Sparky21

Did some of tht already.....sry i jumped ahead....thxs for the help...the system seems stable....everything runs great reinstalled java...if it returns or i have a problem i will post back....wht caused this problem in the first place???any ideas....i did some research and it mainly pointed toward java...but wht doesnt make sense is like u said to delete the entry for yahoo toll which was pointless but yahoo isnt associated when u download java it is the google toolbar...so my real question and concern is where did it come from????

Happy Birthday......

Well idk y but it seems to be gone now....thx for the help apparently combo did the trick will post back if it seems to return but after many reboots it has yet to show itself...thxs again vet

Thxs for the welcome....

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:49:51 AM, on 7/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\IntouchAccelerator\PxUi.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.intouchmi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\IntouchAccelerator\PxUi.exe" /Automation O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153929869562 O20 - AppInit_DLLs: iqoknnqy.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 5467 bytes COMBO FIX ComboFix 08-07-07.3 - Janet 2008-07-08 10:43:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.144 [GMT -4:00] Running from: C:\Documents and Settings\Janet\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMdb96b652.txt C:\WINDOWS\system32\biulkjxt.ini C:\WINDOWS\system32\cudvrggw.ini C:\WINDOWS\system32\cuyepjvi.ini C:\WINDOWS\system32\dredltgs.ini C:\WINDOWS\system32\eaojtudr.ini C:\WINDOWS\system32\fhihnrip.ini C:\WINDOWS\system32\fwymdlrh.ini C:\WINDOWS\system32\hywtttet.ini C:\WINDOWS\system32\ijlbwbhf.ini C:\WINDOWS\system32\iqoknnqy.dll C:\WINDOWS\system32\ldnkuvab.ini C:\WINDOWS\system32\mkipilno.ini C:\WINDOWS\system32\pumhmhta.ini C:\WINDOWS\system32\qfsuyxga.ini C:\WINDOWS\system32\rbteedlw.ini C:\WINDOWS\system32\trypergw.ini C:\WINDOWS\system32\tvplfjfc.ini C:\WINDOWS\system32\ugelpblr.ini C:\WINDOWS\system32\ujwubbhe.dll C:\WINDOWS\system32\umaebhjx.ini C:\WINDOWS\system32\vxmlgebc.ini C:\WINDOWS\system32\ymkurrjj.ini C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))) . 2008-07-03 12:16 . 2008-07-03 12:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-07-02 17:02 . 2008-07-02 17:02 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-07-02 14:41 . 2008-07-02 14:41 <DIR> d-------- C:\Program Files\CCleaner 2008-07-02 14:40 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-02 14:40 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-02 14:39 . 2008-07-02 14:39 2,568 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-07-02 12:55 . 2008-07-08 09:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-02 12:55 . 2008-07-02 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-25 14:40 . 2008-06-25 14:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-25 14:36 . 2008-04-14 02:53 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2008-06-25 14:35 . 2006-12-29 03:31 19,569 --a------ C:\WINDOWS\002751_.tmp 2008-06-25 14:30 . 2008-06-25 14:30 <DIR> d-------- C:\WINDOWS\EHome 2008-06-25 12:17 . 2008-07-02 14:42 <DIR> d-------- C:\Program Files\Common Files\Command Software 2008-06-25 12:16 . 2008-07-08 10:46 <DIR> d-------- C:\Program Files\IntouchAccelerator 2008-06-24 14:51 . 2008-06-24 14:51 <DIR> d-------- C:\Documents and Settings\Janet\Application Data\Malwarebytes 2008-06-24 14:47 . 2008-06-24 16:14 <DIR> d-------- C:\Program Files\Unlocker 2008-06-24 12:57 . 2008-07-02 18:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-24 12:57 . 2008-07-03 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-24 10:13 . 2006-03-20 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-06-24 10:13 . 2006-03-20 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba 2008-06-24 10:13 . 2006-03-20 17:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-06-24 10:13 . 2008-07-02 14:35 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-24 10:07 . 2008-06-24 10:07 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-17 17:17 . 2008-06-24 10:04 110,390 --a------ C:\WINDOWS\BMdb96b652.xml . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 20:10 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-06-24 20:13 --------- d-----w C:\Program Files\Lavasoft 2008-06-24 18:40 --------- d-----w C:\Program Files\TOSHIBA 2008-06-24 18:37 --------- d-----w C:\Program Files\Toshiba Games 2008-06-24 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-14 12:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 12:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 12:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll 2008-04-14 12:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll 2008-04-14 12:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll 2008-04-14 12:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll 2007-09-10 22:46 514 ----a-w C:\Documents and Settings\Janet\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 12:18 307200] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 01:05 344064] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 18:03 356352] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 20:03 82012] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 20:02 761948] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 02:06 1077322] "dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 09:20 122940] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 00:26 368706] "PxClient.exe"="C:\Program Files\IntouchAccelerator\PxUi.exe" [2006-10-30 19:09 1912832] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-04 00:29 88204 C:\WINDOWS\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-06-01 01:00 282624 C:\WINDOWS\system32\TPSMain.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=iqoknnqy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 08:42 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2006-10-31 18:06 204843 C:\Program Files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] --a------ 2005-03-17 21:37 151552 c:\TOSHIBA\IVP\ISM\pinger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2005-04-26 20:13 122880 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2004-12-30 04:32 65536 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] --a------ 2006-02-02 15:11 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 21:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-12-09 18:49 15691264 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol] --a------ 2005-03-11 19:03 73728 C:\WINDOWS\system32\TDispVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Swupdtmr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\IntouchAccelerator\\PxClient.exe"= . - - - - ORPHANS REMOVED - - - - HKLM-Run-NDSTray.exe - NDSTray.exe HKLM-Run-CFSServ.exe - CFSServ.exe MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe MSConfigStartUp-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe MSConfigStartUp-MSKDetectorExe - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe MSConfigStartUp-VSOCheckTask - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe MSConfigStartUp-TFncKy - TFncKy.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-08 10:46:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\IntouchAccelerator\Pxlsp.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-07-08 10:48:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-08 14:48:54 Pre-Run: 71,917,326,336 bytes free Post-Run: 71,816,044,544 bytes free 192 --- E O F --- 2008-06-25 18:57:42 There you go....thxs for the quick response....

Malwarebytes' Anti-Malware 1.19 Database version: 914 Windows 5.1.2600 Service Pack 3 2:16:20 PM 7/3/2008 mbam-log-7-3-2008 (14-16-20).txt Scan type: Full Scan (C:\|) Objects scanned: 85919 Time elapsed: 1 hour(s), 56 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:18:12 PM, on 7/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\IntouchAccelerator\PxUi.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\WINDOWS\regedit.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://members.intouchmi.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.intouchmi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: {224852cb-c5f8-c5e8-5f44-bb56ebb5d16e} - {e61d5bbe-65bb-44f5-8e5c-8f5cbc258422} - C:\WINDOWS\system32\iqoknnqy.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\IntouchAccelerator\PxUi.exe" /Automation O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153929869562 O20 - AppInit_DLLs: iqoknnqy.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 6022 bytes I would run Panda but i need to have a link to download and then run on the computer because it is not hooked to the net at the moment....thxs for all help and i am willing to try just about anything....ps..i also ran spy bot and it doesnt pick up any infections...

I am a 20yr old who has a little knowledge on computers and is trying to find some half way decent programs to help with repair of some pcs...I hope to be able to give advice or insight on certain topics.. I also hope to have some of my own personal problems with pcs to be solved...alltogether i hope i am a good additon to the site...well lets have some fun and stay intouch...

I have a Toshiba Satilite running windows xp home sp3 and mb prints up....HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. But it is not deleted and removed it reappers after every reboot.. .I have also done mb in safe mode and it comes back with teh same problem...i Hva ealso removed all java installed software...i tried to delete it manually out of the regedit but it still returns...my brain is rattled..i am new to this forum and i am sry if i posted this in the incorrect manner but help would be greatlly apprecitated...thxs respond asap if possible.....