Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
all the sudden htepo/savetheinformation pops up constantly, added to new shortcuts to desktop (livesaftey center, onlinesecurity guide) also warning
triangle in task bar that keeps popping up about virusus/adware/spyware.
Followed five steps here is info:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.36 MiB / 80.11 MiB
Pagefile Memory (total/avail): 618.52 MiB / 292.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 32.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI_DK23EA-40 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------



-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHIBA-USER
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\TOSHIBA-USER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=TOSHIBA-USER
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Clarity Custom Reports and Test Definition Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5364FCCA-6594-460B-96CD-78C315FC19E2}\Setup.exe" -l0x9
Drag'n Drop CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A6405B-F37D-42F7-B317-D277BBD47D15}\SETUP.EXE" -l0x9 deleteall
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe /uninstall
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Network Device Switch 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe"
Palm Desktop --> MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
Quicken 2001 New User Edition --> C:\quickenw\WINNT\Intuit\UNWISE.EXE C:\quickenw\WINNT\Intuit\INSTALL.LOG
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TestMate Clarity Standalone --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4C16F00-5096-11D5-A3EB-00C04F6F340E}\SETUP.EXE" -uninst
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar --> C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
Toshiba Access --> C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
Toshiba Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Power Saver --> TPWRDEL.EXE
TOSHIBA Software Modem --> Tosmreg -U
Toshiba Software Upgrades --> C:\Toshiba\Ivp\Swupdate\UNWISE.EXE C:\Toshiba\Ivp\Swupdate\INSTALL.LOG
Toshiba System Stability Program --> C:\Toshiba\SYSSTA~1\UNWISE.EXE C:\Toshiba\SYSSTA~1\INSTALL.LOG
Toshiba Tbiosdrv Driver --> C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.04.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
Toshiba WinXP Registration --> C:\WINDOWS\uninst.exe -f"C:\Program Files\DataLode\Toshiba WinXP Registration\DeIsL1.isu" -c"C:\Program Files\DataLode\Toshiba WinXP Registration\_ISREG32.DLL"
Weather Services --> C:\WINDOWS\System32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows XP Application Compatibility Update[Q319580] --> C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA AC-XG WDM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance


-- Application Event Log -------------------------------------------------------

Event Record #/Type696 / Error
Event Submitted/Written: 11/14/2007 10:30:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type693 / Error
Event Submitted/Written: 11/14/2007 10:08:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Explorer.EXE, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type691 / Error
Event Submitted/Written: 11/14/2007 10:00:48 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type690 / Error
Event Submitted/Written: 11/14/2007 09:56:41 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type689 / Error
Event Submitted/Written: 11/14/2007 09:52:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4269 / Error
Event Submitted/Written: 11/14/2007 08:41:17 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000007e, parameter1 c0000005, parameter2 f9a332fc, parameter3 f9e81a7c, parameter4 f9e8177c.

Event Record #/Type4264 / Warning
Event Submitted/Written: 11/14/2007 04:38:23 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Connections Tray"

Event Record #/Type4263 / Error
Event Submitted/Written: 11/14/2007 04:19:59 AM
Event ID/Source: 10 / Pcmcia
Event Description:
\Device\Pcmcia0

Event Record #/Type4262 / Error
Event Submitted/Written: 11/14/2007 04:19:36 AM
Event ID/Source: 10 / Pcmcia
Event Description:
\Device\Pcmcia0

Event Record #/Type4261 / Error
Event Submitted/Written: 11/14/2007 04:19:33 AM
Event ID/Source: 10 / Pcmcia
Event Description:
\Device\Pcmcia0



-- End of Deckard's System Scanner: finished at 2007-11-14 10:36:58 ------------




Incident Status Location

Virus:Generic Malware Disinfected Operating system
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\System32\ficaxvls.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jjoqbuvr.dll
Adware:adware/commad Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\dlwixoql.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\dswtmhmj.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\efcgxlvu.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\gcaaqyqf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\gitobxmn.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\lpllfrfy.exe
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\user\Local Settings\Temp\MBDownloader_876923.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\mofugclq.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\ngproxvf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\peuagbsx.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\qrjatydi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\rhvqsuwb.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\sheqipoi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\urclqecd.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\vntmrykt.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\xqedqkpr.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\user\Local Settings\Temp\ywuecxwm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\pochki20071106[1]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu572.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\amiaxycf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bkwfbmpv.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cxsxwodq.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\epifokjh.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\galtajcw.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\gjfensn.dll
Virus:Generic Malware Disinfected C:\WINDOWS\system32\h1\wdb51en.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\irnvdptx.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lekcewbt.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\Mz02r\Mz02r1065.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pnnpyqvj.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\r2\wr31drs.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\skdobdih.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tvcikswb.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yftwpovq.exe
Potentially unwanted tool:Application/BestSellerAV Not disinfected C:\WINDOWS\temp\~uga6psetup.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:33:35 AM, on 11/13/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\ficaxvls.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jjoqbuvr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [38df022a] rundll32.exe "C:\WINDOWS\System32\qgxatcuk.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128596362488
O23 - Service: DomainService - - C:\WINDOWS\System32\ficaxvls.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


What to do
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hello and welcome.

If you still require assistance, please post the main.txt log created by Deckard's System Scanner. It should be located at C:\Deckard\System Scanner.

If you cannot find it, please run DSS once again, and post the main.txt

Thanks.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top