Jump to content

Recommended Posts

I was having issues on my laptop and I think I've managed to clean it but I just wanted someone to verify

Logs:

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 3

05/12/2008 19:38:18

mbam-log-2008-12-05 (19-38-18).txt

Scan type: Quick Scan

Objects scanned: 50619

Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****************************************

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-05 21:17:07

PROTECTIONS: 1

MALWARE: 16

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Sophos Antivirus 7.6.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@trafficmp[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@atdmt[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@tribalfusion[1].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@anm.co[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@com[1].txt

00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@hotlog[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@www.burstbeacon[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@adtech[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@ads.pointroll[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@overture[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\teacher\Cookies\teacher@questionmarket[1].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location _8

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description _8

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

**********************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:20:54, on 05/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9372 bytes

Link to post
Share on other sites

Sorry for the delay. Do you still require any assistance?

YES PLEASE ! I'm not sure if I'm clean, previous scan looked good- as in nothing found. Just did another scan on Spybot & got the following :

--- Search result list ---

Hint of the Day: Click the bar at the right of this to see more information! ()

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

BlueStreak: Tracking cookie (Firefox: default) (Cookie, nothing done)

Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)

Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)

Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-11-22 unins000.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-10-22 advcheck.dll (1.6.2.13)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-10-22 Tools.dll (2.1.6.8)

2008-11-04 Includes\Adware.sbi (*)

2008-11-25 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-09-02 Includes\Dialer.sbi (*)

2008-09-09 Includes\DialerC.sbi (*)

2008-07-23 Includes\HeavyDuty.sbi (*)

2008-11-18 Includes\Hijackers.sbi (*)

2008-11-18 Includes\HijackersC.sbi (*)

2008-09-09 Includes\Keyloggers.sbi (*)

2008-11-18 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-11-18 Includes\Malware.sbi (*)

2008-12-03 Includes\MalwareC.sbi (*)

2008-11-03 Includes\PUPS.sbi (*)

2008-12-02 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-12-02 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-11-04 Includes\Spyware.sbi (*)

2008-12-02 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-11-04 Includes\Trojans.sbi (*)

2008-12-02 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows XP (Build: 2600) Service Pack 3 (5.1.2600)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2

/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)

/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)

/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs

/ Windows / SP1: Microsoft National Language Support Downlevel APIs

/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)

/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)

/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)

/ Windows XP: Security Update for Windows XP (KB923689)

/ Windows XP: Security Update for Windows XP (KB941569)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)

/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)

/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)

/ Windows XP / SP3: Windows XP Service Pack 3

/ Windows XP / SP4: Security Update for Windows XP (KB938464)

/ Windows XP / SP4: Security Update for Windows XP (KB946648)

/ Windows XP / SP4: Security Update for Windows XP (KB950760)

/ Windows XP / SP4: Security Update for Windows XP (KB950762)

/ Windows XP / SP4: Security Update for Windows XP (KB950974)

/ Windows XP / SP4: Security Update for Windows XP (KB951066)

/ Windows XP / SP4: Update for Windows XP (KB951072-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB951376)

/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)

/ Windows XP / SP4: Security Update for Windows XP (KB951698)

/ Windows XP / SP4: Security Update for Windows XP (KB951748)

/ Windows XP / SP4: Update for Windows XP (KB951978)

/ Windows XP / SP4: Hotfix for Windows XP (KB952287)

/ Windows XP / SP4: Security Update for Windows XP (KB952954)

/ Windows XP / SP4: Security Update for Windows XP (KB953839)

/ Windows XP / SP4: Security Update for Windows XP (KB954211)

/ Windows XP / SP4: Security Update for Windows XP (KB954459)

/ Windows XP / SP4: Security Update for Windows XP (KB955069)

/ Windows XP / SP4: Security Update for Windows XP (KB956391)

/ Windows XP / SP4: Security Update for Windows XP (KB956803)

/ Windows XP / SP4: Security Update for Windows XP (KB956841)

/ Windows XP / SP4: Security Update for Windows XP (KB957095)

/ Windows XP / SP4: Security Update for Windows XP (KB957097)

/ Windows XP / SP4: Security Update for Windows XP (KB958644)

--- Startup entries list ---

Located: HK_LM:Run,

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, Alcmtr

command: ALCMTR.EXE

file: C:\WINDOWS\ALCMTR.EXE

size: 69632

MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, Apoint

command: C:\Program Files\Apoint2K\Apoint.exe

file: C:\Program Files\Apoint2K\Apoint.exe

size: 196608

MD5: 8EBBF7E508EC363BD6933809D17A43A7

Located: HK_LM:Run, avgnt

command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

size: 266497

MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, CeEKEY

command: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

file: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

size: 651264

MD5: 2E0524F31E6D8315B71AC0681BAEA1A0

Located: HK_LM:Run, CFSServ.exe

command: CFSServ.exe -NoClient

file: CFSServ.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, DDWMon

command: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

file: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

size: 495616

MD5: 8A9350D8E866D162104D7A16F03D538D

Located: HK_LM:Run, HotKeysCmds

command: C:\WINDOWS\system32\hkcmd.exe

file: C:\WINDOWS\system32\hkcmd.exe

size: 162584

MD5: E1997E3312A591649AE8A456A5658D0E

Located: HK_LM:Run, HWSetup

command: C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

file: C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

size: 28672

MD5: A9701AB3582D15AF6F92B97DD0163AB6

Located: HK_LM:Run, IgfxTray

command: C:\WINDOWS\system32\igfxtray.exe

file: C:\WINDOWS\system32\igfxtray.exe

size: 142104

MD5: F94F81840A057E6998DDBF55EECD2C0B

Located: HK_LM:Run, NDSTray.exe

command: NDSTray.exe

file: NDSTray.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, Persistence

command: C:\WINDOWS\system32\igfxpers.exe

file: C:\WINDOWS\system32\igfxpers.exe

size: 138008

MD5: E907D015172A1B80A89D5B6B55C83A7E

Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

file: C:\WINDOWS\RTHDCPL.EXE

size: 16377344

MD5: 3A57538B12DE39F723BEE00E4A72FC4A

Located: HK_LM:Run, SmoothView

command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

size: 143360

MD5: D96EF52E211FFE5390BC13039F23CC29

Located: HK_LM:Run, SVPWUTIL

command: C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

file: C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe

size: 65536

MD5: 62ADD2BF01685E4269B2298BA54E3EF6

Located: HK_LM:Run, TCtryIOHook

command: TCtrlIOHook.exe

file: C:\WINDOWS\system32\TCtrlIOHook.exe

size: 28672

MD5: 93E9E2F7E303C6C85F162D1D2E6AA67B

Located: HK_LM:Run, TDispVol

command: TDispVol.exe

file: C:\WINDOWS\system32\TDispVol.exe

size: 73728

MD5: D6F801AFF5D095BF11FFB40EC4A75522

Located: HK_LM:Run, TFncKy

command: TFncKy.exe

file: TFncKy.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, topi

command: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

file: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

size: 581632

MD5: E1FAAF7915BC07352CCF1DFF37058414

Located: HK_LM:Run, TPNF

command: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

file: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

size: 53248

MD5: 7B4D848550D7E1CB8881A9BEF1DACE2F

Located: HK_LM:Run, TPSMain

command: TPSMain.exe

file: C:\WINDOWS\system32\TPSMain.exe

size: 266240

MD5: B6C23E30595780FE0C2AD70A07E59E1C

Located: HK_LM:Run, Zooming

command: ZoomingHook.exe

file: C:\WINDOWS\system32\ZoomingHook.exe

size: 24576

MD5: FD02F46A78C30F6CFF37C7FE37A16CC5

Located: HK_CU:Run, CTFMON.EXE

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, DWQueuedReporting

where: .DEFAULT...

command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

size: 434528

MD5: 29E177C7BB7343F365F12AD9A8AF4C48

Located: HK_CU:Run, TOSCDSPD

where: PE_C_ADMINISTRATOR...

command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

size: 65536

MD5: 43382739870D196C79454B327077D039

Located: HK_CU:Run, AdobeUpdater

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

file: C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: "C:\Program Files\Messenger\msmsgs.exe" /background

file: C:\Program Files\Messenger\msmsgs.exe

size: 1695232

MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, MsnMsgr

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

size: 5724184

MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, Picasa Media Detector

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: C:\Program Files\Picasa2\PicasaMediaDetector.exe

file: C:\Program Files\Picasa2\PicasaMediaDetector.exe

size: 443968

MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run, TOSCDSPD

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

size: 65536

MD5: 43382739870D196C79454B327077D039

Located: HK_CU:Run, VirTrigger

where: S-1-5-21-2409514809-3273457905-3423061011-1008...

command: "C:\Program Files\VirTrigger\VirTrigger.exe"

file: C:\Program Files\VirTrigger\VirTrigger.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, DWQueuedReporting

where: S-1-5-18...

command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

size: 434528

MD5: 29E177C7BB7343F365F12AD9A8AF4C48

Located: Startup (common), AutoUpdate Monitor.lnk

where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...

command: C:\Program Files\Sophos\AutoUpdate\ALMon.exe

file: C:\Program Files\Sophos\AutoUpdate\ALMon.exe

size: 245760

MD5: 4CF38637FADECCCC00013C0711DB3BBA

Located: Startup (user), DigiGuide TV Guide.lnk

where: C:\Documents and Settings\teacher\Start Menu\Programs\Startup...

command: C:\Program Files\utils\DigiGuide TV Guide\Client.exe

file: C:\Program Files\utils\DigiGuide TV Guide\Client.exe

size: 180224

MD5: 0E21708A38D95F1CA3ED92F90BE23F8B

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, igfxcui

command: igfxdev.dll

file: igfxdev.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (Sophos Web Content Scanner)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Sophos Web Content Scanner

Path: c:\Program Files\Sophos\Sophos Anti-Virus\

Long name: SophosBHO.dll

Short name: SOPHOS~2.DLL

Date (created): 27/11/2008 14:33:56

Date (last access): 10/12/2008 22:13:40

Date (last write): 27/11/2008 14:33:56

Filesize: 240696

Attributes: archive

MD5: CFC3AB2B75A8AF36960597D7F0E00569

CRC32: E36B88F1

Version: 2.4.2.3941

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name:

Date (created): 22/11/2008 18:05:14

Date (last access): 10/12/2008 22:21:42

Date (last write): 15/09/2008 14:25:44

Filesize: 1562960

Attributes: readonly hidden sysfile archive

MD5: 35F73F1936BDE91F1B6995510A61E7A8

CRC32: BE6A5D15

Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: SSVHelper Class

Path: C:\Program Files\Java\jre1.6.0\bin\

Long name: ssv.dll

Short name:

Date (created): 01/08/2007 10:01:24

Date (last access): 10/12/2008 22:17:38

Date (last write): 01/08/2007 10:01:24

Filesize: 501384

Attributes: archive

MD5: C647547F1BB66FA0BE237CAFC49EA5F9

CRC32: C4215F57

Version: 6.0.0.104

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Windows Live Sign-in Helper

Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\

Long name: WindowsLiveLogin.dll

Short name: WINDOW~1.DLL

Date (created): 20/09/2007 09:30:18

Date (last access): 10/12/2008 22:14:08

Date (last write): 20/09/2007 09:30:18

Filesize: 328752

Attributes: archive

MD5: 59CF5BF6684AFCF906CADAD39B4214DE

CRC32: C363813C

Version: 4.200.520.1

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Windows Live Toolbar Helper

Path: C:\Program Files\Windows Live Toolbar\

Long name: msntb.dll

Short name:

Date (created): 19/10/2007 10:20:48

Date (last access): 10/12/2008 22:17:38

Date (last write): 19/10/2007 10:20:48

Filesize: 546320

Attributes: archive

MD5: CEE1BE1DA21300208D07FBEAE9EA2B51

CRC32: 12446524

Version: 3.1.0.146

--- ActiveX list ---

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

DPF name:

CLSID name: WUWebControl Class

Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf

Codebase: http://www.update.microsoft.com/windowsupd...b?1209732486552

description:

classification: Legitimate

known filename: wuweb.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\

Long name: wuweb.dll

Short name:

Date (created): 01/08/2007 09:30:54

Date (last access): 10/12/2008 22:12:20

Date (last write): 16/10/2008 14:13:40

Filesize: 202776

Attributes: archive

MD5: 1865594AFE88C27A127FF4CF492734B0

CRC32: F48FD025

Version: 7.2.6001.788

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description: Sun Java

classification: Legitimate

known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

info link:

info source: Patrick M. Kolla

Path: C:\Program Files\Java\jre1.6.0\bin\

Long name: npjpi160.dll

Short name:

Date (created): 01/08/2007 10:01:24

Date (last access): 06/12/2008 19:41:10

Date (last write): 01/08/2007 10:01:24

Filesize: 132744

Attributes: archive

MD5: A0F84B2A1901E47A625FE6E68EF4053E

CRC32: 46A49529

Version: 6.0.0.104

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\erma.inf

Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

description:

classification: Open for discussion

known filename:

info link:

info source: Safer Networking Ltd.

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)

DPF name:

CLSID name: MessengerStatsClient Class

Installer:

Codebase: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

description:

classification: Legitimate

known filename: MessengerStatsPAClient.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files\

Long name: MessengerStatsPAClient.dll

Short name: MESSEN~1.DLL

Date (created): 22/02/2007 22:41:12

Date (last access): 06/12/2008 19:29:48

Date (last write): 22/02/2007 22:41:12

Filesize: 304544

Attributes: archive

MD5: 8945CCA5FC4F25168E8B6F401EFAF51F

CRC32: 0F12FD23

Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description:

classification: Legitimate

known filename: npjpi160.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Program Files\Java\jre1.6.0\bin\

Long name: npjpi160.dll

Short name:

Date (created): 01/08/2007 10:01:24

Date (last access): 10/12/2008 22:28:18

Date (last write): 01/08/2007 10:01:24

Filesize: 132744

Attributes: archive

MD5: A0F84B2A1901E47A625FE6E68EF4053E

CRC32: 46A49529

Version: 6.0.0.104

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description:

classification: Legitimate

known filename: npjpi150_06.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Program Files\Java\jre1.6.0\bin\

Long name: npjpi160.dll

Short name:

Date (created): 01/08/2007 10:01:24

Date (last access): 10/12/2008 22:28:18

Date (last write): 01/08/2007 10:01:24

Filesize: 132744

Attributes: archive

MD5: A0F84B2A1901E47A625FE6E68EF4053E

CRC32: 46A49529

Version: 6.0.0.104

--- Process list ---

PID: 0 ( 0) [system]

PID: 772 ( 4) \SystemRoot\System32\smss.exe

size: 50688

PID: 824 ( 772) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 848 ( 772) \??\C:\WINDOWS\system32\winlogon.exe

size: 507904

PID: 892 ( 848) C:\WINDOWS\system32\services.exe

size: 108544

MD5: 0E776ED5F7CC9F94299E70461B7B8185

PID: 904 ( 848) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: BF2466B3E18E970D8A976FB95FC1CA85

PID: 1076 ( 892) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1124 ( 892) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1268 ( 892) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 1312 ( 892) c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

size: 98304

MD5: 2E83AD127667AA4E704011F71AA1351B

PID: 1604 (1572) C:\WINDOWS\Explorer.EXE

size: 1033728

MD5: 12896823FB95BFB3DC9B46BCAEDC9923

PID: 1940 ( 892) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 2012 ( 892) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 480 ( 892) C:\WINDOWS\system32\spoolsv.exe

size: 57856

MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B

PID: 532 ( 892) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

size: 68865

MD5: D6C8942BEA3698A2E7559BD423BFA5D7

PID: 1928 ( 892) C:\WINDOWS\system32\agrsmsvc.exe

size: 9216

MD5: 39E435C90C9C4F780FA0ED05CA3C3A1B

PID: 1948 ( 892) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

size: 151297

MD5: 335A142923FE7F97E8C8388ACD067568

PID: 1968 ( 892) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

size: 30312

MD5: 6163664C7E9CD110AF70180C126C3FDC

PID: 2036 ( 892) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

size: 40960

MD5: 3CB0CC8879956C187E87E18634EE5164

PID: 276 ( 892) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

size: 322120

MD5: 11F714F85530A2BD134074DC30E99FCA

PID: 400 ( 892) c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

size: 69632

MD5: B037FA1C3E09C06381192DF11CDA4AD6

PID: 1992 ( 892) c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

size: 172032

MD5: A2FC88DC4F21C7BB8693955D5E8D3DBB

PID: 792 ( 892) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 684 ( 892) C:\WINDOWS\system32\TODDSrv.exe

size: 114688

MD5: D540858E65BFA6FDED41AD2495ECE344

PID: 1160 ( 892) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

size: 125048

MD5: 87843B2DA99051BC66E2D6C211E3D6A4

PID: 1084 ( 892) C:\WINDOWS\system32\wdfmgr.exe

size: 38912

MD5: C81B8635DEE0D3EF5F64B3DD643023A5

PID: 1208 ( 892) C:\Program Files\RealVNC\VNC4\WinVNC4.exe

size: 439632

MD5: F3EDC9909A02E6BCA863EB702D37B505

PID: 2876 (1604) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

PID: 3020 ( 892) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: 8C515081584A38AA007909CD02020B3D

PID: 3968 (3948) C:\Program Files\Apoint2K\Apntex.exe

size: 45056

MD5: CCA1B81492B40890E44B2B20A780EE1F

PID: 2328 ( 892) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18

PID: 2964 (3108) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

size: 266497

MD5: 6E812818306D460D62B4ABEA9FDC6679

PID: 2568 (3736) C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

size: 45056

MD5: 5CFBB9FCD1A9038A04C64B99E898648A

PID: 2576 (1604) C:\Program Files\Mozilla Firefox\firefox.exe

size: 307712

MD5: BAC6F7DE724D7F30EBD78648C86B4617

PID: 716 (1604) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4891472

MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

PID: 680 (1268) C:\WINDOWS\system32\wuauclt.exe

size: 51224

MD5: E654B78D2F1D791B30D0ED9A8195EC22

PID: 4 ( 0) System

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 10/12/2008 22:28:17

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.yahoo.co.uk/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@

http://www.google.com/search?q=%s

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL

http://www.google.com/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

http://www.google.com/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://www.google.com/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B65663-9D04-483B-824F-32036D43801A}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89B65663-9D04-483B-824F-32036D43801A}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67D10E51-B4DA-4E19-8724-061323186BDB}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67D10E51-B4DA-4E19-8724-061323186BDB}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55024CCA-8895-4B5E-92EE-4954C13D3283}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55024CCA-8895-4B5E-92EE-4954C13D3283}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11C3A07F-387A-48C8-BAD5-710A153D0EAF}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11C3A07F-387A-48C8-BAD5-710A153D0EAF}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E8CF3A9-9A25-47C5-A0C3-82539AF95034}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E8CF3A9-9A25-47C5-A0C3-82539AF95034}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFCC6C54-FB7D-4412-A07C-DD9FC71F35ED}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFCC6C54-FB7D-4412-A07C-DD9FC71F35ED}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

I am only able to use firefox as my browser & can't access my MSN or use internet Explorer still.

Link to post
Share on other sites

Those are all tracking cookies, nothing to worry about.

Can you please post a HijackThis log?

Thanks for that!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:29, on 11/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 10191 bytes

Link to post
Share on other sites

Hi.

Open HijackThis and put a check next to these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)

Click Fix Checked then close HJT.

Update Malwarebytes' Anti-Malware, run a scan and post that log and a new HJT log please. :angry:

Link to post
Share on other sites

Hi.

Open HijackThis and put a check next to these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [VirTrigger] "C:\Program Files\VirTrigger\VirTrigger.exe"

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O22 - SharedTaskScheduler: crimsonness - {e0feeb92-908e-46d2-8a66-88c5295f2629} - C:\WINDOWS\system32\tiltmeo.dll (file missing)

Click Fix Checked then close HJT.

Update Malwarebytes' Anti-Malware, run a scan and post that log and a new HJT log please. :angry:

Link to post
Share on other sites

Hi thanks again! latest update is 10/22/08 can't get update says need to mahe sure I'm connected to the internet and check firewall settings to allow MWB to run- which I had anyway

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 3

11/12/2008 22:47:46

mbam-log-2008-12-11 (22-47-46).txt

Scan type: Quick Scan

Objects scanned: 51446

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:58:16, on 11/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9679 bytes

Link to post
Share on other sites

Please go here and install the latest version of MBAM. After installing, restart your computer, try to update, then run a scan and post the new log.

Hi here's latest mbam

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 3

13/12/2008 10:35:34

mbam-log-2008-12-13 (10-35-34).txt

Scan type: Quick Scan

Objects scanned: 53849

Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\virtrigger (Rogue.VirusTrigger) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Let's take a deeper look just to make sure.

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Let's take a deeper look just to make sure.

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[/quote

Thanks! here are the requested logs:-

ComboFix 08-12-14.03 - teacher 2008-12-14 21:54:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1512 [GMT 0:00]

Running from: c:\documents and settings\teacher\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))

.

2008-12-13 09:38 . 2008-12-13 09:38 244 --ah----- C:\sqmnoopt03.sqm

2008-12-13 09:38 . 2008-12-13 09:38 232 --ah----- C:\sqmdata03.sqm

2008-12-13 09:35 . 2008-12-13 09:35 268 --ah----- C:\sqmdata02.sqm

2008-12-13 09:35 . 2008-12-13 09:35 244 --ah----- C:\sqmnoopt02.sqm

2008-12-11 22:35 . 2008-12-11 22:35 244 --ah----- C:\sqmnoopt01.sqm

2008-12-11 22:35 . 2008-12-11 22:35 232 --ah----- C:\sqmdata01.sqm

2008-12-11 22:34 . 2008-12-11 22:34 292 --ah----- C:\sqmdata00.sqm

2008-12-11 22:34 . 2008-12-11 22:34 244 --ah----- C:\sqmnoopt00.sqm

2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trend Micro

2008-12-05 20:29 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-05 20:28 . 2008-12-05 20:28 <DIR> d-------- c:\program files\Panda Security

2008-12-03 03:28 . 2008-12-03 03:27 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

2008-12-03 03:27 . 2008-12-03 03:28 <DIR> d-------- c:\documents and settings\teacher\.housecall6.6

2008-12-01 22:05 . 2008-12-13 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\teacher\Application Data\Malwarebytes

2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-01 22:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-01 22:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-29 00:12 . 2008-11-29 00:12 99,970 --a------ c:\windows\UninstallFirefox.exe

2008-11-29 00:12 . 2008-11-29 00:12 2,648 --a------ c:\windows\mozver.dat

2008-11-29 00:12 . 2008-11-29 00:12 0 --a------ c:\windows\nsreg.dat

2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\program files\Avira

2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-11-27 14:49 . 2008-11-27 14:49 <DIR> d--h----- c:\windows\PIF

2008-11-27 14:36 . 2008-11-27 14:32 130,104 --a------ c:\windows\system32\sdccoinstaller.dll

2008-11-27 14:33 . 2008-11-27 14:33 14,976 --a------ c:\windows\system32\drivers\SophosBootDriver.sys

2008-11-27 01:41 . 2008-11-27 01:41 <DIR> d-------- c:\program files\RealVNC

2008-11-26 20:25 . 2008-11-26 20:25 0 --a------ c:\windows\ToDisc.INI

2008-11-22 18:19 . 2008-11-22 18:19 <DIR> d-------- c:\windows\system32\LogFiles

2008-11-22 18:05 . 2008-11-27 15:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-22 18:05 . 2008-11-22 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-22 03:28 . 2008-11-22 03:29 <DIR> d-------- c:\program files\Windows Live Safety Center

2008-11-22 00:17 . 2008-11-22 10:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-22 00:17 . 2008-11-22 00:17 174 --a------ C:\44r4354.bat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-29 01:13 --------- d-----w c:\program files\Google

2008-11-27 19:21 --------- d-----w c:\documents and settings\teacher\Application Data\toshiba

2008-11-27 14:33 35,584 ----a-w c:\windows\system32\drivers\savonaccessfilter.sys

2008-11-27 14:33 104,704 ----a-w c:\windows\system32\drivers\savonaccesscontrol.sys

2008-11-22 10:44 --------- d-----w c:\program files\Common Files\Adobe

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 02:00 --------- d-----w c:\program files\Microsoft Silverlight

2006-12-12 10:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll

2006-07-28 15:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]

"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]

"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]

"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]

"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]

"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 c:\windows\system32\TCtrlIOHook.exe]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]

"TPSMain"="TPSMain.exe" [2005-08-11 c:\windows\system32\TPSMain.exe]

"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

"CFSServ.exe"="CFSServ.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\teacher\Start Menu\Programs\Startup\

DigiGuide TV Guide.lnk - c:\program files\utils\DigiGuide TV Guide\Client.exe [2008-05-09 180224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 245760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=

"c:\\WINDOWS\\system32\\sol.exe"=

"c:\\WINDOWS\\system32\\spider.exe"=

"c:\\Program Files\\Toshiba\\Accessibility\\TAccessibility.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=

"c:\\Program Files\\Toshiba\\TOSHIBA Assist\\TInTouch.exe"=

"c:\\WINDOWS\\system32\\cselect.exe"=

"c:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavMain.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\cfmain.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\teacher\\Desktop\\msgr9us-1.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-05 28544]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-05-02 104704]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-05-02 35584]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]

R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-11-27 69632]

R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-11-27 98304]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]

S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys []

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-11-27 14976]

.

Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.co.uk/

uDefault_Search_URL = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/

mSearch Bar = hxxp://www.google.com/

mSearchMigratedDefaultURL = hxxp://www.google.com/

uInternet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchURL = hxxp://www.google.com/

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\teacher\Application Data\Mozilla\Firefox\Profiles\wo2ypnqd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 22:07:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe

c:\program files\Toshiba\ConfigFree\CFSServ.exe

c:\windows\system32\dwwin.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Toshiba\ConfigFree\CFSvcs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\TPSBattM.exe

c:\program files\Apoint2K\ApntEx.exe

c:\program files\utils\DigiGuide TV Guide\DigiGuide.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\wdfmgr.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exe

c:\windows\system32\dwwin.exe

.

**************************************************************************

.

Completion time: 2008-12-14 22:08:58 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-14 22:08:55

Pre-Run: 185,143,611,392 bytes free

Post-Run: 185,048,801,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

216 --- E O F --- 2008-12-14 21:25:07

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:20:37, on 14/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9480 bytes

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\44r4354.bat

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

1. Please open Notepad
  • Click Start , then Run

  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt

  • A new HijackThis log.

Latest logs- I really appreciate all this help

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:19:13, on 15/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\utils\DigiGuide TV Guide\digiguide.exe

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\utils\DigiGuide TV Guide\Client.exe

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209732486552

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9326 bytes

ComboFix 08-12-14.03 - teacher 2008-12-15 22:56:50.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1515 [GMT 0:00]

Running from: c:\documents and settings\teacher\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\teacher\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\44r4354.bat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\44r4354.bat

.

((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))

.

2008-12-13 09:38 . 2008-12-13 09:38 244 --ah----- C:\sqmnoopt03.sqm

2008-12-13 09:38 . 2008-12-13 09:38 232 --ah----- C:\sqmdata03.sqm

2008-12-13 09:35 . 2008-12-13 09:35 268 --ah----- C:\sqmdata02.sqm

2008-12-13 09:35 . 2008-12-13 09:35 244 --ah----- C:\sqmnoopt02.sqm

2008-12-11 22:35 . 2008-12-11 22:35 244 --ah----- C:\sqmnoopt01.sqm

2008-12-11 22:35 . 2008-12-11 22:35 232 --ah----- C:\sqmdata01.sqm

2008-12-11 22:34 . 2008-12-11 22:34 292 --ah----- C:\sqmdata00.sqm

2008-12-11 22:34 . 2008-12-11 22:34 244 --ah----- C:\sqmnoopt00.sqm

2008-12-05 21:20 . 2008-12-05 21:20 <DIR> d-------- c:\program files\Trend Micro

2008-12-05 20:29 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-05 20:28 . 2008-12-05 20:28 <DIR> d-------- c:\program files\Panda Security

2008-12-03 03:28 . 2008-12-03 03:27 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys

2008-12-03 03:27 . 2008-12-03 03:28 <DIR> d-------- c:\documents and settings\teacher\.housecall6.6

2008-12-01 22:05 . 2008-12-13 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\teacher\Application Data\Malwarebytes

2008-12-01 22:05 . 2008-12-01 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-01 22:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-01 22:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-29 00:12 . 2008-11-29 00:12 99,970 --a------ c:\windows\UninstallFirefox.exe

2008-11-29 00:12 . 2008-11-29 00:12 2,648 --a------ c:\windows\mozver.dat

2008-11-29 00:12 . 2008-11-29 00:12 0 --a------ c:\windows\nsreg.dat

2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\program files\Avira

2008-11-28 21:49 . 2008-11-28 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-11-27 14:49 . 2008-11-27 14:49 <DIR> d--h----- c:\windows\PIF

2008-11-27 14:36 . 2008-11-27 14:32 130,104 --a------ c:\windows\system32\sdccoinstaller.dll

2008-11-27 14:33 . 2008-11-27 14:33 14,976 --a------ c:\windows\system32\drivers\SophosBootDriver.sys

2008-11-27 01:41 . 2008-11-27 01:41 <DIR> d-------- c:\program files\RealVNC

2008-11-26 20:25 . 2008-11-26 20:25 0 --a------ c:\windows\ToDisc.INI

2008-11-22 18:19 . 2008-11-22 18:19 <DIR> d-------- c:\windows\system32\LogFiles

2008-11-22 18:05 . 2008-11-27 15:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-22 18:05 . 2008-11-22 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-22 03:28 . 2008-11-22 03:29 <DIR> d-------- c:\program files\Windows Live Safety Center

2008-11-22 00:17 . 2008-11-22 10:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-29 01:13 --------- d-----w c:\program files\Google

2008-11-27 19:21 --------- d-----w c:\documents and settings\teacher\Application Data\toshiba

2008-11-27 14:33 35,584 ----a-w c:\windows\system32\drivers\savonaccessfilter.sys

2008-11-27 14:33 104,704 ----a-w c:\windows\system32\drivers\savonaccesscontrol.sys

2008-11-27 14:32 23,552 ----a-w c:\windows\system32\SophosBootTasks.exe

2008-11-22 10:44 --------- d-----w c:\program files\Common Files\Adobe

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-21 02:00 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2006-12-12 10:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll

2006-07-28 15:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008]

"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]

"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]

"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]

"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]

"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 c:\windows\system32\TCtrlIOHook.exe]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]

"TPSMain"="TPSMain.exe" [2005-08-11 c:\windows\system32\TPSMain.exe]

"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

"CFSServ.exe"="CFSServ.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\teacher\Start Menu\Programs\Startup\

DigiGuide TV Guide.lnk - c:\program files\utils\DigiGuide TV Guide\Client.exe [2008-05-09 180224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 245760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=

"c:\\WINDOWS\\system32\\sol.exe"=

"c:\\WINDOWS\\system32\\spider.exe"=

"c:\\Program Files\\Toshiba\\Accessibility\\TAccessibility.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=

"c:\\Program Files\\Toshiba\\TOSHIBA Assist\\TInTouch.exe"=

"c:\\WINDOWS\\system32\\cselect.exe"=

"c:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavMain.exe"=

"c:\\Program Files\\Toshiba\\ConfigFree\\cfmain.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\teacher\\Desktop\\msgr9us-1.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-05 28544]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2008-05-02 104704]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2008-05-02 35584]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]

R2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [2008-11-27 69632]

R2 SAVService;Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SavService.exe" [2008-11-27 98304]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]

S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys []

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-11-27 14976]

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.co.uk/

uDefault_Search_URL = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/

mSearch Bar = hxxp://www.google.com/

mSearchMigratedDefaultURL = hxxp://www.google.com/

uInternet Settings,ProxyServer = proxy1.equinoxsolutions.com:80

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchURL = hxxp://www.google.com/

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\teacher\Application Data\Mozilla\Firefox\Profiles\wo2ypnqd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-15 23:08:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-12-15 23:09:20

ComboFix-quarantined-files.txt 2008-12-15 23:09:17

ComboFix2.txt 2008-12-14 22:09:00

Pre-Run: 184,959,668,224 bytes free

Post-Run: 184,948,744,192 bytes free

205 --- E O F --- 2008-12-15 16:43:27

Link to post
Share on other sites

Still can't get online with Internet Explorer, but odd that no probs with Firefox

does the following diagnostic show anything

Last diagnostic run time: 12/16/08 01:27:57 HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established

warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established

error Could not make an HTTP connection.

error Could not make an HTTPS connection.

info Redirecting user to support call

DNS Client Diagnostic

DNS - Not a home user scenario

info Using Web Proxy: yes

No DNS servers

DNS failure

Gateway Diagnostic

Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:proxy1.equinoxsolutions.com:80 Proxy Bypass list:<local>

info This computer has the following default gateway entry(ies): 192.168.1.1

info This computer has the following IP address(es): 192.168.1.57

info The default gateway is in the same subnet as this computer

info The default gateway entry is a valid unicast address

info The default gateway address was resolved via ARP in 1 try(ies)

info The default gateway was reached via ICMP Ping in 1 try(ies)

info Skipped gateway connectivity check because of IE proxy configuration

IP Layer Diagnostic

Corrupted IP routing table

info The default route is valid

info The loopback route is valid

info The local host route is valid

info The local subnet route is valid

Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic

Invalid IP address

info Valid IP address detected: 192.168.1.57

Wireless Diagnostic

Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR

WinSock Diagnostic

WinSock status

info All base service provider entries are present in the Winsock catalog.

info The Winsock Service provider chains are valid.

info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.

info Provider entry MSAFD Tcpip [uDP/IP] passed the loopback communication test.

info Provider entry RSVP UDP Service Provider passed the loopback communication test.

info Provider entry RSVP TCP Service Provider passed the loopback communication test.

info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic

Network location detection

info Using home Internet connection

Network adapter identification

info Network connection: Name=Local Area Connection, Device=Realtek RTL8139/810x Family Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN

info Network connection: Name=Wireless Network Connection, Device=Atheros AR5007EG Wireless Network Adapter, MediaType=LAN, SubMediaType=WIRELESS

info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394

info Network connection: Name=Orange Broadband Connection, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE

info Network connection: Name=Internet Connection, Device=Internet Connection, MediaType=SHARED ACCESS HOST LAN, SubMediaType=NONE

info Both Ethernet and Wireless connections available, prompting user for selection

action User input required: Select network connection

info Ethernet connection selected

Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established

warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established

error Could not make an HTTP connection.

error Could not make an HTTPS connection.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.