Browser redirects, severe popups, apps won't execute

#1 Mikev9999


Posted 10 January 2009 - 01:27 AM

I have been requested to post my issue in this forum. Here is a link from my previous post for information purposes.

Please understand that my most severe issue at this point is that all the tools I was asked to execute in the previous forum would not run. Therefore I was unable to make any progress. Below is the DDS.TXT contents and attached is the ATTACH.TXT file.

Any and all help is greatly appreciated!

DDS (Ver_09-01-07.01) - NTFSx86
Run by zhanna at 22:03:53.89 on Fri 01/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Moon Secure Antivirus\moontray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\zhanna\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.toshiba.com/search
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\network optimizer\\NPIEAddOn.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7b8f193b-3744-4ac4-88a5-2e2a0b68889e} - c:\windows\system32\fidofoye.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\\ssd.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [46280242548155982238015664998034] c:\program files\antivirus 2009\av2009.exe
uRun: [ieupdate] "c:\windows\system32\explorer32.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMrhc7wdj0ep1e] c:\program files\rhc7wdj0ep1e\rhc7wdj0ep1e.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [CPM9f3fe8c3] Rundll32.exe "c:\windows\system32\juvonane.dll",a
mRun: [fajujilire] Rundll32.exe "c:\windows\system32\venitoki.dll",s
mRun: [359F5809-00B8-4455-A73A-9EA62A51101B] "c:\documents and settings\all users\application data\18F24290.exe"
mRun: [Moon Secure Antivirus] "c:\program files\moon secure antivirus\moontray.exe"
mRun: [803047503] "c:\documents and settings\all users\application data\2009357411\803047503.exe"
StartupFolder: c:\docume~1\zhanna\startm~1\programs\startup\palmre~1.lnk - c:\program files\palm\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: nevada.edu\webcampus
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\jifiyuse.dll,c:\windows\system32\juvonane.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\juvonane.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\juvonane.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli c:\windows\system32\jifiyuse.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zhanna\applic~1\mozilla\firefox\profiles\b752qxyb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\network optimizer\\ff\components\NPFFAddOn.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-01-08 20:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-08 19:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 19:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-08 19:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 12:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-07 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-05 09:21 39,936 a------- c:\windows\system32\b7a4e0b76f85ed229108ae1442377b26.sys
2009-01-04 23:49 33,280 a------- c:\windows\is-HNV61.exe
2009-01-04 23:49 130 a------- c:\windows\is-HNV61.lst
2009-01-04 23:40 33,280 a------- c:\windows\is-BGKO0.exe
2009-01-04 23:40 130 a------- c:\windows\is-BGKO0.lst
2009-01-04 23:36 <DIR> --d----- c:\program files\Moon Secure Antivirus
2009-01-03 17:00 5,504 a------- c:\windows\system32\ieupdates.exe
2008-12-28 20:23 <DIR> --d----- c:\program files\Antivirus 2009
2008-12-28 20:17 1,261,713 ---sh--- c:\windows\system32\ekabulij.ini

==================== Find3M ====================

2009-01-04 23:19 79,872 a------- c:\windows\system32\drivers\cmrpyfbsryr.sys
2008-11-13 17:48 73,768 a------- c:\docume~1\zhanna\applic~1\GDIPFONTCACHEV1.DAT
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2007-09-22 14:34 60,968 a------- c:\documents and settings\zhanna\GoToAssistDownloadHelper.exe
2006-09-27 17:20 2,728 a------- c:\docume~1\zhanna\applic~1\wklnhst.dat
2006-09-18 15:29 557,056 a------- c:\documents and settings\zhanna\chatlnk.exe
2008-09-28 22:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat

============= FINISH: 22:07:47.78 ===============

#2 Mikev9999

  Topic Starter

Posted 12 January 2009 - 10:05 PM

First, I want to say how I really appreciate the help this group of volunteers has been to me thus far. But, I regret to say that the owner of the laptop has asked that I just wipe the hard drive and perform a system restore. She is in the Masters Program in college and her class starts this Friday. I was able to burn her docs and pics to a CD and she is aware of the reinstall necessary of any programs she acquired after the initial purchase.

Thanks again for all your help.

You can consider this topic closed.

Mike V

P.S. Please understand that I was not the one becoming impatient, she is a bit of a high strung person. I understand the tasks you guys are performing and was completely willing to wait.

Edited by Mikev9999, 12 January 2009 - 10:07 PM.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

Posted 12 January 2009 - 10:51 PM

Thank you for letting us know. Since this issue has been resolved, this topic is now closed.

Happy computing,

Orange Blossom :thumbsup:
Orange Blossom

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

