Same old Redirect Problem

[pantero07]

I've got it too. I was finally able to get past it to find this forum. I downloaded HJT. Below you will find my logfile. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:02:41 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.651.101.3:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175455316859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F44DE44-2E23-475A-8D1B-0416B33E8CD5}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFB0096-D3F9-4D97-98BD-07B8AA8E1EF1}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B44A200-3D00-4A89-86E5-34FB27A5DB6B}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F44DE44-2E23-475A-8D1B-0416B33E8CD5}: NameServer = 85.255.115.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.106 85.255.112.111
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

I turned off Restore and have cleaned temp files, as well as running Spybot and other software to no avail. Can't wait to hear good news from you.

pantero07

[tetonbob]

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from on of these sites:

http://download.bleepingcomputer.com...Fixwareout.exe

http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.
----------------------------------------------------------------------------------------------------------

[pantero07]

I apologize for any infraction that I might have caused. Seeing so many posts made after mine with replies caused me to think that my heading might not have caused any interest. I now know better.

------------------------------------------------------------------------
Username "Ron" - 2007-08-08 18:29:03 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdujm.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.106 85.255.112.111" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0F44DE44-2E23-475A-8D1B-0416B33E8CD5}
"nameserver"="85.255.115.106,85.255.112.111" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3BFB0096-D3F9-4D97-98BD-07B8AA8E1EF1}
"nameserver"="85.255.115.106,85.255.112.111" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6B44A200-3D00-4A89-86E5-34FB27A5DB6B}
"nameserver"="85.255.115.106,85.255.112.111" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3B44EEF9-3E16-4DB5-9BFE-7850C150DC83}
"DhcpNameServer"="85.255.115.106,85.255.112.111" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdujm.ren 66643 08/04/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Advanced WindowsCare V2 Pro"="\"C:\\Program Files\\IObit\\Advanced WindowsCare V2 Pro\\Awc.exe\" /startup"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Red Swoosh"="C:\\Program Files\\RSSoft\\RedSwoosh.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:35:07 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.651.101.3:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175455316859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

Thank you for your assistance. I wait for your response.

[tetonbob]

Ok, let's continue. Your redirects should have abated now.

1. Download combofix.exe to your desktop.
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

[pantero07]

ComboFix 07-08-09.6 - "Ron" 2007-08-08 21:08:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.422 [GMT -7:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\cursor.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\setup.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\stopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timer.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timericon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\tm.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\warning.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\error.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\game.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\options.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\pause.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\start.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\style.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\strings.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\TriJinx.exe


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-08 21:07 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 18:29 8,448 --a------ C:\dnsbak.reg
2007-08-04 00:13 <DIR> d-------- C:\Program Files\Aimersoft
2007-08-01 22:54 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\Learn2.com
2007-08-01 18:02 <DIR> d-------- C:\Program Files\iPod
2007-08-01 18:01 <DIR> d-------- C:\Program Files\iTunes
2007-08-01 17:59 <DIR> d-------- C:\Program Files\QuickTime
2007-08-01 17:58 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-01 17:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-01 17:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-01 17:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-28 03:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-25 19:43 <DIR> d-------- C:\DOCUME~1\Ron\Shared
2007-07-25 19:43 <DIR> d-------- C:\DOCUME~1\Ron\Incomplete
2007-07-25 18:33 <DIR> d-------- C:\Program Files\LimeWire
2007-07-25 18:33 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\LimeWire
2007-07-18 23:03 <DIR> d-------- C:\Program Files\Minigolf Championship
2007-07-17 01:52 <DIR> d-------- C:\Program Files\Netflix
2007-07-13 11:56 <DIR> d-------- C:\Program Files\RSSoft
2007-07-09 13:07 <DIR> d-------- C:\Program Files\Retrospect
2007-07-09 13:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RetroExp
2007-07-09 13:05 <DIR> d-------- C:\Program Files\Maxtor
2007-07-08 01:04 <DIR> d-------- C:\Program Files\Alien Shooter - Fight For Life
2007-07-08 00:52 <DIR> d-------- C:\Program Files\Sloud


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 20:00 10085 --a------ C:\WINDOWS\msvrc20.dll
2007-08-08 18:30 --------- d-------- C:\Program Files\Pure Networks
2007-08-04 13:18 --------- d-------- C:\Program Files\Brave Dwarves Back for Treasures Set 5
2007-07-30 13:44 --------- d-------- C:\Program Files\BraveDwarves 2 Golden Fall Pack
2007-07-27 15:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 15:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 15:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 15:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 14:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 14:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 14:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-15 14:13 --------- d-------- C:\Program Files\IObit
2007-07-07 01:05 --------- d-------- C:\Program Files\Brave Dwarves 2 Summer Pack
2007-07-04 02:35 --------- d-------- C:\Program Files\Media Resizer PRO
2007-07-02 12:52 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-02 12:20 --------- d-------- C:\Program Files\DivX
2007-07-01 00:34 --------- d-------- C:\Program Files\Desktop Icon Toy
2007-06-30 23:28 --------- d-------- C:\DOCUME~1\Ron\APPLIC~1\PlayFirst
2007-06-30 03:12 --------- d-------- C:\Program Files\Quicken WillMaker Plus 2007
2007-06-30 02:34 --------- d-------- C:\Program Files\Realore
2007-06-28 00:46 --------- d-------- C:\Program Files\Morpheus Photo Morpher
2007-06-28 00:11 --------- d-------- C:\DOCUME~1\Ron\APPLIC~1\Morpheus Software
2007-06-27 11:04 --------- d-------- C:\DOCUME~1\Ron\APPLIC~1\BFGTOOLBAR
2007-06-26 17:26 --------- d-------- C:\Program Files\Fireplace 3D Screensaver
2007-06-21 00:50 --------- d-------- C:\Program Files\Wondershare
2007-06-20 01:09 --------- d-------- C:\Program Files\MuvAudio2
2007-06-19 01:04 --------- d-------- C:\Program Files\ImageBadger
2007-06-19 01:04 --------- d-------- C:\DOCUME~1\Ron\APPLIC~1\ImageBadger
2007-06-17 02:20 4096 --a------ C:\WINDOWS\d3dx.dat
2007-06-16 03:09 --------- d-------- C:\Program Files\RealApex
2007-05-30 23:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-30 23:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-30 23:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 08:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-10-06 23:14 420 --a--c--- C:\DOCUME~1\Ron\APPLIC~1\wklnhst.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 16:18]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25]
"TPSMain"="TPSMain.exe" [2005-05-31 17:16 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]
"Advanced WindowsCare V2 Pro"="C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2007-05-31 15:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-26 18:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-16 17:09:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron^Start Menu^Programs^Startup^AnyTime.lnk]
backup=C:\WINDOWS\pss\AnyTime.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
C:\Program Files\Citrix\GoToMeeting\190\g2mstart.exe "/Trigger RunAtLogon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
C:\Program Files\RSSoft\RedSwoosh.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime2006]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
ZoomingHook.exe

R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 Tvs;Toshiba Virtual Sound with SRS technologies;C:\WINDOWS\system32\DRIVERS\Tvs.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 MXOPSWD;Maxtor OneTouch Security Driver;C:\WINDOWS\system32\DRIVERS\mxopswd.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{191cec79-6ad3-11db-8c3a-0011f5c93d24}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-18 23:30:03 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job - C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
2007-08-08 04:13:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-09 03:00:31 C:\WINDOWS\Tasks\AwcProUpdate.job - C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 21:11:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xa58\x22c\xa58\x22c\1"
"DeviceDesc"="\xa58\x22c\xa58\x22c\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x560"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\ati display.temp\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 21:12:49
C:\ComboFix-quarantined-files.txt ... 2007-08-08 21:12

--- E O F ---

[tetonbob]

Good job.

Run this online scan to look for remnants:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 u2.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications". (4th one down)
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

[pantero07]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 09, 2007 12:21:16 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/08/2007
Kaspersky Anti-Virus database records: 377379
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 81349
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:22:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\e6da67e6c5a1a206566362ae419d3b2f_1009abe7-63ab-4255-8f96-e214937c0dbc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ron\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ron\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Temp\~DFD684.tmp Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Temp\~DFD68A.tmp Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ron\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ron\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\RSSoft\redswoosh.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9EC40301-F90A-46FA-A356-6992DD63542D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_530.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[tetonbob]

Just waiting for you to update your Java, and post a new HijackThis log. I'll have further instructions then.

[pantero07]

Sorry about that. Didn't notice the last line.

Logfile of HijackThis v1.99.1
Scan saved at 12:02:51 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.651.101.3:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175455316859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

[tetonbob]

Good job.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip
  C:\WINDOWS\Downloaded Program Files\popcaploader.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the log from OTMoveIt, located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

How is your system behaving?

[pantero07]

C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7ba8ab78-6699c632.zip moved successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll unregistered successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll moved successfully.

Created on 08/09/2007 13:15:09

It seems to be working fine. I have used Google Search with no ill effects and clicked on hypertext links without redirection.

Thank you again for all your assistance. I'm not computer-illiterate, but all of this goes far beyond my knowledge.

Hopefully, I'll never have to talk to you again, but if I do, I know I am in good hands. I will let anyone I know know what a great service you provide.

[tetonbob]

LOL, thanks, I take that as a compliment.

A couple more housecleaning chores to perform.

Run OTMoveIt again, and click on the Cleanup button. Follow the prompts. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.



Your logs appear clean.You should be good to go. We still have a few items to address.



C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Clear & Reset System Restore's Cache

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  

  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial

• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  Do not install more than one firewall program because they will conflict with each other.

• Comodo Personal Firewall
• ZoneAlarm

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[pantero07]

Everything seems to be running well. I already have Avast and Spybot S&D. I downloaded SpywareBlaster and Jason ?? Toolbox test.

Thank you again. Please close this thread!

Pantero07