wes Posted December 5, 2008 ID:38288 Share Posted December 5, 2008 I was having issues on my laptop and I think I've managed to clean it but I just wanted someone to verifyLogs:Malwarebytes' Anti-Malware 1.30Database version: 1306Windows 5.1.2600 Service Pack 305/12/2008 19:38:18mbam-log-2008-12-05 (19-38-18).txtScan type: Quick ScanObjects scanned: 50619Time elapsed: 4 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)*****************************************;***********************************************************************************************************************************************************************************ANALYSIS: 2008-12-05 21:17:07PROTECTIONS: 1MALWARE: 16SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Sophos Antivirus 7.6.0 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@trafficmp[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@atdmt[2].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@247realmedia[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@tribalfusion[1].txt00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@anm.co[1].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@com[1].txt00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@hotlog[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@bs.serving-sys[1].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@www.burstbeacon[1].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@adtech[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@advertising[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@ads.pointroll[2].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@overture[2].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@realmedia[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@questionmarket[1].txt;===================================================================================================================================================================================SUSPECTSSent Location _8;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description _8;===================================================================================================================================================================================;===================================================================================================================================================================================**********************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:20:54, on 05/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exec:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\utils\DigiGuide TV Guide\digiguide.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Zooming] ZoomingHook.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exeO4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLLO22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 9372 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted December 9, 2008 ID:39177 Share Posted December 9, 2008 Sorry for the delay. Do you still require any assistance? Link to post Share on other sites More sharing options...
wes Posted December 10, 2008 Author ID:39393 Share Posted December 10, 2008 Sorry for the delay. Do you still require any assistance?YES PLEASE ! I'm not sure if I'm clean, previous scan looked good- as in nothing found. Just did another scan on Spybot & got the following : --- Search result list ---Hint of the Day: Click the bar at the right of this to see more information! ()DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)BlueStreak: Tracking cookie (Firefox: default) (Cookie, nothing done)Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---2008-07-07 blindman.exe (1.0.0.8)2008-07-07 SDMain.exe (1.0.0.6)2008-07-07 SDShred.exe (1.0.2.3)2008-07-07 SDUpdate.exe (1.6.0.8)2008-07-07 SDWinSec.exe (1.0.0.12)2008-07-07 SpybotSD.exe (1.6.0.30)2008-09-16 TeaTimer.exe (1.6.3.25)2008-11-22 unins000.exe (51.49.0.0)2008-07-07 Update.exe (1.6.0.7)2008-10-22 advcheck.dll (1.6.2.13)2007-04-02 aports.dll (2.1.0.0)2008-06-14 DelZip179.dll (1.79.11.1)2008-09-15 SDHelper.dll (1.6.2.14)2008-06-19 sqlite3.dll2008-10-22 Tools.dll (2.1.6.8)2008-11-04 Includes\Adware.sbi (*)2008-11-25 Includes\AdwareC.sbi (*)2008-06-03 Includes\Cookies.sbi (*)2008-09-02 Includes\Dialer.sbi (*)2008-09-09 Includes\DialerC.sbi (*)2008-07-23 Includes\HeavyDuty.sbi (*)2008-11-18 Includes\Hijackers.sbi (*)2008-11-18 Includes\HijackersC.sbi (*)2008-09-09 Includes\Keyloggers.sbi (*)2008-11-18 Includes\KeyloggersC.sbi (*)2004-11-29 Includes\LSP.sbi (*)2008-11-18 Includes\Malware.sbi (*)2008-12-03 Includes\MalwareC.sbi (*)2008-11-03 Includes\PUPS.sbi (*)2008-12-02 Includes\PUPSC.sbi (*)2007-11-07 Includes\Revision.sbi (*)2008-06-18 Includes\Security.sbi (*)2008-12-02 Includes\SecurityC.sbi (*)2008-06-03 Includes\Spybots.sbi (*)2008-06-03 Includes\SpybotsC.sbi (*)2008-11-04 Includes\Spyware.sbi (*)2008-12-02 Includes\SpywareC.sbi (*)2008-06-03 Includes\Tracks.uti2008-11-04 Includes\Trojans.sbi (*)2008-12-02 Includes\TrojansC.sbi (*)2008-03-04 Plugins\Chai.dll2008-03-05 Plugins\Fennel.dll2008-02-26 Plugins\Mate.dll2007-12-24 Plugins\TCPIPAddress.dll--- System information ---Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / MSXML4SP2: Security update for MSXML4 SP2 (KB954430) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734) / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows XP: Security Update for Windows XP (KB923689) / Windows XP: Security Update for Windows XP (KB941569) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533) / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390) / Windows XP / SP3: Windows XP Service Pack 3 / Windows XP / SP4: Security Update for Windows XP (KB938464) / Windows XP / SP4: Security Update for Windows XP (KB946648) / Windows XP / SP4: Security Update for Windows XP (KB950760) / Windows XP / SP4: Security Update for Windows XP (KB950762) / Windows XP / SP4: Security Update for Windows XP (KB950974) / Windows XP / SP4: Security Update for Windows XP (KB951066) / Windows XP / SP4: Update for Windows XP (KB951072-v2) / Windows XP / SP4: Security Update for Windows XP (KB951376) / Windows XP / SP4: Security Update for Windows XP (KB951376-v2) / Windows XP / SP4: Security Update for Windows XP (KB951698) / Windows XP / SP4: Security Update for Windows XP (KB951748) / Windows XP / SP4: Update for Windows XP (KB951978) / Windows XP / SP4: Hotfix for Windows XP (KB952287) / Windows XP / SP4: Security Update for Windows XP (KB952954) / Windows XP / SP4: Security Update for Windows XP (KB953839) / Windows XP / SP4: Security Update for Windows XP (KB954211) / Windows XP / SP4: Security Update for Windows XP (KB954459) / Windows XP / SP4: Security Update for Windows XP (KB955069) / Windows XP / SP4: Security Update for Windows XP (KB956391) / Windows XP / SP4: Security Update for Windows XP (KB956803) / Windows XP / SP4: Security Update for Windows XP (KB956841) / Windows XP / SP4: Security Update for Windows XP (KB957095) / Windows XP / SP4: Security Update for Windows XP (KB957097) / Windows XP / SP4: Security Update for Windows XP (KB958644)--- Startup entries list ---Located: HK_LM:Run, command: file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_LM:Run, Alcmtrcommand: ALCMTR.EXE file: C:\WINDOWS\ALCMTR.EXE size: 69632 MD5: 8B4CBBA1EA526830C7F97E7822E2493ALocated: HK_LM:Run, Apointcommand: C:\Program Files\Apoint2K\Apoint.exe file: C:\Program Files\Apoint2K\Apoint.exe size: 196608 MD5: 8EBBF7E508EC363BD6933809D17A43A7Located: HK_LM:Run, avgntcommand: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe size: 266497 MD5: 6E812818306D460D62B4ABEA9FDC6679Located: HK_LM:Run, CeEKEYcommand: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe file: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe size: 651264 MD5: 2E0524F31E6D8315B71AC0681BAEA1A0Located: HK_LM:Run, CFSServ.execommand: CFSServ.exe -NoClient file: CFSServ.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_LM:Run, DDWMoncommand: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe file: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe size: 495616 MD5: 8A9350D8E866D162104D7A16F03D538DLocated: HK_LM:Run, HotKeysCmdscommand: C:\WINDOWS\system32\hkcmd.exe file: C:\WINDOWS\system32\hkcmd.exe size: 162584 MD5: E1997E3312A591649AE8A456A5658D0ELocated: HK_LM:Run, HWSetupcommand: C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP file: C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe size: 28672 MD5: A9701AB3582D15AF6F92B97DD0163AB6Located: HK_LM:Run, IgfxTraycommand: C:\WINDOWS\system32\igfxtray.exe file: C:\WINDOWS\system32\igfxtray.exe size: 142104 MD5: F94F81840A057E6998DDBF55EECD2C0BLocated: HK_LM:Run, NDSTray.execommand: NDSTray.exe file: NDSTray.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_LM:Run, Persistencecommand: C:\WINDOWS\system32\igfxpers.exe file: C:\WINDOWS\system32\igfxpers.exe size: 138008 MD5: E907D015172A1B80A89D5B6B55C83A7ELocated: HK_LM:Run, RTHDCPLcommand: RTHDCPL.EXE file: C:\WINDOWS\RTHDCPL.EXE size: 16377344 MD5: 3A57538B12DE39F723BEE00E4A72FC4ALocated: HK_LM:Run, SmoothViewcommand: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe size: 143360 MD5: D96EF52E211FFE5390BC13039F23CC29Located: HK_LM:Run, SVPWUTILcommand: C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL file: C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe size: 65536 MD5: 62ADD2BF01685E4269B2298BA54E3EF6Located: HK_LM:Run, TCtryIOHookcommand: TCtrlIOHook.exe file: C:\WINDOWS\system32\TCtrlIOHook.exe size: 28672 MD5: 93E9E2F7E303C6C85F162D1D2E6AA67BLocated: HK_LM:Run, TDispVolcommand: TDispVol.exe file: C:\WINDOWS\system32\TDispVol.exe size: 73728 MD5: D6F801AFF5D095BF11FFB40EC4A75522Located: HK_LM:Run, TFncKycommand: TFncKy.exe file: TFncKy.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_LM:Run, topicommand: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup file: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe size: 581632 MD5: E1FAAF7915BC07352CCF1DFF37058414Located: HK_LM:Run, TPNFcommand: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe file: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe size: 53248 MD5: 7B4D848550D7E1CB8881A9BEF1DACE2FLocated: HK_LM:Run, TPSMaincommand: TPSMain.exe file: C:\WINDOWS\system32\TPSMain.exe size: 266240 MD5: B6C23E30595780FE0C2AD70A07E59E1CLocated: HK_LM:Run, Zoomingcommand: ZoomingHook.exe file: C:\WINDOWS\system32\ZoomingHook.exe size: 24576 MD5: FD02F46A78C30F6CFF37C7FE37A16CC5Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT...command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3Located: HK_CU:Run, DWQueuedReporting where: .DEFAULT...command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe size: 434528 MD5: 29E177C7BB7343F365F12AD9A8AF4C48Located: HK_CU:Run, TOSCDSPD where: PE_C_ADMINISTRATOR...command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe size: 65536 MD5: 43382739870D196C79454B327077D039Located: HK_CU:Run, AdobeUpdater where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe file: C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_CU:Run, ctfmon.exe where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3Located: HK_CU:Run, MSMSGS where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: "C:\Program Files\Messenger\msmsgs.exe" /background file: C:\Program Files\Messenger\msmsgs.exe size: 1695232 MD5: 3E930C641079443D4DE036167A69CAA2Located: HK_CU:Run, MsnMsgr where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe size: 5724184 MD5: A8972A2F9A744DD5EE0BFE429D767F1CLocated: HK_CU:Run, Picasa Media Detector where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: C:\Program Files\Picasa2\PicasaMediaDetector.exe file: C:\Program Files\Picasa2\PicasaMediaDetector.exe size: 443968 MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59ECLocated: HK_CU:Run, TOSCDSPD where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe size: 65536 MD5: 43382739870D196C79454B327077D039Located: HK_CU:Run, VirTrigger where: S-1-5-21-2409514809-3273457905-3423061011-1008...command: "C:\Program Files\VirTrigger\VirTrigger.exe" file: C:\Program Files\VirTrigger\VirTrigger.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18...command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3Located: HK_CU:Run, DWQueuedReporting where: S-1-5-18...command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe size: 434528 MD5: 29E177C7BB7343F365F12AD9A8AF4C48Located: Startup (common), AutoUpdate Monitor.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...command: C:\Program Files\Sophos\AutoUpdate\ALMon.exe file: C:\Program Files\Sophos\AutoUpdate\ALMon.exe size: 245760 MD5: 4CF38637FADECCCC00013C0711DB3BBALocated: Startup (user), DigiGuide TV Guide.lnk where: C:\Documents and Settings\teacher\Start Menu\Programs\Startup...command: C:\Program Files\utils\DigiGuide TV Guide\Client.exe file: C:\Program Files\utils\DigiGuide TV Guide\Client.exe size: 180224 MD5: 0E21708A38D95F1CA3ED92F90BE23F8BLocated: WinLogon, crypt32chaincommand: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, cryptnetcommand: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, cscdllcommand: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, dimsntfycommand: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, igfxcuicommand: igfxdev.dll file: igfxdev.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, ScCertPropcommand: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, Schedulecommand: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, sclgntfycommand: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, SensLogncommand: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, termsrvcommand: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, WgaLogoncommand: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!Located: WinLogon, wlballooncommand: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!--- Browser helper object list ---{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (Sophos Web Content Scanner) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Sophos Web Content Scanner Path: c:\Program Files\Sophos\Sophos Anti-Virus\ Long name: SophosBHO.dll Short name: SOPHOS~2.DLL Date (created): 27/11/2008 14:33:56Date (last access): 10/12/2008 22:13:40 Date (last write): 27/11/2008 14:33:56 Filesize: 240696 Attributes: archive MD5: CFC3AB2B75A8AF36960597D7F0E00569 CRC32: E36B88F1 Version: 2.4.2.3941{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 22/11/2008 18:05:14Date (last access): 10/12/2008 22:21:42 Date (last write): 15/09/2008 14:25:44 Filesize: 1562960 Attributes: readonly hidden sysfile archive MD5: 35F73F1936BDE91F1B6995510A61E7A8 CRC32: BE6A5D15 Version: 1.6.2.14{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0\bin\ Long name: ssv.dll Short name: Date (created): 01/08/2007 10:01:24Date (last access): 10/12/2008 22:17:38 Date (last write): 01/08/2007 10:01:24 Filesize: 501384 Attributes: archive MD5: C647547F1BB66FA0BE237CAFC49EA5F9 CRC32: C4215F57 Version: 6.0.0.104{7E853D72-626A-48EC-A868-BA8D5E23E045} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Sign-in Helper Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 20/09/2007 09:30:18Date (last access): 10/12/2008 22:14:08 Date (last write): 20/09/2007 09:30:18 Filesize: 328752 Attributes: archive MD5: 59CF5BF6684AFCF906CADAD39B4214DE CRC32: C363813C Version: 4.200.520.1{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Toolbar Helper Path: C:\Program Files\Windows Live Toolbar\ Long name: msntb.dll Short name: Date (created): 19/10/2007 10:20:48Date (last access): 10/12/2008 22:17:38 Date (last write): 19/10/2007 10:20:48 Filesize: 546320 Attributes: archive MD5: CEE1BE1DA21300208D07FBEAE9EA2B51 CRC32: 12446524 Version: 3.1.0.146--- ActiveX list ---{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) DPF name: CLSID name: WUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf Codebase: http://www.update.microsoft.com/windowsupd...b?1209732486552 description: classification: Legitimate known filename: wuweb.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: wuweb.dll Short name: Date (created): 01/08/2007 09:30:54Date (last access): 10/12/2008 22:12:20 Date (last write): 16/10/2008 14:13:40 Filesize: 202776 Attributes: archive MD5: 1865594AFE88C27A127FF4CF492734B0 CRC32: F48FD025 Version: 7.2.6001.788{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0\bin\ Long name: npjpi160.dll Short name: Date (created): 01/08/2007 10:01:24Date (last access): 06/12/2008 19:41:10 Date (last write): 01/08/2007 10:01:24 Filesize: 132744 Attributes: archive MD5: A0F84B2A1901E47A625FE6E68EF4053E CRC32: 46A49529 Version: 6.0.0.104{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab description: classification: Open for discussion known filename: info link: info source: Safer Networking Ltd.{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Installer: Codebase: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab description: classification: Legitimate known filename: MessengerStatsPAClient.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: MessengerStatsPAClient.dll Short name: MESSEN~1.DLL Date (created): 22/02/2007 22:41:12Date (last access): 06/12/2008 19:29:48 Date (last write): 22/02/2007 22:41:12 Filesize: 304544 Attributes: archive MD5: 8945CCA5FC4F25168E8B6F401EFAF51F CRC32: 0F12FD23 Version: 9.5.6907.1{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi160.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0\bin\ Long name: npjpi160.dll Short name: Date (created): 01/08/2007 10:01:24Date (last access): 10/12/2008 22:28:18 Date (last write): 01/08/2007 10:01:24 Filesize: 132744 Attributes: archive MD5: A0F84B2A1901E47A625FE6E68EF4053E CRC32: 46A49529 Version: 6.0.0.104{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0\bin\ Long name: npjpi160.dll Short name: Date (created): 01/08/2007 10:01:24Date (last access): 10/12/2008 22:28:18 Date (last write): 01/08/2007 10:01:24 Filesize: 132744 Attributes: archive MD5: A0F84B2A1901E47A625FE6E68EF4053E CRC32: 46A49529 Version: 6.0.0.104--- Process list ---PID: 0 ( 0) [system]PID: 772 ( 4) \SystemRoot\System32\smss.exe size: 50688PID: 824 ( 772) \??\C:\WINDOWS\system32\csrss.exe size: 6144PID: 848 ( 772) \??\C:\WINDOWS\system32\winlogon.exe size: 507904PID: 892 ( 848) C:\WINDOWS\system32\services.exe size: 108544 MD5: 0E776ED5F7CC9F94299E70461B7B8185PID: 904 ( 848) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: BF2466B3E18E970D8A976FB95FC1CA85PID: 1076 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 1124 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 1268 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 1312 ( 892) c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe size: 98304 MD5: 2E83AD127667AA4E704011F71AA1351BPID: 1604 (1572) C:\WINDOWS\Explorer.EXE size: 1033728 MD5: 12896823FB95BFB3DC9B46BCAEDC9923PID: 1940 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 2012 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 480 ( 892) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3BPID: 532 ( 892) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe size: 68865 MD5: D6C8942BEA3698A2E7559BD423BFA5D7PID: 1928 ( 892) C:\WINDOWS\system32\agrsmsvc.exe size: 9216 MD5: 39E435C90C9C4F780FA0ED05CA3C3A1BPID: 1948 ( 892) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe size: 151297 MD5: 335A142923FE7F97E8C8388ACD067568PID: 1968 ( 892) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe size: 30312 MD5: 6163664C7E9CD110AF70180C126C3FDCPID: 2036 ( 892) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe size: 40960 MD5: 3CB0CC8879956C187E87E18634EE5164PID: 276 ( 892) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE size: 322120 MD5: 11F714F85530A2BD134074DC30E99FCAPID: 400 ( 892) c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe size: 69632 MD5: B037FA1C3E09C06381192DF11CDA4AD6PID: 1992 ( 892) c:\Program Files\Sophos\AutoUpdate\ALsvc.exe size: 172032 MD5: A2FC88DC4F21C7BB8693955D5E8D3DBBPID: 792 ( 892) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 684 ( 892) C:\WINDOWS\system32\TODDSrv.exe size: 114688 MD5: D540858E65BFA6FDED41AD2495ECE344PID: 1160 ( 892) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe size: 125048 MD5: 87843B2DA99051BC66E2D6C211E3D6A4PID: 1084 ( 892) C:\WINDOWS\system32\wdfmgr.exe size: 38912 MD5: C81B8635DEE0D3EF5F64B3DD643023A5PID: 1208 ( 892) C:\Program Files\RealVNC\VNC4\WinVNC4.exe size: 439632 MD5: F3EDC9909A02E6BCA863EB702D37B505PID: 2876 (1604) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3PID: 3020 ( 892) C:\WINDOWS\System32\alg.exe size: 44544 MD5: 8C515081584A38AA007909CD02020B3DPID: 3968 (3948) C:\Program Files\Apoint2K\Apntex.exe size: 45056 MD5: CCA1B81492B40890E44B2B20A780EE1FPID: 2328 ( 892) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18PID: 2964 (3108) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe size: 266497 MD5: 6E812818306D460D62B4ABEA9FDC6679PID: 2568 (3736) C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe size: 45056 MD5: 5CFBB9FCD1A9038A04C64B99E898648APID: 2576 (1604) C:\Program Files\Mozilla Firefox\firefox.exe size: 307712 MD5: BAC6F7DE724D7F30EBD78648C86B4617PID: 716 (1604) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4891472 MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855PID: 680 (1268) C:\WINDOWS\system32\wuauclt.exe size: 51224 MD5: E654B78D2F1D791B30D0ED9A8195EC22PID: 4 ( 0) System--- Browser start & search pages list ---Spybot - Search & Destroy browser pages report, 10/12/2008 22:28:17HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL http://www.google.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htmHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.yahoo.co.uk/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.google.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://www.google.com/search?q=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL http://www.google.com/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service ProviderProtocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service ProviderProtocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B65663-9D04-483B-824F-32036D43801A}] SEQPACKET 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B65663-9D04-483B-824F-32036D43801A}] DATAGRAM 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67D10E51-B4DA-4E19-8724-061323186BDB}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67D10E51-B4DA-4E19-8724-061323186BDB}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55024CCA-8895-4B5E-92EE-4954C13D3283}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55024CCA-8895-4B5E-92EE-4954C13D3283}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11C3A07F-387A-48C8-BAD5-710A153D0EAF}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11C3A07F-387A-48C8-BAD5-710A153D0EAF}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E8CF3A9-9A25-47C5-A0C3-82539AF95034}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E8CF3A9-9A25-47C5-A0C3-82539AF95034}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFCC6C54-FB7D-4412-A07C-DD9FC71F35ED}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFCC6C54-FB7D-4412-A07C-DD9FC71F35ED}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IPNamespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDSNamespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace I am only able to use firefox as my browser & can't access my MSN or use internet Explorer still. Link to post Share on other sites More sharing options...
Tigger93 Posted December 10, 2008 ID:39398 Share Posted December 10, 2008 Those are all tracking cookies, nothing to worry about.Can you please post a HijackThis log? Link to post Share on other sites More sharing options...
wes Posted December 11, 2008 Author ID:39545 Share Posted December 11, 2008 Those are all tracking cookies, nothing to worry about.Can you please post a HijackThis log?Thanks for that!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:08:29, on 11/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exec:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\WINDOWS\system32\TCtrlIOHook.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\ZoomingHook.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\TOSHIBA\ConfigFree\CFSServ.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Sophos\AutoUpdate\ALMon.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\utils\DigiGuide TV Guide\digiguide.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Zooming] ZoomingHook.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exeO4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLLO22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 10191 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted December 11, 2008 ID:39593 Share Posted December 11, 2008 Hi.Open HijackThis and put a check next to these:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)Click Fix Checked then close HJT.Update Malwarebytes' Anti-Malware, run a scan and post that log and a new HJT log please. Link to post Share on other sites More sharing options...
wes Posted December 11, 2008 Author ID:39610 Share Posted December 11, 2008 Hi.Open HijackThis and put a check next to these:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)Click Fix Checked then close HJT.Update Malwarebytes' Anti-Malware, run a scan and post that log and a new HJT log please. Link to post Share on other sites More sharing options...
wes Posted December 11, 2008 Author ID:39613 Share Posted December 11, 2008 Hi thanks again! latest update is 10/22/08 can't get update says need to mahe sure I'm connected to the internet and check firewall settings to allow MWB to run- which I had anyway Malwarebytes' Anti-Malware 1.30Database version: 1306Windows 5.1.2600 Service Pack 311/12/2008 22:47:46mbam-log-2008-12-11 (22-47-46).txtScan type: Quick ScanObjects scanned: 51446Time elapsed: 5 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:58:16, on 11/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exec:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\WINDOWS\system32\TCtrlIOHook.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\ZoomingHook.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\TOSHIBA\ConfigFree\CFSServ.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Sophos\AutoUpdate\ALMon.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\utils\DigiGuide TV Guide\digiguide.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Zooming] ZoomingHook.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exeO4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLLO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 9679 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted December 12, 2008 ID:39623 Share Posted December 12, 2008 Please go here and install the latest version of MBAM. After installing, restart your computer, try to update, then run a scan and post the new log. Link to post Share on other sites More sharing options...
wes Posted December 13, 2008 Author ID:39802 Share Posted December 13, 2008 Please go here and install the latest version of MBAM. After installing, restart your computer, try to update, then run a scan and post the new log.Hi here's latest mbamMalwarebytes' Anti-Malware 1.31Database version: 1456Windows 5.1.2600 Service Pack 313/12/2008 10:35:34mbam-log-2008-12-13 (10-35-34).txtScan type: Quick ScanObjects scanned: 53849Time elapsed: 1 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 9Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\virtrigger (Rogue.VirusTrigger) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.Files Infected:C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Tigger93 Posted December 13, 2008 ID:39817 Share Posted December 13, 2008 Empty MalwareBytes Quarantine by clicking the quarantine tab and then click Remove AllRestart your computer. Are you still having any problems? Link to post Share on other sites More sharing options...
wes Posted December 13, 2008 Author ID:39868 Share Posted December 13, 2008 Empty MalwareBytes Quarantine by clicking the quarantine tab and then click Remove All[/bRestart your computer. Are you still having any problems?Still cannot access my msn or Internet Explorer only Firefox. Maybe it's an ISP issue?? Link to post Share on other sites More sharing options...
Tigger93 Posted December 14, 2008 ID:39988 Share Posted December 14, 2008 Let's take a deeper look just to make sure.Download ComboFix from one of the locations below, and save it to your Desktop. Link 1Link 2Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
wes Posted December 14, 2008 Author ID:39999 Share Posted December 14, 2008 Let's take a deeper look just to make sure.Download ComboFix from one of the locations below, and save it to your Desktop. Link 1Link 2Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall[/quote Thanks! here are the requested logs:-ComboFix 08-12-14.03 - teacher 2008-12-14 21:54:00.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1512 [GMT 0:00]Running from: c:\documents and settings\teacher\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))).2008-12-13 09:38 . 2008-12-13 09:38 244 --ah----- C:\sqmnoopt03.sqm2008-12-13 09:38 . 2008-12-13 09:38 232 --ah----- C:\sqmdata03.sqm2008-12-13 09:35 . 2008-12-13 09:35 268 --ah----- C:\sqmdata02.sqm2008-12-13 09:35 . 2008-12-13 09:35 244 --ah----- C:\sqmnoopt02.sqm2008-12-11 22:35 . 2008-12-11 22:35 244 --ah----- C:\sqmnoopt01.sqm2008-12-11 22:35 . 2008-12-11 22:35 232 --ah----- C:\sqmdata01.sqm2008-12-11 22:34 . 2008-12-11 22:34 292 --ah----- C:\sqmdata00.sqm2008-12-11 22:34 . 2008-12-11 22:34 244 --ah----- C:\sqmnoopt00.sqm2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trend Micro2008-12-05 20:29 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys2008-12-05 20:28 . 2008-12-05 20:28 <DIR> d-------- c:\program files\Panda Security2008-12-03 03:28 . 2008-12-03 03:27 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys2008-12-03 03:27 . 2008-12-03 03:28 <DIR> d-------- c:\documents and settings\teacher\.housecall6.62008-12-01 22:05 . 2008-12-13 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\teacher\Application Data\Malwarebytes2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2008-12-01 22:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2008-12-01 22:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys2008-11-29 00:12 . 2008-11-29 00:12 99,970 --a------ c:\windows\UninstallFirefox.exe2008-11-29 00:12 . 2008-11-29 00:12 2,648 --a------ c:\windows\mozver.dat2008-11-29 00:12 . 2008-11-29 00:12 0 --a------ c:\windows\nsreg.dat2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\program files\Avira2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira2008-11-27 14:49 . 2008-11-27 14:49 <DIR> d--h----- c:\windows\PIF2008-11-27 14:36 . 2008-11-27 14:32 130,104 --a------ c:\windows\system32\sdccoinstaller.dll2008-11-27 14:33 . 2008-11-27 14:33 14,976 --a------ c:\windows\system32\drivers\SophosBootDriver.sys2008-11-27 01:41 . 2008-11-27 01:41 <DIR> d-------- c:\program files\RealVNC2008-11-26 20:25 . 2008-11-26 20:25 0 --a------ c:\windows\ToDisc.INI2008-11-22 18:19 . 2008-11-22 18:19 <DIR> d-------- c:\windows\system32\LogFiles2008-11-22 18:05 . 2008-11-27 15:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy2008-11-22 18:05 . 2008-11-22 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-22 03:28 . 2008-11-22 03:29 <DIR> d-------- c:\program files\Windows Live Safety Center2008-11-22 00:17 . 2008-11-22 10:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2008-11-22 00:17 . 2008-11-22 00:17 174 --a------ C:\44r4354.bat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-29 01:13 --------- d-----w c:\program files\Google2008-11-27 19:21 --------- d-----w c:\documents and settings\teacher\Application Data\toshiba2008-11-27 14:33 35,584 ----a-w c:\windows\system32\drivers\savonaccessfilter.sys2008-11-27 14:33 104,704 ----a-w c:\windows\system32\drivers\savonaccesscontrol.sys2008-11-22 10:44 --------- d-----w c:\program files\Common Files\Adobe2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-21 02:00 --------- d-----w c:\program files\Microsoft Silverlight2006-12-12 10:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll2006-07-28 15:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 c:\windows\system32\TCtrlIOHook.exe]"TFncKy"="TFncKy.exe" [bU]"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]"TPSMain"="TPSMain.exe" [2005-08-11 c:\windows\system32\TPSMain.exe]"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]"NDSTray.exe"="NDSTray.exe" [bU]"CFSServ.exe"="CFSServ.exe" [bU][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]c:\documents and settings\teacher\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk - c:\program files\utils\DigiGuide TV Guide\Client.exe [2008-05-09 180224]c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 245760][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]@="service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"="c:\\WINDOWS\\system32\\sol.exe"="c:\\WINDOWS\\system32\\spider.exe"="c:\\Program Files\\Toshiba\\Accessibility\\TAccessibility.exe"="c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"="c:\\Program Files\\Toshiba\\TOSHIBA Assist\\TInTouch.exe"="c:\\WINDOWS\\system32\\cselect.exe"="c:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavMain.exe"="c:\\Program Files\\Toshiba\\ConfigFree\\cfmain.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents and Settings\\teacher\\Desktop\\msgr9us-1.exe"="c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-05 28544]R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-05-02 104704]R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-05-02 35584]R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-11-27 69632]R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-11-27 98304]R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys []S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-11-27 14976].Contents of the 'Scheduled Tasks' folder2008-12-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20].- - - - ORPHANS REMOVED - - - -HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe.------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.co.uk/uDefault_Search_URL = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/mSearch Bar = hxxp://www.google.com/mSearchMigratedDefaultURL = hxxp://www.google.com/uInternet Settings,ProxyServer = proxy1.equinoxsolutions.com:80uInternet Settings,ProxyOverride = <local>uSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchURL = hxxp://www.google.com/IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\teacher\Application Data\Mozilla\Firefox\Profiles\wo2ypnqd.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dllFF - plugin: c:\program files\Picasa2\npPicasa2.dllFF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-14 22:07:03Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exec:\program files\Toshiba\TOSHIBA Controls\TFncKy.exec:\windows\system32\igfxsrvc.exec:\program files\Toshiba\ConfigFree\NDSTray.exec:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exec:\program files\Toshiba\ConfigFree\CFSServ.exec:\windows\system32\dwwin.exec:\windows\system32\agrsmsvc.exec:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exec:\program files\Toshiba\ConfigFree\CFSvcs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\TPSBattM.exec:\program files\Apoint2K\ApntEx.exec:\program files\utils\DigiGuide TV Guide\DigiGuide.exec:\program files\Sophos\AutoUpdate\ALsvc.exec:\windows\system32\TODDSrv.exec:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exec:\windows\system32\wdfmgr.exec:\program files\RealVNC\VNC4\winvnc4.exec:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exec:\windows\system32\dwwin.exe.**************************************************************************.Completion time: 2008-12-14 22:08:58 - machine was rebootedComboFix-quarantined-files.txt 2008-12-14 22:08:55Pre-Run: 185,143,611,392 bytes freePost-Run: 185,048,801,280 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect216 --- E O F --- 2008-12-14 21:25:07Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:20:37, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\WINDOWS\system32\TCtrlIOHook.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\ZoomingHook.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\dwwin.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Sophos\AutoUpdate\ALMon.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\utils\DigiGuide TV Guide\digiguide.exec:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exec:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\dwwin.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Zooming] ZoomingHook.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exeO4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 9480 bytes Link to post Share on other sites More sharing options...
Tigger93 Posted December 15, 2008 ID:40043 Share Posted December 15, 2008 1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\44r4354.bat3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log. Link to post Share on other sites More sharing options...
wes Posted December 15, 2008 Author ID:40172 Share Posted December 15, 2008 1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.Latest logs- I really appreciate all this helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:19:13, on 15/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\WINDOWS\system32\TCtrlIOHook.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\ZoomingHook.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Sophos\AutoUpdate\ALMon.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\utils\DigiGuide TV Guide\digiguide.exec:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exec:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TDispVol] TDispVol.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Zooming] ZoomingHook.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startupO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exeO4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 9326 bytesComboFix 08-12-14.03 - teacher 2008-12-15 22:56:50.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1515 [GMT 0:00]Running from: c:\documents and settings\teacher\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\teacher\Desktop\CFScript.txt * Created a new restore pointFILE ::C:\44r4354.bat.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\44r4354.bat.((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))).2008-12-13 09:38 . 2008-12-13 09:38 244 --ah----- C:\sqmnoopt03.sqm2008-12-13 09:38 . 2008-12-13 09:38 232 --ah----- C:\sqmdata03.sqm2008-12-13 09:35 . 2008-12-13 09:35 268 --ah----- C:\sqmdata02.sqm2008-12-13 09:35 . 2008-12-13 09:35 244 --ah----- C:\sqmnoopt02.sqm2008-12-11 22:35 . 2008-12-11 22:35 244 --ah----- C:\sqmnoopt01.sqm2008-12-11 22:35 . 2008-12-11 22:35 232 --ah----- C:\sqmdata01.sqm2008-12-11 22:34 . 2008-12-11 22:34 292 --ah----- C:\sqmdata00.sqm2008-12-11 22:34 . 2008-12-11 22:34 244 --ah----- C:\sqmnoopt00.sqm2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trend Micro2008-12-05 20:29 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys2008-12-05 20:28 . 2008-12-05 20:28 <DIR> d-------- c:\program files\Panda Security2008-12-03 03:28 . 2008-12-03 03:27 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys2008-12-03 03:27 . 2008-12-03 03:28 <DIR> d-------- c:\documents and settings\teacher\.housecall6.62008-12-01 22:05 . 2008-12-13 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\teacher\Application Data\Malwarebytes2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2008-12-01 22:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2008-12-01 22:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys2008-11-29 00:12 . 2008-11-29 00:12 99,970 --a------ c:\windows\UninstallFirefox.exe2008-11-29 00:12 . 2008-11-29 00:12 2,648 --a------ c:\windows\mozver.dat2008-11-29 00:12 . 2008-11-29 00:12 0 --a------ c:\windows\nsreg.dat2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\program files\Avira2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira2008-11-27 14:49 . 2008-11-27 14:49 <DIR> d--h----- c:\windows\PIF2008-11-27 14:36 . 2008-11-27 14:32 130,104 --a------ c:\windows\system32\sdccoinstaller.dll2008-11-27 14:33 . 2008-11-27 14:33 14,976 --a------ c:\windows\system32\drivers\SophosBootDriver.sys2008-11-27 01:41 . 2008-11-27 01:41 <DIR> d-------- c:\program files\RealVNC2008-11-26 20:25 . 2008-11-26 20:25 0 --a------ c:\windows\ToDisc.INI2008-11-22 18:19 . 2008-11-22 18:19 <DIR> d-------- c:\windows\system32\LogFiles2008-11-22 18:05 . 2008-11-27 15:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy2008-11-22 18:05 . 2008-11-22 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-22 03:28 . 2008-11-22 03:29 <DIR> d-------- c:\program files\Windows Live Safety Center2008-11-22 00:17 . 2008-11-22 10:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-29 01:13 --------- d-----w c:\program files\Google2008-11-27 19:21 --------- d-----w c:\documents and settings\teacher\Application Data\toshiba2008-11-27 14:33 35,584 ----a-w c:\windows\system32\drivers\savonaccessfilter.sys2008-11-27 14:33 104,704 ----a-w c:\windows\system32\drivers\savonaccesscontrol.sys2008-11-27 14:32 23,552 ----a-w c:\windows\system32\SophosBootTasks.exe2008-11-22 10:44 --------- d-----w c:\program files\Common Files\Adobe2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll2008-10-21 02:00 --------- d-----w c:\program files\Microsoft Silverlight2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys2006-12-12 10:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll2006-07-28 15:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 c:\windows\system32\TCtrlIOHook.exe]"TFncKy"="TFncKy.exe" [bU]"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]"TPSMain"="TPSMain.exe" [2005-08-11 c:\windows\system32\TPSMain.exe]"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]"NDSTray.exe"="NDSTray.exe" [bU]"CFSServ.exe"="CFSServ.exe" [bU][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]c:\documents and settings\teacher\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk - c:\program files\utils\DigiGuide TV Guide\Client.exe [2008-05-09 180224]c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 245760][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]@="service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"="c:\\WINDOWS\\system32\\sol.exe"="c:\\WINDOWS\\system32\\spider.exe"="c:\\Program Files\\Toshiba\\Accessibility\\TAccessibility.exe"="c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"="c:\\Program Files\\Toshiba\\TOSHIBA Assist\\TInTouch.exe"="c:\\WINDOWS\\system32\\cselect.exe"="c:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavMain.exe"="c:\\Program Files\\Toshiba\\ConfigFree\\cfmain.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents and Settings\\teacher\\Desktop\\msgr9us-1.exe"="c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-05 28544]R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-05-02 104704]R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-05-02 35584]R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-11-27 69632]R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-11-27 98304]R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys []S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-11-27 14976]*Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder2008-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.co.uk/uDefault_Search_URL = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/mSearch Bar = hxxp://www.google.com/mSearchMigratedDefaultURL = hxxp://www.google.com/uInternet Settings,ProxyServer = proxy1.equinoxsolutions.com:80uInternet Settings,ProxyOverride = <local>uSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchURL = hxxp://www.google.com/IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\teacher\Application Data\Mozilla\Firefox\Profiles\wo2ypnqd.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dllFF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dllFF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dllFF - plugin: c:\program files\Picasa2\npPicasa2.dllFF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 23:08:31Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-12-15 23:09:20ComboFix-quarantined-files.txt 2008-12-15 23:09:17ComboFix2.txt 2008-12-14 22:09:00Pre-Run: 184,959,668,224 bytes freePost-Run: 184,948,744,192 bytes free205 --- E O F --- 2008-12-15 16:43:27 Link to post Share on other sites More sharing options...
Tigger93 Posted December 16, 2008 ID:40191 Share Posted December 16, 2008 I don't see anything. Are you still having any problems? Link to post Share on other sites More sharing options...
wes Posted December 16, 2008 Author ID:40194 Share Posted December 16, 2008 Still can't get online with Internet Explorer, but odd that no probs with Firefoxdoes the following diagnostic show anythingLast diagnostic run time: 12/16/08 01:27:57 HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity info FTP (Passive): Successfully connected to ftp.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established error Could not make an HTTP connection. error Could not make an HTTPS connection. info Redirecting user to support call DNS Client Diagnostic DNS - Not a home user scenario info Using Web Proxy: yes No DNS servers DNS failure Gateway Diagnostic Gateway info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:proxy1.equinoxsolutions.com:80 Proxy Bypass list:<local> info This computer has the following default gateway entry(ies): 192.168.1.1 info This computer has the following IP address(es): 192.168.1.57 info The default gateway is in the same subnet as this computer info The default gateway entry is a valid unicast address info The default gateway address was resolved via ARP in 1 try(ies) info The default gateway was reached via ICMP Ping in 1 try(ies) info Skipped gateway connectivity check because of IE proxy configuration IP Layer Diagnostic Corrupted IP routing table info The default route is valid info The loopback route is valid info The local host route is valid info The local subnet route is valid Invalid ARP cache entries action The ARP cache has been flushed IP Configuration Diagnostic Invalid IP address info Valid IP address detected: 192.168.1.57 Wireless Diagnostic Wireless - Service disabled Wireless - User SSID Wireless - First time setup Wireless - Radio off Wireless - Out of range Wireless - Hardware issue Wireless - Novice user Wireless - Ad-hoc network Wireless - Less preferred Wireless - 802.1x enabled Wireless - Configuration mismatch Wireless - Low SNR WinSock Diagnostic WinSock status info All base service provider entries are present in the Winsock catalog. info The Winsock Service provider chains are valid. info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test. info Provider entry MSAFD Tcpip [uDP/IP] passed the loopback communication test. info Provider entry RSVP UDP Service Provider passed the loopback communication test. info Provider entry RSVP TCP Service Provider passed the loopback communication test. info Connectivity is valid for all Winsock service providers. Network Adapter Diagnostic Network location detection info Using home Internet connection Network adapter identification info Network connection: Name=Local Area Connection, Device=Realtek RTL8139/810x Family Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN info Network connection: Name=Wireless Network Connection, Device=Atheros AR5007EG Wireless Network Adapter, MediaType=LAN, SubMediaType=WIRELESS info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394 info Network connection: Name=Orange Broadband Connection, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE info Network connection: Name=Internet Connection, Device=Internet Connection, MediaType=SHARED ACCESS HOST LAN, SubMediaType=NONE info Both Ethernet and Wireless connections available, prompting user for selection action User input required: Select network connection info Ethernet connection selected Network adapter status info Network connection status: Connected HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity info FTP (Passive): Successfully connected to ftp.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established error Could not make an HTTP connection. error Could not make an HTTPS connection. Link to post Share on other sites More sharing options...
Tigger93 Posted December 16, 2008 ID:40216 Share Posted December 16, 2008 Fix this with HJT:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80And see if that fixes the problem. Link to post Share on other sites More sharing options...
Recommended Posts