1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help need to clean out laptop

Discussion in 'Windows Vista' started by brndthm, Apr 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. brndthm

    brndthm Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    176
    Hi, please help. this is my sons laptop and needs to be cleaned up with all the rubbish tats in it. i have no doubt there will be stuff not fit for my eyes lol or maybe thats me just thinking the worsed !! pleae can you have a look at this log and advise me on how to clean it up Thanks
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:46:54, on 21/04/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Microsoft Windows OneCare

    Live\winssnotify.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program

    Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google

    EULA\GoogleEULALauncher.exe
    C:\Program Files\Toshiba

    TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product

    Information\TOPI.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power

    Saver\TPwrMain.exe
    C:\Program

    Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program

    Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for

    Toshiba\traybar.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java

    Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program

    Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows

    Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Microsoft Office\Office12

    \ONENOTEM.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media

    Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Camera Assistant Software for

    Toshiba\CEC_MAIN.exe
    C:\Program

    Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Google\Google

    EULA\GoogleEULA.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Windows OneCare

    Live\GtOneCare\OcBrowse.exe
    C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend

    Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://search.shareware.pro/?lang=en
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://search.shareware.pro/?lang=en
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://search.shareware.pro/?lang=en
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,CustomizeSearch =
    R1 -

    HKCU\Software\Microsoft\Windows\CurrentVersion\

    Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-

    4283-A596-FA578C2EBDC3} - C:\Program

    Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin

    for Internet Explorer - {3049C3E9-B461-4BC5-

    8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-

    4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1

    \mcafee\msk\mcapbho.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-

    9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff

    -A14F-B9E3AAC4465B} - C:\Program

    Files\Microsoft\Search Enhancement Pack\Search

    Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-

    B68D-6309F01C5231} - c:\PROGRA~1

    \mcafee\VIRUSS~1\scriptsn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Program Files\Common Files\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-

    AA9B-19DBD6271B71} - C:\Program

    Files\PriceGong\1.5.0\PriceGongIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} -

    C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper -

    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -

    C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF

    -376D-4D53-9B0F-8A89D3229068} - C:\Program

    Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %

    ProgramFiles%\Windows Defender\MSASCui.exe -

    hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe]

    cfFncEnabler.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program

    Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Google EULA Launcher]

    c:\Program Files\Google\Google

    EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program

    Files\Toshiba

    TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKLM\..\Run: [topi] C:\Program

    Files\TOSHIBA\Toshiba Online Product

    Information\topi.exe -startup
    O4 - HKLM\..\Run: [IgfxTray]

    C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]

    C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence]

    C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%

    \TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%

    \TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%

    \Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%

    \TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration]

    C:\Program

    Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [Camera Assistant Software]

    "C:\Program Files\Camera Assistant Software for

    Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program

    Files\Microsoft Windows OneCare

    Live\winssnotify.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

    "C:\Program Files\Adobe\Reader 9.0

    \Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program

    Files\Common Files\Real\Update_OB\realsched.exe"

    -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    "C:\Program Files\Common Files\Java\Java

    Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program

    Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter]

    rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program

    Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program

    Files\Windows Live\Messenger\msnmsgr.exe"

    /background
    O4 - HKCU\..\Run: [ehTray.exe]

    C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Okay Proxy Ooze Each]

    "C:\ProgramData\lite site itch.rwcl67"
    O4 - HKCU\..\Run: [DOES SUPPORT]

    "C:\ProgramData\Trust Remote Remote.a4v56i"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program

    Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BrowserChoice]

    "C:\Windows\System32\browserchoice.exe" /run
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %

    ProgramFiles%\Windows Sidebar\Sidebar.exe

    /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run:

    [WindowsWelcomeCenter] rundll32.exe

    oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %

    ProgramFiles%\Windows Sidebar\Sidebar.exe

    /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk =

    C:\Program

    Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

    (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk =

    C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: OneNote 2007 Screen Clipper and

    Launcher.lnk = C:\Program Files\Microsoft

    Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Windows

    &Live Favorites -

    http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft

    Excel - res://C:\PROGRA~1\MICROS~2\Office12

    \EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... -

    res://C:\Program Files\Google\Google

    Toolbar\Component\GoogleToolbarDynamic_mui_en_96

    D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-

    491a-A3C7-D9FCDDC9D600} - C:\Program

    Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows

    Live Writer - {219C3416-8CB2-491a-A3C7-

    D9FCDDC9D600} - C:\Program Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A

    -7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

    \MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote -

    {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16

    -4e43-B6D8-661B03F6A1EF} - C:\Program

    Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: eBay.co.uk - Buy It Sell It Love

    It - {76577871-04EC-495E-A12B-91F7C3600AFA}

    - http://rover.ebay.com/rover/1/710-44557-9400

    -3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-

    E123-4E36-B562-5C1519E434CE} -

    http://www.amazon.co.uk/exec/obidos/redirect-

    home?tag=Toshibaukbholink-21&site=home (file

    missing)
    O9 - Extra button: Research - {92780B25-18CC-

    41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

    \MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-

    CC0F21721616} (DivXBrowserPlugin Object) -

    http://download.divx.com/player/DivXBrowserPlugin.c

    ab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-

    04C2F616BCA7} (get_atlcom Class) -

    http://wwwimages.adobe.com/www.adobe.com/product

    s/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-

    444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/c

    abs/flash/swflash.cab
    O23 - Service: McAfee Application Installer Cleanup

    (0202961230198763)

    (0202961230198763mcinstcleanup) - Unknown owner

    - C:\Windows\TEMP\020296~1.EXE (file missing)
    O23 - Service: Agere Modem Call Progress Audio

    (AgereModemAudio) - Agere Systems -

    C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. -

    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. -

    C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service - TOSHIBA

    CORPORATION - C:\Program

    Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: getPlus(R) Helper - NOS

    Microsystems Ltd. - C:\Program

    Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) -

    Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. -

    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) -

    Unknown owner - C:\PROGRA~1

    \McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) -

    McAfee, Inc. - c:\PROGRA~1\COMMON~1

    \mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown

    owner - C:\PROGRA~1\McAfee\VIRUSS~1

    \mcods.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) -

    McAfee, Inc. - c:\PROGRA~1\COMMON~1

    \mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner

    (McShield) - Unknown owner - C:\PROGRA~1

    \McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) -

    Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1

    \mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service

    (MpfService) - Unknown owner - C:\Program

    Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service

    (MSK80Service) - Unknown owner - C:\Program

    Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba -

    C:\Program

    Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.

    exe
    O23 - Service: Notebook Performance Tuning

    Service (TempoMonitoringService) - Toshiba Europe

    GmbH - C:\Program Files\Toshiba

    TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service

    (TNaviSrv) - TOSHIBA Corporation - C:\Program

    Files\TOSHIBA\TOSHIBA DVD

    PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service

    (TODDSrv) - TOSHIBA Corporation -

    C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) -

    TOSHIBA Corporation - C:\Program

    Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service -

    TOSHIBA Corporation - C:\Program

    Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper

    (UleadBurningHelper) - Ulead Systems, Inc. -

    C:\Program Files\Common Files\Ulead

    Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12718 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    There is a newer version of HijackThis available.

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,888
    First Name:
    Frank
    Cheeseball81:

    Brenda sent me a private message about her son's laptop, so I advised her to start a thread - which she has.

    Her log is unreadable this way, so I've advised her to make sure that Format - Word Wrap in Notepad is selected.

    I've also advised her to uninstall HJT 2.0.2 and install HJT 2.0.4 in its place.

    -----------------------------------------------------------------

    Brenda:

    We'll be waiting to see a new HJT log, then we'll go from there.

    ----------------------------------------------------------------
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Thank you, Frank (y)
     
  5. brndthm

    brndthm Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    176
    thanks guys on to it now
     
  6. brndthm

    brndthm Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    176
    hope this is right this time
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:46:54, on 21/04/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Google\Google EULA\GoogleEULA.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Windows OneCare Live\GtOneCare\OcBrowse.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.5.0\PriceGongIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\lite site itch.rwcl67"
    O4 - HKCU\..\Run: [DOES SUPPORT] "C:\ProgramData\Trust Remote Remote.a4v56i"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: McAfee Application Installer Cleanup (0202961230198763) (0202961230198763mcinstcleanup) - Unknown owner - C:\Windows\TEMP\020296~1.EXE (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 12718 bytes
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,888
    First Name:
    Frank
    Thanks for submitting a new log.

    LimeWire is installed, and I see a few suspicious log entries.

    Let's see what Cheeseball81 has to say after she reviews the log.

    -----------------------------------------------------------------

    Now we need to see what's installed in that computer.

    Start HijackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    -----------------------------------------------------------------
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    There's evidence of a possible LOP infection. He uses Limewire so that in itself can cause problems.

    I will wait until we see the Uninstall log before we pursue this.
     
  9. brndthm

    brndthm Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    176
    did as rquested ok till i get to save the uninstall list comes up with cannot find the C:\ProgramFiles\TrendMicro\HijackThis\uninstall_list.txtfile.
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,888
    First Name:
    Frank
    Did you uninstall HijackThis 2.0.2 and then install HijackThis 2.0.4?

    Your log shows you ran a scan with HijackThis 2.0.2.

    I just ran a test with HijackThis 2.0.4 and it brings up a "uninstall_list.txt" file just fine.

    -----------------------------------------------------------------
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    The executable seems to be down.
     
  12. brndthm

    brndthm Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    176
    uninstalling now to make sure
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    If you haven't already downloaded the newer version, you will have to go here http://free.antivirus.com/hijackthis/
    and click on the Installer (not the Executable) and download it.
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,888
    First Name:
    Frank
    Cheeseball81:

    I just checked and the executable file at the Trend Micro site is still not working.

    The Trend Micro and FileHippo and MajorGeeks sites all only have the full installer file - which is what I prefer to install anyway.

    ---------------------------------------------------------------
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Wonder why the pulled the .exe -- was working this morning.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918277

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice