WinAnitVirus and Drive Cleaner help

alrighty, here you go...

Logfile of HijackThis v1.99.1
Scan saved at 12:38:52 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RRIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\RRIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe



combofix...


Start Time= Sun 08/13/2006 12:40:00.78
Running from: C:\Documents and Settings\Brian Smith.BRIAN\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-13 11:45:34 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\MySpace "
2006-08-13 11:44:54 ( .D... ) "C:\Program Files\MySpace "
2006-08-13 11:20:24 ( .D... ) "C:\Program Files\Unlocker "
2006-08-13 04:30:20 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0 "
2006-08-08 22:34:14 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Mozilla "
2006-08-08 22:33:56 ( .D... ) "C:\Program Files\Mozilla Firefox "
2006-08-04 23:05:48 ( .D... ) "C:\Program Files\Alwil Software "
2006-08-04 03:20:56 573492 ( ..... ) "C:\WINDOWS\system32\mljjj.dll "
2006-08-02 17:11:16 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Lavasoft "
2006-08-02 17:11:08 ( .D... ) "C:\Program Files\Lavasoft "
2006-07-31 18:28:12 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Sun "
2006-07-31 00:30:12 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\InterVideo "
2006-07-30 23:06:00 ( .D... ) "C:\Program Files\BitLord "
2006-07-30 22:04:50 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\AdobeUM "
2006-07-30 19:32:40 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Aim "
2006-07-30 19:31:02 ( .D... ) "C:\Program Files\RRIM "
2006-07-30 18:04:56 ( .D... ) "C:\Program Files\Norton AntiVirus "
2006-07-30 18:04:28 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Symantec "
2006-07-30 16:59:52 ( .D... ) "C:\Program Files\Common Files\Symantec Shared "
2006-07-30 16:39:24 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Ahead "
2006-07-30 16:38:40 ( .D... ) "C:\Program Files\Common Files\Ahead "
2006-07-30 16:38:38 ( .D... ) "C:\Program Files\Ahead "
2006-07-30 16:34:38 ( .D... ) "C:\Program Files\CloneDVD "
2006-07-30 15:19:34 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Macromedia "
2006-07-30 15:12:22 ( .DS.. ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Microsoft "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\You've Got Pictures Screensaver "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\toshiba "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Identities "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\AOL "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Adobe "
2006-07-29 22:49:32 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Intel "
2006-07-25 18:03:44 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll "


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-12 03:39 597,504 C:\WINDOWS\system32\aswBoot.exe
2006-08-12 03:36 1,063,309,312 C:\hiberfil.sys
2006-08-08 18:48 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-04 03:20 573,492 C:\WINDOWS\system32\mljjj.dll
2006-08-02 15:57 299,520 C:\WINDOWS\uninst.exe
2006-08-01 16:50 98,304 C:\WINDOWS\system32\msir3jp.dll
2006-08-01 16:50 9,216 C:\WINDOWS\system32\kbdnecAT.dll
2006-08-01 16:50 838,144 C:\WINDOWS\system32\chtbrkr.dll
2006-08-01 16:50 70,656 C:\WINDOWS\system32\korwbrkr.dll
2006-08-01 16:50 7,680 C:\WINDOWS\system32\kbdnecNT.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\kbdnec95.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\kbdibm02.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\f3ahvoas.dll
2006-08-01 16:50 6,656 C:\WINDOWS\system32\kbdlk41a.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbdlk41j.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbdax2.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd106n.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd101a.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd101.dll
2006-08-01 16:50 218,112 C:\WINDOWS\system32\c_g18030.dll
2006-08-01 16:50 1,677,824 C:\WINDOWS\system32\chsbrkr.dll
2006-08-01 16:49 811,064 C:\WINDOWS\system32\imjp81k.dll
2006-08-01 16:49 8,704 C:\WINDOWS\system32\kbdjpn.dll
2006-08-01 16:49 8,192 C:\WINDOWS\system32\kbdkor.dll
2006-08-01 16:49 76,288 C:\WINDOWS\system32\uniime.dll
2006-08-01 16:49 6,656 C:\WINDOWS\system32\c_is2022.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd106.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd101c.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd101b.dll
2006-08-01 16:49 5,632 C:\WINDOWS\system32\kbd103.dll
2006-07-30 19:31 344,064 C:\WINDOWS\system32\msvcr70.dll
2006-07-30 17:00 466,944 C:\WINDOWS\system32\capicom.dll
2006-07-30 16:38 569,344 C:\WINDOWS\system32\imagr5.dll
2006-07-30 16:38 544,768 C:\WINDOWS\system32\imagx5.dll
2006-07-30 16:38 38,912 C:\WINDOWS\system32\picn20.dll
2006-07-30 16:38 283,920 C:\WINDOWS\system32\ImagXpr5.dll
2006-07-30 16:38 155,648 C:\WINDOWS\system32\NeroCheck.exe
2006-07-30 16:38 106,496 C:\WINDOWS\system32\TwnLib20.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TFncKy "= "TFncKy.exe "
"TDispVol "= "TDispVol.exe "
"igfxtray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"igfxhkcmd "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"igfxpers "= "C:\\WINDOWS\\system32\\igfxpers.exe "
"ehTray "= "C:\\WINDOWS\\ehome\\ehtray.exe "
"THotkey "= "C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe "
"SynTPLpr "= "C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe "
"SynTPEnh "= "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe "
"NDSTray.exe "= "NDSTray.exe "
"Tvs "= "C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe "
"TPSMain "= "TPSMain.exe "
"PadTouch "= "C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe "
"SmoothView "= "C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe "
"dla "= "C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe "
"Pinger "= "c:\\toshiba\\ivp\\ism\\pinger.exe /run "
"IntelZeroConfig "= "\ "C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\" "
"IntelWireless "= "\ "C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless "
"Ad-watch "= "C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-watch.exe "
"avast! "= "C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "
"avast! "= "C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"AIM "= "C:\\Program Files\\RRIM\\aim.exe -cnetwait.odl "
"toscdspd "= "TOSCDSPD.EXE "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "ewido anti-spyware 4.0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Metamail Trust Manager.lnk "
"backup "= "C:\\WINDOWS\\pss\\Metamail Trust Manager.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\METAMA~1\\METAMA~2\\METAMA~1.EXE "
"item "= "Metamail Trust Manager "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AGRSMMSG "
"hkey "= "HKLM "
"command "= "AGRSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Ares "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Ares\\Ares.exe\" -h "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NeroCheck "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS "=dword:00000002
"SAVScan "=dword:00000003
"ose "=dword:00000003
"aspnet_state "=dword:00000003
"AOL TopSpeedMonitor "=dword:00000002
"AOL ACS "=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 08/13/2006 12:41:03.82
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-11.175527.txt
ComboFix.2006-08-11.212206.txt
ComboFix.2006-08-12.134005.txt
ComboFix.2006-08-13.124000.txt

 

I keep seeing that Adwatch is running after you fix things, that needs to be completely disabled before we fix things and not enabled until there is nothing remaining on your system.

If need be, uninstall AdAware entirely. It's happened on more than one occasion that AdAware returns files removed.

So, once your sure that adwatch\adaware is not running, run the same fix as before, then post new combo log.

 

Sorry about the Adwatch thing. I forgot to disable it from starting when windows starts. Now, it is totally disabled. When I ran Unlocker on mljjj.dll again I was able to unlock and delete it. This time though I chose "delete" from the drop down menu on the bottom left side. It did make my desktop vanish and freeze me up but I did see a notification that it was deleted. I checked and WooHoo!!!.... it is gone. Here is a new combofix log


Start Time= Sun 08/13/2006 17:53:17.78
Running from: C:\Documents and Settings\Brian Smith.BRIAN\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-13 11:45:34 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\MySpace "
2006-08-13 11:20:24 ( .D... ) "C:\Program Files\Unlocker "
2006-08-13 04:30:20 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0 "
2006-08-08 22:34:14 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Mozilla "
2006-08-08 22:33:56 ( .D... ) "C:\Program Files\Mozilla Firefox "
2006-08-04 23:05:48 ( .D... ) "C:\Program Files\Alwil Software "
2006-08-02 17:11:16 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Lavasoft "
2006-08-02 17:11:08 ( .D... ) "C:\Program Files\Lavasoft "
2006-07-31 18:28:12 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Sun "
2006-07-31 00:30:12 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\InterVideo "
2006-07-30 23:06:00 ( .D... ) "C:\Program Files\BitLord "
2006-07-30 22:04:50 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\AdobeUM "
2006-07-30 19:32:40 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Aim "
2006-07-30 19:31:02 ( .D... ) "C:\Program Files\RRIM "
2006-07-30 18:04:56 ( .D... ) "C:\Program Files\Norton AntiVirus "
2006-07-30 18:04:28 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Symantec "
2006-07-30 16:59:52 ( .D... ) "C:\Program Files\Common Files\Symantec Shared "
2006-07-30 16:39:24 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Ahead "
2006-07-30 16:38:40 ( .D... ) "C:\Program Files\Common Files\Ahead "
2006-07-30 16:38:38 ( .D... ) "C:\Program Files\Ahead "
2006-07-30 16:34:38 ( .D... ) "C:\Program Files\CloneDVD "
2006-07-30 15:19:34 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Macromedia "
2006-07-30 15:12:22 ( .DS.. ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Microsoft "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\You've Got Pictures Screensaver "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\toshiba "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Identities "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\AOL "
2006-07-30 15:12:22 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Adobe "
2006-07-29 22:49:32 ( .D... ) "C:\Documents and Settings\Brian Smith.BRIAN\Application Data\Intel "
2006-07-25 18:03:44 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll "


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-12 03:39 597,504 C:\WINDOWS\system32\aswBoot.exe
2006-08-12 03:36 1,063,309,312 C:\hiberfil.sys
2006-08-08 18:48 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-08-02 15:57 299,520 C:\WINDOWS\uninst.exe
2006-08-01 16:50 98,304 C:\WINDOWS\system32\msir3jp.dll
2006-08-01 16:50 9,216 C:\WINDOWS\system32\kbdnecAT.dll
2006-08-01 16:50 838,144 C:\WINDOWS\system32\chtbrkr.dll
2006-08-01 16:50 70,656 C:\WINDOWS\system32\korwbrkr.dll
2006-08-01 16:50 7,680 C:\WINDOWS\system32\kbdnecNT.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\kbdnec95.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\kbdibm02.dll
2006-08-01 16:50 7,168 C:\WINDOWS\system32\f3ahvoas.dll
2006-08-01 16:50 6,656 C:\WINDOWS\system32\kbdlk41a.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbdlk41j.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbdax2.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd106n.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd101a.dll
2006-08-01 16:50 6,144 C:\WINDOWS\system32\kbd101.dll
2006-08-01 16:50 218,112 C:\WINDOWS\system32\c_g18030.dll
2006-08-01 16:50 1,677,824 C:\WINDOWS\system32\chsbrkr.dll
2006-08-01 16:49 811,064 C:\WINDOWS\system32\imjp81k.dll
2006-08-01 16:49 8,704 C:\WINDOWS\system32\kbdjpn.dll
2006-08-01 16:49 8,192 C:\WINDOWS\system32\kbdkor.dll
2006-08-01 16:49 76,288 C:\WINDOWS\system32\uniime.dll
2006-08-01 16:49 6,656 C:\WINDOWS\system32\c_is2022.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd106.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd101c.dll
2006-08-01 16:49 6,144 C:\WINDOWS\system32\kbd101b.dll
2006-08-01 16:49 5,632 C:\WINDOWS\system32\kbd103.dll
2006-07-30 19:31 344,064 C:\WINDOWS\system32\msvcr70.dll
2006-07-30 17:00 466,944 C:\WINDOWS\system32\capicom.dll
2006-07-30 16:38 569,344 C:\WINDOWS\system32\imagr5.dll
2006-07-30 16:38 544,768 C:\WINDOWS\system32\imagx5.dll
2006-07-30 16:38 38,912 C:\WINDOWS\system32\picn20.dll
2006-07-30 16:38 283,920 C:\WINDOWS\system32\ImagXpr5.dll
2006-07-30 16:38 155,648 C:\WINDOWS\system32\NeroCheck.exe
2006-07-30 16:38 106,496 C:\WINDOWS\system32\TwnLib20.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TFncKy "= "TFncKy.exe "
"TDispVol "= "TDispVol.exe "
"igfxtray "= "C:\\WINDOWS\\system32\\igfxtray.exe "
"igfxhkcmd "= "C:\\WINDOWS\\system32\\hkcmd.exe "
"igfxpers "= "C:\\WINDOWS\\system32\\igfxpers.exe "
"ehTray "= "C:\\WINDOWS\\ehome\\ehtray.exe "
"THotkey "= "C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe "
"SynTPLpr "= "C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe "
"SynTPEnh "= "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe "
"NDSTray.exe "= "NDSTray.exe "
"Tvs "= "C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe "
"TPSMain "= "TPSMain.exe "
"PadTouch "= "C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe "
"SmoothView "= "C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe "
"dla "= "C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe "
"Pinger "= "c:\\toshiba\\ivp\\ism\\pinger.exe /run "
"IntelZeroConfig "= "\ "C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\" "
"IntelWireless "= "\ "C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless "
"avast! "= "C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "
"avast! "= "C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"AIM "= "C:\\Program Files\\RRIM\\aim.exe -cnetwait.odl "
"toscdspd "= "TOSCDSPD.EXE "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "ewido anti-spyware 4.0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Metamail Trust Manager.lnk "
"backup "= "C:\\WINDOWS\\pss\\Metamail Trust Manager.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\METAMA~1\\METAMA~2\\METAMA~1.EXE "
"item "= "Metamail Trust Manager "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AGRSMMSG "
"hkey "= "HKLM "
"command "= "AGRSMMSG.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Ares "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Ares\\Ares.exe\" -h "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NeroCheck "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS "=dword:00000002
"SAVScan "=dword:00000003
"ose "=dword:00000003
"aspnet_state "=dword:00000003
"AOL TopSpeedMonitor "=dword:00000002
"AOL ACS "=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 08/13/2006 17:53:58.32
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-11.175527.txt
ComboFix.2006-08-11.212206.txt
ComboFix.2006-08-12.134005.txt
ComboFix.2006-08-13.124000.txt
ComboFix.2006-08-13.175317.txt

I know you are probably wondering why I bolded the Ares Reg Key. I did that because I just noticed it when I was looking back over the log and I am going to delete it now. I uninstalled the program but it left the reg key.

 

Hey great work, glad to see we finally got that sucker.

That key value can just be deleted, it's not hurting anything.

Is your machine now behaving as it was previously, or actually I hope it's better than ever.

Let me know.

 

I have not had anymore of the pop-ups and everything has been running good except my wifi connection that I "steal" from a neighbor, he leaves it open so I use it, nothing illegal there. I am too cheap to buy a wireless router right now so his works fine for me. One thing I have a question about is all of the programs that run on startup. Most of them are windows programs and toshiba programs but there are 51 programs running when i boot up. It make my loading time slow but with 1024 mb of ram everything is quick after that. Is there some programs I can do without on startup?

 

Well I guess as long as the neighbor knows ya 'borrowing' his bandwidth, guess it's ok. Of course I wouldn't be doing any banking on his network, he could have monitors on and all of that.

In so far as loading programs at start up, most all lap tops have a ton of processes and services running, but I couldn't advise if they are all needed. Best thing to do is use a few sites to determine that.

AnswersThatWork

That's one of the more popular ones. Just go to the appropriate letter, and search for the process/exe, they will give good detailed info regarding it, we use it quite often.

And now, my closing speech and recommendations for keeping your visits here to a minimum.

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom

Due to resolution or the lack of feedback this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.