felca
2011-08-19, 02:46
Hi,
i found this thread from 2005 about this web hijacker. Can you help me get rid of it? I am attaching the dds log file.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_26
Run by Felicia at 18:30:20 on 2011-08-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.179 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\TEMP\Kc0 .exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\svchost.exe -k terlfsc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Toshiba\TBS\HSON.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\SmoothView\SmoothView .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\McAfee\Common Framework\UdaterUI .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\Toshiba\FlashCards\TCrdMain .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system\svchost.exe -k NetworkService
C:\Windows\System32\mobsync.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "c:\program files\mp3tube toolbar\mp3tubetb.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [3174611449] c:\users\felicia\appdata\local\nul.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [8DDYX0ZBPZ] c:\windows\temp\Kcz.exe
dRun: [KYQ8ZBOAXR] c:\windows\temp\Kc0.exe
StartupFolder: c:\users\felicia\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{5C321FF7-EA05-4DD5-879E-25E9392D9D8E} : NameServer = 66.174.92.14 66.174.95.44
TCP: Interfaces\{89D364D0-DCCE-41AA-A9C0-A2CBBD60DC3D} : DhcpNameServer = 138.86.60.96
TCP: Interfaces\{983D55E0-9D02-49BC-A7C3-6CD2FDEF33EA} : DhcpNameServer = 4.2.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-5-22 31944]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-5-22 35048]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
.
=============== Created Last 30 ================
.
2011-08-18 05:16:43 7680 ----a-w- c:\windows\system\svchost.exe
2011-08-12 21:57:54 64512 --sha-r- c:\windows\system32\iscsiedw.dll
2011-08-12 00:10:01 218624 ----a-w- c:\windows\system32\teldsw32.dll
2011-08-10 21:49:07 329216 ----a-w- c:\users\felicia\appdata\local\mgx.exe
2011-08-10 21:48:33 329216 ----a-w- c:\users\felicia\appdata\local\Update.exe
2011-08-10 20:40:46 -------- d-----w- c:\program files\Mp3Tube Toolbar
2011-08-10 20:38:48 -------- d-----w- c:\users\felicia\.bitrock
2011-08-10 17:32:57 -------- d-----w- c:\program files\Xvid
2011-08-10 17:31:10 -------- d-----w- c:\users\felicia\appdata\roaming\FREEzeFrog
2011-08-10 17:31:10 -------- d-----w- c:\programdata\FREEzeFrogSA
2011-08-10 17:31:10 -------- d-----w- c:\program files\FREEzeFrog
2011-08-10 02:43:25 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{66f7177e-2060-4c3c-b0f0-88b80ba3b4a5}\mpengine.dll
.
==================== Find3M ====================
.
2011-07-09 20:09:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:33:49.21 ===============
I am operating a toshiba laptop and spybot removes most of the problems, but then they return as soon as I reboot. :sad:
Please help,
thanks,
Toni
http://forums.spybot.info/showthread.php?t=288 (http://forums.spybot.info/showthread.php?t=288])
i found this thread from 2005 about this web hijacker. Can you help me get rid of it? I am attaching the dds log file.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_26
Run by Felicia at 18:30:20 on 2011-08-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.179 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\TEMP\Kc0 .exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\svchost.exe -k terlfsc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Toshiba\TBS\HSON.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\SmoothView\SmoothView .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\McAfee\Common Framework\UdaterUI .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\Toshiba\FlashCards\TCrdMain .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system\svchost.exe -k NetworkService
C:\Windows\System32\mobsync.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "c:\program files\mp3tube toolbar\mp3tubetb.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [3174611449] c:\users\felicia\appdata\local\nul.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [8DDYX0ZBPZ] c:\windows\temp\Kcz.exe
dRun: [KYQ8ZBOAXR] c:\windows\temp\Kc0.exe
StartupFolder: c:\users\felicia\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{5C321FF7-EA05-4DD5-879E-25E9392D9D8E} : NameServer = 66.174.92.14 66.174.95.44
TCP: Interfaces\{89D364D0-DCCE-41AA-A9C0-A2CBBD60DC3D} : DhcpNameServer = 138.86.60.96
TCP: Interfaces\{983D55E0-9D02-49BC-A7C3-6CD2FDEF33EA} : DhcpNameServer = 4.2.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-5-22 31944]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-5-22 35048]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
.
=============== Created Last 30 ================
.
2011-08-18 05:16:43 7680 ----a-w- c:\windows\system\svchost.exe
2011-08-12 21:57:54 64512 --sha-r- c:\windows\system32\iscsiedw.dll
2011-08-12 00:10:01 218624 ----a-w- c:\windows\system32\teldsw32.dll
2011-08-10 21:49:07 329216 ----a-w- c:\users\felicia\appdata\local\mgx.exe
2011-08-10 21:48:33 329216 ----a-w- c:\users\felicia\appdata\local\Update.exe
2011-08-10 20:40:46 -------- d-----w- c:\program files\Mp3Tube Toolbar
2011-08-10 20:38:48 -------- d-----w- c:\users\felicia\.bitrock
2011-08-10 17:32:57 -------- d-----w- c:\program files\Xvid
2011-08-10 17:31:10 -------- d-----w- c:\users\felicia\appdata\roaming\FREEzeFrog
2011-08-10 17:31:10 -------- d-----w- c:\programdata\FREEzeFrogSA
2011-08-10 17:31:10 -------- d-----w- c:\program files\FREEzeFrog
2011-08-10 02:43:25 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{66f7177e-2060-4c3c-b0f0-88b80ba3b4a5}\mpengine.dll
.
==================== Find3M ====================
.
2011-07-09 20:09:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:33:49.21 ===============
I am operating a toshiba laptop and spybot removes most of the problems, but then they return as soon as I reboot. :sad:
Please help,
thanks,
Toni
http://forums.spybot.info/showthread.php?t=288 (http://forums.spybot.info/showthread.php?t=288])