Full Member
Hi there,
My computer feels heavy and overladen. I have done everything that I can think of to clean it hasn't seemed to have overcome the problem. I have submitted a HJT log and I was wondering if you could please look at it.
Thank you,
Operaboy
Logfile of HijackThis v1.99.1
Scan saved at 2:24:11 AM, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Optus\Connect\Wilog.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\David Thelander\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FCTB00107Pos Class - {7679B913-4B4F-4E84-8A80-E190D08D45E7} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &ToolbarCounter search - res://C:\Program Files\ToolbarCounter\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{39F8D2CF-427D-47E9-804A-F50154D63857}: NameServer = 61.88.88.88 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{51FB8C04-FA06-4F85-9E3A-A2093C615042}: NameServer = 61.88.88.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mdvvsm.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mobile IP Configuration Server (MipCfgSrv) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
O23 - Service: Mobile IP Client Service (MipService) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Dedicated Member
Welcome,
If you have previously downloaded ComboFix,please delete that version now.
Now download http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Delete the old version of hijackthis you have and...
CLICK HERE to download the HijackThis Installer:http://www.trendsecure.com/portal/en...HJTInstall.exe
1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Full Member
Hi there,
Here are the requested logs,
Thanks,
Operaboy
ComboFix 07-12-31.4 - David Thelander 2008-01-01 20:40:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 11:00]
Running from: C:\Documents and Settings\David Thelander\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.
2008-01-01 12:05 . 2008-01-01 12:05 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-01 12:05 . 2008-01-01 12:05 1,409 --a--c--- C:\WINDOWS\QTFont.for
2007-12-31 19:49 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-12-31 00:06 . 2007-12-31 00:06 <DIR> d----c--- C:\Program Files\Trend Micro
2007-12-30 22:28 . 2005-09-27 13:46 14,944 --a--c--- C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-30 12:23 . 2007-12-30 01:59 381,012 --a--c--- C:\Program Files\Uninstall Fun Web Products.dll
2007-12-28 23:23 . 2007-12-28 23:23 <DIR> d----c--- C:\Documents and Settings\David Thelander\Application Data\Alice Systems
2007-12-28 23:21 . 2007-12-28 23:22 <DIR> d----c--- C:\Program Files\Funk
2007-12-28 23:21 . 2007-12-28 23:22 <DIR> d----c--- C:\Program Files\Common Files\Funk Software
2007-12-28 23:18 . 2007-12-28 23:18 <DIR> d----c--- C:\Program Files\Optus
2007-12-23 16:11 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2007-12-23 10:59 . 2007-01-18 23:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-05 13:14 . 2007-06-05 10:56 44,928 --a--c--- C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-05 13:05 . 2007-06-08 09:44 8,576 --a--c--- C:\WINDOWS\system32\drivers\fgulacwqkekd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-01 10:02 89,574,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-01 10:02 --------- dc----w C:\Documents and Settings\David Thelander\Application Data\Free Download Manager
2008-01-01 10:00 1,238,304 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-01 09:39 --------- dc----w C:\Documents and Settings\David Thelander\Application Data\Skype
2008-01-01 07:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-31 13:00 0 -c--a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-31 07:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 13:31 116,348 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-30 13:31 1,193,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 15:21 --------- dc----w C:\Program Files\MSN Messenger
2007-12-28 12:23 --------- dc----w C:\Program Files\OptionFusion1801
2007-12-28 08:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 03:04 --------- dc----w C:\Program Files\Yahoo!
2007-12-24 09:03 --------- dc----w C:\Program Files\Opera
2007-12-23 05:11 --------- dc----w C:\Program Files\Java
2007-12-20 17:59 91,492 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-12 22:41 85,860 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 13:03 --------- dc----w C:\Program Files\JAlbum
2007-11-30 00:12 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-30 00:12 --------- dc----w C:\Program Files\Logitech
2007-11-30 00:04 --------- dc----w C:\Program Files\Common Files\LogiShrd
2007-11-30 00:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-30 00:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:34 --------- dc----w C:\Program Files\iTunes
2007-11-08 02:33 --------- dc----w C:\Program Files\iPod
2007-11-08 02:17 --------- dc----w C:\Program Files\QuickTime
2007-11-06 21:56 --------- dc----w C:\Program Files\KaraFun
2007-11-06 21:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Recisio
2007-11-06 21:03 --------- dc----w C:\Program Files\Google
2007-11-06 13:40 --------- dc----w C:\Program Files\Common Files\xing shared
2007-11-06 13:39 --------- dc----w C:\Program Files\Common Files\Real
2007-11-03 15:02 --------- dc----w C:\Program Files\Common Files\Teleca Shared
2007-11-03 13:00 --------- dc----w C:\Program Files\NCH Swift Sound
2007-11-02 15:30 --------- dc----w C:\Program Files\Windows Live Toolbar
2007-11-02 14:43 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-05-31 00:40 18,018,719 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_31_09_21_36_full.dmp.zip
2007-05-31 00:37 142,229 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_31_09_17_55_small.dmp.zip
2007-05-24 17:36 131,236 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_25_03_02_21_small.dmp.zip
2007-03-15 20:14 127,951 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_15_18_21_46_small.dmp.zip
2007-02-27 08:09 116,324 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_26_00_25_58_small.dmp.zip
2007-02-18 03:07 111,470 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_14_08_22_07_small.dmp.zip
2007-01-25 17:25 106,055 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_26_03_50_29_small.dmp.zip
2006-09-22 18:34 604 -c-ha-w C:\Program Files\STLL Notifier
2001-01-11 22:06 195,040 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.EXE
2001-01-07 08:32 47,152 -c--a-w C:\Documents and Settings\David Thelander\INSTALUJ.EXE
2000-11-24 11:41 967 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.PIF
2000-07-31 06:48 2,048 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.SCR
2000-01-22 11:47 967 -c--a-w C:\Documents and Settings\David Thelander\INSTALUJ.PIF
2000-01-22 10:25 624 -c--a-w C:\Documents and Settings\David Thelander\SWB.BAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7679B913-4B4F-4E84-8A80-E190D08D45E7}]
2007-10-11 23:42 1310720 --a--c--- C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}"= C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll [2007-10-11 23:42 1310720]
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Zi pFile]
@={2D7E38A6-A604-45AE-9A87-4F5F25760650}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:24 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 15:01 22880040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 01:24 2068527]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 13:42 517632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-04-01 14:06 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:35 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 00:20 122940]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 09:02 352256]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-15 07:56 1015808]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-06 05:01 86016]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 10:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 10:06 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-07 00:35 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:46 286720]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 07:25 73728]
"TDispVol"="TDispVol.exe" [2005-03-12 10:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 08:48 479232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:06 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-01-30 00:32 200768]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 10:10 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:44 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:56 2808832 C:\WINDOWS\alcwzrd.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"IERESETICONS"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 23:00 388608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 17:28 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-30 11:12:09]
Mobile IP Controller.lnk - C:\WINDOWS\Installer\{2F61FB5D-C8F2-4FD6-A591-830AF80B0361}\_18be6784.exe [2007-12-28 2326]
Update Agent.lnk - C:\Program Files\Optus\Connect\AutoUpdateSrv.exe [2007-12-28 23:23:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2005-12-21 22:42 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll mdvvsm.dll
R0 mdvbcn;Mobile IP Kernel Driver;C:\WINDOWS\system32\drivers\mdvbcn.sys [2006-05-18 11:47]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-21 22:55]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-21 22:55]
R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2006-05-18 11:41]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:38]
R3 G3GRSC;G3G R Smart Card;C:\WINDOWS\system32\DRIVERS\g3grsc.sys [2006-05-29 09:58]
R3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-05-29 09:58]
R3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-05-29 09:58]
R3 mdvdrv;Mobile IP Driver;C:\WINDOWS\system32\DRIVERS\mdvdrv.sys [2006-05-11 11:50]
R3 mdvma;Mobile IP Mobility Adapter Driver;C:\WINDOWS\system32\DRIVERS\mdvma.sys [2004-06-10 12:22]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 14:20]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-19 00:14]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:47]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-05 04:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-05 04:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-05 04:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-05 04:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-05 04:15]
*Newly Created Service* - WG3N
*Newly Created Service* - WG4N
*Newly Created Service* - WG5N
*Newly Created Service* - WG6N
.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 22:15:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:01:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-01 21:17:11
.
2007-12-12 06:42:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 901 PM, on 1/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Optus\Connect\BMip\bin\MipController.exe
C:\Program Files\Optus\Connect\AutoUpdateSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Optus\Connect\Wilog.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FCTB00107Pos Class - {7679B913-4B4F-4E84-8A80-E190D08D45E7} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Mobile IP Controller.lnk = ?
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: &ToolbarCounter search - res://C:\Program Files\ToolbarCounter\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{39F8D2CF-427D-47E9-804A-F50154D63857}: NameServer = 61.88.88.88 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FF2038-7FD5-4EFB-A814-584F8083E0A7}: NameServer = 61.88.88.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll mdvvsm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mobile IP Configuration Server (MipCfgSrv) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
O23 - Service: Mobile IP Client Service (MipService) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 14451 bytes
Dedicated Member
Uninstall from add/remove program:If present
Fun Web Products
Reboot!
Open notepad and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE
File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\drivers\fgulacwqkekd.sys
Driver::
lvuvc
fgulacwqkekd
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
Full Member
Hi there,
Thanks for that. Please find both requested logs below. FunWebSearch was not present in the Add/Remove Programs list.
Regards,
Operaboy.
ComboFix 07-12-31.4 - David Thelander 2008-01-02 23:30:12.4 - NTFSx86
Running from: C:\Documents and Settings\David Thelander\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David Thelander\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\drivers\fgulacwqkekd.sys
C:\WINDOWS\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\fgulacwqkekd.sys
C:\WINDOWS\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FGULACWQKEKD
-------\fgulacwqkekd
-------\LVUVC
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-01 12:05 . 2008-01-02 23:02 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-01 12:05 . 2008-01-01 12:05 1,409 --a--c--- C:\WINDOWS\QTFont.for
2007-12-31 19:49 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-12-31 00:06 . 2007-12-31 00:06 <DIR> d----c--- C:\Program Files\Trend Micro
2007-12-30 22:28 . 2005-09-27 13:46 14,944 --a--c--- C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-30 12:23 . 2007-12-30 01:59 381,012 --a--c--- C:\Program Files\Uninstall Fun Web Products.dll
2007-12-28 23:23 . 2007-12-28 23:23 <DIR> d----c--- C:\Documents and Settings\David Thelander\Application Data\Alice Systems
2007-12-28 23:21 . 2007-12-28 23:22 <DIR> d----c--- C:\Program Files\Funk
2007-12-28 23:21 . 2007-12-28 23:22 <DIR> d----c--- C:\Program Files\Common Files\Funk Software
2007-12-28 23:18 . 2007-12-28 23:18 <DIR> d----c--- C:\Program Files\Optus
2007-12-23 16:11 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2007-12-23 10:59 . 2007-01-18 23:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-05 13:14 . 2007-06-05 10:56 44,928 --a--c--- C:\WINDOWS\system32\drivers\SDTHOOK.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-02 13:00 89,673,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-02 13:00 116,828 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-02 13:00 1,238,304 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-02 13:00 1,197,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-02 12:58 --------- dc----w C:\Documents and Settings\David Thelander\Application Data\Skype
2008-01-02 12:58 --------- dc----w C:\Documents and Settings\David Thelander\Application Data\Free Download Manager
2008-01-02 12:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-02 11:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 08:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-29 15:21 --------- dc----w C:\Program Files\MSN Messenger
2007-12-28 12:23 --------- dc----w C:\Program Files\OptionFusion1801
2007-12-28 03:04 --------- dc----w C:\Program Files\Yahoo!
2007-12-24 09:03 --------- dc----w C:\Program Files\Opera
2007-12-23 05:11 --------- dc----w C:\Program Files\Java
2007-12-20 17:59 91,492 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-12 22:41 85,860 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 13:03 --------- dc----w C:\Program Files\JAlbum
2007-11-30 00:12 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-30 00:12 --------- dc----w C:\Program Files\Logitech
2007-11-30 00:04 --------- dc----w C:\Program Files\Common Files\LogiShrd
2007-11-30 00:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-30 00:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:34 --------- dc----w C:\Program Files\iTunes
2007-11-08 02:33 --------- dc----w C:\Program Files\iPod
2007-11-08 02:17 --------- dc----w C:\Program Files\QuickTime
2007-11-06 21:56 --------- dc----w C:\Program Files\KaraFun
2007-11-06 21:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Recisio
2007-11-06 21:03 --------- dc----w C:\Program Files\Google
2007-11-06 13:40 --------- dc----w C:\Program Files\Common Files\xing shared
2007-11-06 13:39 --------- dc----w C:\Program Files\Common Files\Real
2007-11-03 15:02 --------- dc----w C:\Program Files\Common Files\Teleca Shared
2007-11-03 13:00 --------- dc----w C:\Program Files\NCH Swift Sound
2007-11-02 15:30 --------- dc----w C:\Program Files\Windows Live Toolbar
2007-11-02 14:43 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2006-09-22 18:34 604 -c-ha-w C:\Program Files\STLL Notifier
2001-01-11 22:06 195,040 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.EXE
2001-01-07 08:32 47,152 -c--a-w C:\Documents and Settings\David Thelander\INSTALUJ.EXE
2000-11-24 11:41 967 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.PIF
2000-07-31 06:48 2,048 -c--a-w C:\Documents and Settings\David Thelander\SLOWBAL.SCR
2000-01-22 11:47 967 -c--a-w C:\Documents and Settings\David Thelander\INSTALUJ.PIF
2000-01-22 10:25 624 -c--a-w C:\Documents and Settings\David Thelander\SWB.BAT
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.15.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-30 21:00:00 163,328 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-12-30 13:59:02 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-01-01 10:36:10 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2007-12-30 13:59:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-01 10:36:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-30 13:59:02 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-01 10:36:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7679B913-4B4F-4E84-8A80-E190D08D45E7}]
2007-10-11 23:42 1310720 --a--c--- C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}"= C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll [2007-10-11 23:42 1310720]
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Zi pFile]
@={2D7E38A6-A604-45AE-9A87-4F5F25760650}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:24 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 15:01 22880040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 01:24 2068527]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 13:42 517632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-04-01 14:06 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:35 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 00:20 122940]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 09:02 352256]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-15 07:56 1015808]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-06 05:01 86016]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 10:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 10:06 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-07 00:35 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:46 286720]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 07:25 73728]
"TDispVol"="TDispVol.exe" [2005-03-12 10:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 08:48 479232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:06 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-01-30 00:32 200768]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 10:10 118784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 17:28 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-30 11:12:09]
Mobile IP Controller.lnk - C:\WINDOWS\Installer\{2F61FB5D-C8F2-4FD6-A591-830AF80B0361}\_18be6784.exe [2007-12-28 23
Update Agent.lnk - C:\Program Files\Optus\Connect\AutoUpdateSrv.exe [2007-12-28 23:23:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2005-12-21 22:42 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll mdvvsm.dll
R0 mdvbcn;Mobile IP Kernel Driver;C:\WINDOWS\system32\drivers\mdvbcn.sys [2006-05-18 11:47]
R0 Spssys;Toshiba SPS Service;C:\WINDOWS\system32\drivers\spssys.sys [2004-05-07 23:26]
R2 Cold Fusion Application Server;Cold Fusion Application Server;C:\CFusion\Bin\cfserver.exe [2001-05-23 22:43]
R2 Cold Fusion Executive;ColdFusion Executive;C:\CFusion\Bin\cfexec.exe [2001-05-23 22:57]
R2 Cold Fusion RDS;ColdFusion RDS;C:\CFusion\Bin\cfrdsservice.exe [2001-05-23 23:03]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-21 22:55]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-21 22:55]
R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2006-05-18 11:41]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2005-12-21 22:25]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:38]
R3 G3GRSC;G3G R Smart Card;C:\WINDOWS\system32\DRIVERS\g3grsc.sys [2006-05-29 09:58]
R3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2006-05-29 09:58]
R3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2006-05-29 09:58]
R3 mdvdrv;Mobile IP Driver;C:\WINDOWS\system32\DRIVERS\mdvdrv.sys [2006-05-11 11:50]
R3 mdvma;Mobile IP Mobility Adapter Driver;C:\WINDOWS\system32\DRIVERS\mdvma.sys [2004-06-10 12:22]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sy s [2005-06-10 07:55]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-12-21 22:37]
S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" []
S2 ecure;FireDaemon Service: ecure;C:\WINDOWS\Temp\FireDaemon.EXE []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 14:20]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-19 00:14]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:47]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-05 04:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-05 04:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-05 04:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-05 04:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-05 04:15]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 16:17]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 22:15:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 00:05:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-03 0
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 13:20:54
C:\qoobox\ComboFix2.txt 2008-01-01 10:17:14
.
2007-12-12 06:42:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:27 AM, on 3/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\JRun\bin\JRun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Optus\Connect\BMip\bin\MipController.exe
C:\Program Files\Optus\Connect\AutoUpdateSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Optus\Connect\Wilog.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FCTB00107Pos Class - {7679B913-4B4F-4E84-8A80-E190D08D45E7} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Mobile IP Controller.lnk = ?
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: &ToolbarCounter search - res://C:\Program Files\ToolbarCounter\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{39F8D2CF-427D-47E9-804A-F50154D63857}: NameServer = 61.88.88.88 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FF2038-7FD5-4EFB-A814-584F8083E0A7}: NameServer = 61.88.88.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll mdvvsm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mobile IP Configuration Server (MipCfgSrv) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipCfgSrv.exe
O23 - Service: Mobile IP Client Service (MipService) - Unknown owner - C:\Program Files\Optus\Connect\BMip\bin\MipService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 14013 bytes
Dedicated Member
Manually delete this below in bold useing start>search:
C:\Program Files\Uninstall Fun Web Products.dll
Run hijackthis and click on "scan system only" button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC
Come back and tell me how things are doing now please.
Full Member
Hi there,
Things are much better, thanks.
There are some startup error messages I am still receiving, though. Should I post the details of these messages?
Regards,
Operaboy
Dedicated Member
Yeah, let's have a look at the errors.
