows\system32\DWRCSh32.DLL
2009-03-17 14:14 <DIR> --d----- c:\users\rok\appdata\roaming\DameWare Development
2009-03-17 10:58 <DIR> --d----- c:\programdata\WindowsSearch
2009-03-17 06:59 <DIR> --d----- c:\programdata\Digsby
2009-03-17 06:59 <DIR> --d----- c:\progra~2\Digsby
2009-03-17 06:29 <DIR> --d----- c:\users\rok\appdata\roaming\Digsby
2009-03-17 06:27 <DIR> --d----- c:\program files\Digsby
2009-03-16 18:35 <DIR> --d----- c:\program files\Microsoft Analysis Services
2009-03-16 18:18 125,328 a------- c:\windows\system32\drivers\dne2000.sys
2009-03-16 18:18 106,768 a------- c:\windows\system32\dneinobj.dll
2009-03-16 18:16 <DIR> --d----- c:\program files\common files\Deterministic Networks
2009-03-16 18:16 <DIR> --d----- c:\program files\Cisco Systems
2009-03-16 18:16 1,594 a------- c:\windows\VPNInstall.MIF
2009-03-16 18:10 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-16 18:10 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:10 <DIR> --d----- c:\program files\iPod
2009-03-16 18:10 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 18:10 <DIR> --d----- c:\program files\iTunes
2009-03-16 18:10 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 17:41 <DIR> --d----- c:\program files\Bonjour
2009-03-16 16:28 873,310 a------- c:\windows\system32\oem51.inf
2009-03-16 15:56 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-03-16 14:58 <DIR> --d----- c:\users\rok\nimbuzz
2009-03-16 14:58 <DIR> --d----- c:\program files\Nimbuzz
2009-03-16 13:45 2,048 a------- c:\windows\system32\tzres.dll
2009-03-16 12:28 <DIR> --d----- c:\program files\Microsoft Games
2009-03-16 12:28 <DIR> --d----- c:\windows\system32\msmq
2009-03-16 12:28 <DIR> --d----- C:\inetpub
2009-03-16 12:00 678,408 a------- c:\windows\system32\gpprefcl.dll
2009-03-16 11:40 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-16 11:40 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-16 11:40 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-16 11:40 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-16 11:40 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-16 11:40 11,264 a------- c:\windows\system32\icardres.dll
2009-03-16 11:40 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-16 11:39 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-16 11:13 110,592 a------- c:\windows\system32\keymail.dll
2009-03-16 11:03 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-16 11:03 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-16 11:03 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-16 11:02 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-16 11:02 83,968 a------- c:\windows\system32\mscories.dll
2009-03-16 11:01 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-16 11:00 <DIR> --d----- c:\program files\LSI SoftModem
2009-03-16 10:58 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-16 09:38 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-03-16 09:38 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-03-16 09:38 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-03-16 09:24 827,392 a------- c:\windows\system32\wininet.dll
2009-03-16 09:24 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-16 09:13 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-03-16 09:13 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-03-16 09:13 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-03-16 09:13 15,360 a------- c:\windows\system32\pacerprf.dll
2009-03-16 09:13 2,927,104 a------- c:\windows\explorer.exe
2009-03-16 09:13 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-16 09:13 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-16 09:13 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-16 09:13 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-16 09:12 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-16 09:12 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-16 09:10 269,312 a------- c:\windows\system32\es.dll
2009-03-16 09:10 220,160 a------- c:\windows\system32\drivers\bthport.sys
2009-03-16 09:10 181,760 a------- c:\windows\system32\fsquirt.exe
2009-03-16 09:10 29,184 a------- c:\windows\system32\drivers\BTHUSB.SYS
2009-03-16 09:09 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-16 09:09 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-16 09:09 94,720 a------- c:\windows\system32\logagent.exe
2009-03-16 09:09 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-03-16 09:09 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-16 09:09 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-03-16 09:07 430,080 a------- c:\windows\system32\vbscript.dll
2009-03-16 09:07 180,224 a------- c:\windows\system32\scrobj.dll
2009-03-16 09:07 172,032 a------- c:\windows\system32\scrrun.dll
2009-03-16 09:07 155,648 a------- c:\windows\system32\wscript.exe
2009-03-16 09:07 135,168 a------- c:\windows\system32\wshom.ocx
2009-03-16 09:07 135,168 a------- c:\windows\system32\cscript.exe
2009-03-16 09:07 90,112 a------- c:\windows\system32\wshext.dll
2009-03-16 09:02 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-16 09:02 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-16 09:01 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-16 09:01 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-16 08:59 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-16 08:58 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-16 08:58 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-03-14 20:55 <DIR> --d----- c:\programdata\Apple Computer
2009-03-14 20:52 <DIR> --d----- c:\programdata\Apple
2009-03-14 20:48 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-03-14 20:46 <DIR> --d----- c:\programdata\PC Suite
2009-03-14 20:45 <DIR> --d----- c:\program files\common files\PCSuite
2009-03-14 20:45 <DIR> --d----- c:\program files\common files\Nokia
2009-03-14 20:44 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-03-14 20:42 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-03-14 20:39 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-03-14 20:39 <DIR> --d----- c:\program files\Nokia
2009-03-14 20:38 <DIR> --d----- c:\programdata\Installations
2009-03-13 14:02 69 a------- c:\windows\NeroDigital.ini
2009-03-13 12:59 <DIR> --d----- c:\program files\DVDFab 5
2009-03-13 12:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-13 12:41 <DIR> --d----- c:\programdata\FLEXnet
2009-03-13 10:30 <DIR> --d----- c:\programdata\LightScribe
2009-03-13 10:30 <DIR> --d----- c:\progra~2\LightScribe
2009-03-13 10:02 4,767 a------- c:\windows\Irremote.ini
2009-03-13 06:47 <DIR> --d--r-- c:\program files\Skype
2009-03-13 06:47 <DIR> --d----- c:\programdata\Skype
2009-03-12 16:59 <DIR> --d----- c:\program files\Nero
2009-03-12 16:48 <DIR> --d----- c:\programdata\Nero
2009-03-12 16:48 <DIR> --d----- c:\progra~2\Nero
2009-03-12 15:57 <DIR> --d----- c:\programdata\SolarWinds
2009-03-12 15:57 <DIR> --d----- c:\progra~2\SolarWinds
2009-03-12 15:51 2,368 a------- c:\windows\system32\SVKP.sys
2009-03-12 15:35 <DIR> --d----- c:\program files\SolarWinds
2009-03-12 15:35 <DIR> --d----- c:\program files\common files\SolarWinds
2009-03-12 13:12 <DIR> --d----- c:\users\rok\appdata\roaming\VanDyke
2009-03-12 13:10 <DIR> --d----- c:\program files\VanDyke Software
2009-03-12 09:56 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-03-12 09:55 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-03-12 09:46 <DIR> --d----- c:\programdata\Adobe
2009-03-12 09:25 <DIR> --d----- c:\programdata\Martau
2009-03-12 09:25 <DIR> --d----- c:\progra~2\Martau
2009-03-12 09:24 <DIR> --d----- c:\program files\Total Uninstall 5
2009-03-11 17:51 <DIR> --d----- c:\program files\Mobile Net Switch
2009-03-11 17:45 <DIR> --d----- c:\program files\common files\EZB Systems
2009-03-11 17:45 <DIR> --d----- c:\program files\UltraISO
2009-03-11 17:16 <DIR> --d----- c:\users\rok\Tracing
2009-03-11 17:13 <DIR> --d----- c:\program files\Microsoft
2009-03-11 17:12 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-11 16:32 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-11 16:25 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-11 16:23 244 a---h--- C:\sqmnoopt00.sqm
2009-03-11 16:23 232 a---h--- C:\sqmdata00.sqm
2009-03-11 14:24 <DIR> --d----- c:\users\rok\appdata\roaming\PLSQL Developer
2009-03-11 14:17 180,000 a------- c:\windows\aaRemove.exe
2009-03-11 14:17 <DIR> --d----- c:\program files\PLSQL Developer
2009-03-11 12:50 <DIR> --d----- c:\program files\KillSoft
2009-03-11 12:02 87,608 a------- c:\users\rok\appdata\roaming\inst.exe
2009-03-11 12:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-11 12:02 47,360 a------- c:\users\rok\appdata\roaming\pcouffin.sys
2009-03-11 12:02 217,127 a------- c:\windows\system32\drv43260.dll
2009-03-11 12:02 208,935 a------- c:\windows\system32\drv33260.dll
2009-03-11 12:02 176,165 a------- c:\windows\system32\drv23260.dll
2009-03-11 12:02 102,439 a------- c:\windows\system32\sipr3260.dll
2009-03-11 12:02 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-03-11 12:02 65,602 a------- c:\windows\system32\cook3260.dll
2009-03-11 12:02 <DIR> --d----- c:\program files\VSO
2009-03-11 11:53 <DIR> --d----- c:\programdata\WinZip
2009-03-11 11:16 <DIR> --d----- c:\program files\IDM Computer Solutions
2009-03-11 11:11 168,448 a------- c:\windows\system32\unrar.dll
2009-03-11 11:10 <DIR> --d----- c:\programdata\Real
2009-03-11 11:10 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-11 10:57 <DIR> --d----- c:\program files\Microsoft Visual Studio .NET
2009-03-11 10:55 721,168 a------- c:\windows\system32\VB40032.DLL
2009-03-11 10:53 139,264 a------- c:\windows\system32\JavaAccessBridge.dll
2009-03-11 10:53 77,824 a------- c:\windows\system32\WindowsAccessBridge.dll
2009-03-11 10:53 28,672 a------- c:\windows\system32\JAWTAccessBridge.dll
2009-03-11 10:50 <DIR> --d----- C:\Oracle
2009-03-11 10:47 <DIR> --d----- c:\program files\Oracle
2009-03-11 09:53 <DIR> --d----- c:\users\rok\appdata\roaming\GrabPro
2009-03-11 09:53 <DIR> --d----- C:\downloads
2009-03-11 09:53 <DIR> --d----- c:\program files\Orbitdownloader
2009-03-11 08:15 <DIR> --d----- c:\users\rok\.asdm
2009-03-11 08:04 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-03-11 08:04 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-03-11 08:04 17,152 a------- c:\windows\system32\authuitu.dll
2009-03-11 08:04 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-03-11 08:04 <DIR> --d----- c:\users\rok\appdata\roaming\TuneUp Software
2009-03-11 08:03 <DIR> --d----- c:\programdata\TuneUp Software
2009-03-11 08:03 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-03-11 08:03 <DIR> --d----- c:\progra~2\TuneUp Software
2009-03-11 08:01 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-11 08:01 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-11 07:58 <DIR> --d----- c:\users\rok\appdata\roaming\Intermedia Software
2009-03-11 07:55 <DIR> --d----- c:\programdata\Intermedia Software
2009-03-11 07:55 <DIR> --d----- c:\progra~2\Intermedia Software
2009-03-11 07:55 44,544 a------- c:\windows\system32\msxml4a.dll
2009-03-11 07:55 <DIR> --d----- c:\program files\Intermedia Software
2009-03-11 07:40 39 a------- c:\windows\vbaddin.ini
2009-03-11 07:37 162 a------- c:\windows\ODBC.INI
2009-03-11 07:16 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-11 07:16 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-11 07:16 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-11 07:16 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-11 07:03 30,512 a------- c:\windows\system32\mdimon.dll
2009-03-11 06:57 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-11 06:57 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-11 06:57 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-11 06:52 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-03-11 06:41 <DIR> --d----- c:\windows\LocalSSL
2009-03-11 06:40 <DIR> --d----- c:\windows\system32\Service
2009-03-11 06:36 <DIR> --d----- c:\programdata\Trend Micro
2009-03-11 06:36 <DIR> --d----- c:\progra~2\Trend Micro
2009-03-11 06:36 <DIR> --d----- c:\program files\Trend Micro
2009-03-11 06:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-11 06:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-11 06:32 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-11 06:11 <DIR> --d----- c:\users\rok\Bluetooth Software
2009-03-11 06:11 <DIR> --d----- c:\users\rok\appdata\roaming\HPQLOG
2009-03-11 06:09 <DIR> --d----- c:\users\rok\appdata\roaming\Infineon
2009-03-11 06:09 <DIR> --d----- c:\users\rok
2009-03-11 04:01 <DIR> --d-h--- c:\programdata\CanonBJ
2009-03-10 21:08 12 a------- c:\windows\bthservsdp.dat
2009-03-10 12:34 44 a------- c:\windows\system\hpsysdrv.dat
2009-03-10 12:30 <DIR> --d----- c:\program files\MSN Messenger
2009-03-10 12:29 <DIR> --d----- c:\program files\HP Webcam Application
2009-03-10 12:28 180,224 a------- c:\windows\system32\rsnp2uvc.dll
2009-03-10 12:28 15,497 a------- c:\windows\snp2uvc.ini
2009-03-10 12:28 13,022 a------- c:\windows\snp2uvc.src
2009-03-10 12:28 <DIR> --d----- c:\program files\common files\SNP2UVC
2009-03-10 12:27 <DIR> --d----- c:\windows\Hewlett-Packard
2009-03-10 12:26 80,936 a------- c:\windows\system32\drivers\btwavdt.sys
2009-03-10 12:26 16,168 a------- c:\windows\system32\drivers\btwrchid.sys
2009-03-10 12:26 80,424 a------- c:\windows\system32\drivers\btwaudio.sys
2009-03-10 12:26 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-03-10 12:25 <DIR> --d----- c:\windows\system32\es-MX
2009-03-10 12:25 <DIR> --d----- c:\windows\system32\es-AR
2009-03-10 12:25 <DIR> --d----- c:\program files\WIDCOMM
2009-03-10 12:21 870,480 a------- c:\windows\system32\oem20.inf
2009-03-10 12:20 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_6735b_Y5336AN_0U_QCNU9067CC7_E460757-171_4A_I30E3_SHP_V96.1E_68GTT F.0A_T081216_WV6-1_L409_M1789_J160_7AMD_8F31_92.00_#080616_N14E41693_(KU211EA#ACQ)_XMOBILE_CN10_Z_2F.0A_G10029612.MRK
2009-03-08 08:21 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-08 08:21 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-08 08:21 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-03-08 08:21 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys

==================== Find3M ====================

2009-03-19 18:28 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-19 18:28 51,200 a------- c:\windows\inf\infpub.dat
2009-03-19 18:28 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 16:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-02 19:10 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-26 21:47 2,255,360 a------- c:\windows\system32\x264vfw.dll
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-07 20:14 60,273 a------- c:\windows\system32\pthreadGC2.dll
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:45:57.28 ===============
Many Thanks for your Assistence.

Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Users\rok>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : sgitrokv
Primary Dns Suffix . . . . . . . : societegenerale.co.za
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : societegenerale.co.za
co.za

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-24-81-3C-6C-E5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::417c:536e:c74a:d805%17(Preferred)
IPv4 Address. . . . . . . . . . . : 10.2.11.231(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.2.0.45
DNS Servers . . . . . . . . . . . : 10.2.0.8
168.210.2.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D90CA5F7-9D51-4ED8-A2A2-D3B999D68
939}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\rok>

C:\Users\rok>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\rok>ping intranet

Pinging intranet.societegenerale.co.za [10.2.0.35] with 32 bytes of data:
Reply from 10.2.0.35: bytes=32 time<1ms TTL=127
Reply from 10.2.0.35: bytes=32 time=1ms TTL=127
Reply from 10.2.0.35: bytes=32 time=1ms TTL=127
Reply from 10.2.0.35: bytes=32 time=1ms TTL=127

Ping statistics for 10.2.0.35:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\rok>nslookup www.google.com
Server: bdcsrv01.societegenerale.co.za
Address: 10.2.0.8

Non-authoritative answer:
Name: www.l.google.com
Addresses: 209.85.229.99
209.85.229.103
209.85.229.104
209.85.229.147
Aliases: www.google.com

C:\Users\rok>

Attached File(s)

Attach.txt (9.03K)
Number of downloads: 2

This post has been edited by Orange Blossom: 20 March 2009 - 11:12 PM
Reason for edit: Deactivate link. ~ OB

#2 Rudi O'Kelly

New Member

Group: Members
Posts: 3
Joined: 20-March 09

Posted 20 March 2009 - 01:37 AM

My HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:21 AM, on 2009/03/20
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\windows\system32\cmd.exe
C:\windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.92:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IFXSPMGT] c:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [KillCopy] "C:\windows\system32\killcopy.exe" /kcresume /startup
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = societegenerale.co.za
O17 - HKLM\Software\..\Telephony: DomainName = societegenerale.co.za
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90CA5F7-9D51-4ED8-A2A2-D3B999D68939}: NameServer = 10.2.0.8,168.210.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = societegenerale.co.za
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: APSHook.dll acaptuser32.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe

--
End of file - 14018 bytes

#3 teacup61

Bleepin' Texan in Ohio!

Group: Malware Response Team
Posts: 17,056
Joined: 05-April 06
Gender:Female
Location:New Bremen, Ohio

Posted 29 March 2009 - 05:38 PM

Hello Rudi O'Kelly,

Posted Image

Sorry about the delay. :thumbup2:

If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Error reading poptart in Drive A: Delete kids y/n?

#4 Rudi O'Kelly

New Member

Group: Members
Posts: 3
Joined: 20-March 09

Posted 29 March 2009 - 11:29 PM

Hi Tea

I've stop using the laptop until I can get a fix, so the HJT log attached will be the same.

Any suggestions?

Thanks

#5 teacup61

Bleepin' Texan in Ohio!

Group: Malware Response Team
Posts: 17,056
Joined: 05-April 06
Gender:Female
Location:New Bremen, Ohio

Posted 29 March 2009 - 11:52 PM

Hi there,

Yes, plenty of suggestions. :thumbup2:

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that!

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

Bleepin' Texan in Ohio!

Group: Malware Response Team
Posts: 17,056
Joined: 05-April 06
Gender:Female
Location:New Bremen, Ohio

Posted 08 April 2009 - 08:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Error reading poptart in Drive A: Delete kids y/n?