Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 7.0 Won't Display Sites. Help


  • This topic is locked This topic is locked
17 replies to this topic

#1 Jwindyka

Jwindyka

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 10 June 2008 - 01:19 AM

I did have 22 virus / what ever else. I use spybot Search and Destroy 1.5.2 to remove any threats. I also installed. AVG 8.0 and scanned my Harddrive a few times. looks like it removed everything. When I use both programs they come up with nothing at all. But when I try to run IE 7.0 it opens two windows and just sits there and IE locks up. I can send e-mails and receive them also so its not the connection I am networked with two computeres with Network Magic. I feel that there is something controlling my computer, I don't know what it is. The bad thing is I can't get on the internet todo what your site suggests like the free online scanner. I do have a hijackthis log. If I can get on the internet it would be easier to fix it. Please help.

If there is anything that looks messed up please help me clean this up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:30 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\James Windyka\Desktop\Doc & Pics\Programs-N-Pics\Spyware Programs\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/search?query=colle...;sg=40&ss=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMbf9cdd53] Rundll32.exe "C:\WINDOWS\system32\gsfutcfc.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.sc5.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://gsn.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124405992046
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150759961328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Conexant Systems - (no file)

--
End of file - 13097 bytes

BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 11 June 2008 - 05:01 AM

Hello Jwindyka and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 11 June 2008 - 10:28 PM

Here is all 3 logs. Thank you so far for your help!! LMK if there is anything else you need.

Malwarebytes' Anti-Malware 1.17
Database version: 849

9:28:52 PM 6/11/2008
mbam-log-6-11-2008 (21-28-52).txt

Scan type: Quick Scan
Objects scanned: 41413
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbf9cdd53 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\duagstjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pjtsgaud.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\irmbmbce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:31 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\James Windyka\Desktop\Doc & Pics\Programs-N-Pics\Spyware Programs\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/search?query=colle...;sg=40&ss=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://gsn.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124405992046
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150759961328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Conexant Systems - (no file)

--
End of file - 12347 bytes


ComboFix 08-06-10.5 - James Windyka 2008-06-11 21:37:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.159 [GMT -5:00]
Running from: C:\Documents and Settings\James Windyka\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\desktop.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahtymmli.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ctcrmybu.ini
C:\WINDOWS\SYSTEM32\eMoUDcdd.ini
C:\WINDOWS\SYSTEM32\eMoUDcdd.ini2
C:\WINDOWS\system32\ksgaclwg.ini
C:\WINDOWS\system32\nkmthoim.ini
C:\WINDOWS\system32\vmss
C:\WINDOWS\system32\vyFiQXbc.ini
C:\WINDOWS\SYSTEM32\vyFiQXbc.ini2
C:\WINDOWS\system32\xddahidj.ini
C:\WINDOWS\SYSTEM32\XIkkRXyb.ini
C:\WINDOWS\SYSTEM32\XIkkRXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Documents and Settings\James Windyka\Application Data\Malwarebytes
2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 21:03 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-11 21:03 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-09 09:13 . 2008-06-11 15:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-06-09 09:13 . 2008-06-09 09:13 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-06-09 09:13 . 2008-06-09 09:13 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-06-09 09:13 . 2008-06-09 09:13 12,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys
2008-06-09 09:13 . 2008-06-09 09:13 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-06-09 09:11 . 2008-06-09 09:11 45,568 --a------ C:\WINDOWS\SYSTEM32\avgfwdx.dll
2008-06-09 09:11 . 2008-06-09 09:11 22,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys
2008-06-09 08:53 . 2008-06-09 08:53 1,402 --a------ C:\WINDOWS\SYSTEM32\wpa.bak
2008-06-08 22:10 . 2006-02-28 07:00 2,178,131 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\shvlres.dll
2008-06-08 22:09 . 2006-02-28 07:00 343,040 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mspaint.exe
2008-06-08 22:08 . 2006-02-28 07:00 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll
2008-06-08 22:07 . 2006-02-28 07:00 1,817,687 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bckgres.dll
2008-06-08 22:02 . 2006-02-28 07:00 16,384 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\isignup.exe
2008-06-08 22:02 . 2008-06-08 22:02 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-08 22:02 . 2008-06-08 22:02 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-06-08 22:02 . 2008-06-08 22:02 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-06-08 22:02 . 2008-06-08 22:02 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-06-08 22:02 . 2008-06-08 22:02 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-06-08 17:55 . 2008-06-08 17:57 4,507 --a------ C:\WINDOWS\imsins.BAK
2008-06-08 02:39 . 2008-06-08 19:08 32,310 --a------ C:\WINDOWS\setupapi.old
2008-06-07 18:24 . 2008-06-07 18:24 <DIR> d-------- C:\!KillBox
2008-06-06 20:06 . 2008-06-11 21:28 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-03 21:59 . 2008-06-07 22:00 48 --a------ C:\WINDOWS\BMbf9cdd53.xml
2008-06-01 22:42 . 2008-06-01 22:42 <DIR> d-------- C:\PSP
2008-05-31 17:58 . 2007-06-27 08:00 61,440 --a------ C:\WINDOWS\SYSTEM32\zIMF.DLL
2008-05-31 17:58 . 2007-06-27 08:00 53,248 --a------ C:\WINDOWS\SYSTEM32\ZTAG.DLL
2008-05-16 03:03 . 2008-05-16 03:03 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 06:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-09 00:57 --------- d-----w C:\Documents and Settings\James Windyka\Application Data\Lavasoft
2008-06-07 23:27 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 22:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-21 04:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 02:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 02:05 --------- d-----w C:\Program Files\MagicISO
2008-05-11 15:41 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-05-11 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-07 01:59 --------- d-----w C:\Documents and Settings\James Windyka\Application Data\Media Player Classic
2008-05-07 00:01 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-12 02:47 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-09-20 21:42 87,608 ----a-w C:\Documents and Settings\James Windyka\Application Data\inst.exe
2007-09-20 21:42 47,360 ----a-w C:\Documents and Settings\James Windyka\Application Data\pcouffin.sys
2006-11-10 21:01 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-30 10:04 5,928 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2004-11-25 16:43 270,713,646 --sha-w C:\WINDOWS\AppPatch\sndnib.bak1
2004-11-25 16:48 270,714,893 --sha-w C:\WINDOWS\AppPatch\sndnib.bak2
2004-11-23 16:04 359,238 --sha-w C:\WINDOWS\Help\starter\pibew.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 08:14 163840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-09 09:12 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"aux1"= ctwdm32.dll
"VIDC.I263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClubFreestyle Buddy.lnk]
backup=C:\WINDOWS\pss\ClubFreestyle Buddy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^James Windyka^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^James Windyka^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^James Windyka^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
--a------ 2001-09-23 08:14 163840 C:\WINDOWS\DELLMMKB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoviePlace]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TGDC IE Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 17:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XupiterStartup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"bcafeecf"=rundll32.exe "C:\WINDOWS\system32\duagstjp.dll",b
"BMbf9cdd53"=Rundll32.exe "C:\WINDOWS\system32\gsfutcfc.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-09 09:13]
R0 Pnp680;SiI 680 ATA Controller;C:\WINDOWS\system32\DRIVERS\pnp680.sys [2006-11-15 11:32]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 05:00]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-09 09:13]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\System32\drivers\SSHDRV85.sys [2006-03-27 23:30]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-09 09:12]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-09 09:12]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-06-09 09:12]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-09 09:13]
R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 14:41]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-09 09:11]
R3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2001-10-10 17:37]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 16:18]
R3 psa906;PSA2 Ultimate Edge (WDM);C:\WINDOWS\system32\drivers\psa906.sys [2004-05-19 13:06]
R3 PSC1906S;PHILIPS Ultimate Edge Audio Controller WDM;C:\WINDOWS\system32\drivers\PSC1906.sys [2004-05-17 12:38]
R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys [2003-08-02 16:00]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-09 09:11]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 11:00:00 C:\WINDOWS\Tasks\Ace Optimizer Maintenance.job"
- C:\Program Files\Ace Utilities\au.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 21:45:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\SYSTEM32\devldr32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Netropa\OSD.exe
.
**************************************************************************
.
Completion time: 2008-06-11 21:57:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 02:56:58

Pre-Run: 7,370,346,496 bytes free
Post-Run: 7,280,623,616 bytes free

481 --- E O F --- 2008-06-11 08:01:01

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 12 June 2008 - 03:14 AM

Looking good, Jwindyka :thumbsup:

Navigate, using Windows Explorer, to and delete the following file if still present:C:\WINDOWS\BMbf9cdd53.xml <== file
Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 12 June 2008 - 06:36 PM

I did everything you said. I went to pull up Internet Explorer and It did the same thing opened up IE 7.0 was able to type in the web address and once I hit Enter it opened up another window and just sat there like it was locked up. I had to end process to get them to close down. So I did CTRL, ALT, DELETE and update.exe kept popup on the Processes like 8 times. turn on then close. I think there is something still on my computer.

Also when I run Window Update. It will download them but when there install it says Update not installed.

Let me know what else todo.

James W.

Thank you for your help so far.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 13 June 2008 - 08:25 AM

You're right, James

That doesn't sound good at all. :thumbsup:

Can I see a fresh HijackThis log please ?

Also, I'd like you to run an online scan :

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • choose the second option Extended - ptotect your ....
    • Scan Options:select Scan Archives and Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
    Posted Image
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report. Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 13 June 2008 - 05:10 PM

I tired to get on the site but my IE7 won't connect to the page is there a program that can scan and I can give you a txt of what it finds? When I look at what is running in the background.. When I open IE7 it pops up 2 processes IEXPLORE.EXE but only one ie7 is running. What can I do? Also here is the log

on the R0 and R1 will any of that stop IE7 from working? I would like to remove anything dealing with IE7 that is not a must to run the program... Let me know what else I can take on the HJT log.

James W.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:31 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James Windyka\Desktop\Doc & Pics\Programs-N-Pics\Spyware Programs\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/search?query=colle...;sg=40&ss=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://gsn.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124405992046
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150759961328
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Conexant Systems - (no file)

--
End of file - 12252 bytes

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 14 June 2008 - 05:37 AM

Hello James,

No active malware visible in your log. :thumbsup:

Using the Search option in Windows Explorer, can you search for update*.exe please ?
Make sure to include hidden and system files in the search as well.

Let me know if anything is found.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 15 June 2008 - 08:41 PM

Nothing came up on the scan. I am not sure. You think IE7 is damaged? or Messed up? what should I do??

James W.

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 16 June 2008 - 03:29 AM

Hello James,

Reconfigure Windows XP to show hidden files:Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the Hide protected operating system files (recommended) option.
Uncheck the Hide file extensions for known file types option.
Click Yes to confirm. Click OK.
[/list]Navigate, using Windows Explorer, to and delete the content of the following folders (NOT the folders themselves !!!):C:\WINDOWS\Temp <== folder
C:\Documents and Settings\James Windyka\Local Settings\Temp <== folder
C:\Documents and Settings\All Users\Local Settings\Temp <== folder
C:\Documents and Settings\James Windyka\Local Settings\Temporary Internet Files\Content.IE5 <== folder
Next go to Start > Run, and type cmd and hit OK
In the command window that opens : type ipconfig /flushdns (that space between g and / is needed)
then hit Enter, type Exit and hit Enter to close the window.

Next, download and unzip Dial-a-Fix to its own folder on your desktop:Open the Dial-a-Fix folder, launch the program by clicking on the blue cog-wheel icon.
First, click the "Policies..." button on the bottom.
If anything is found, make sure it's checked and then, click the "Remove" button and click the "Close" button to close that window.
Now click the green, double check icon (Check all) on the bottom.
Then click on 'GO' at the bottom.
Click "Exit" and restart your pc when Dial-a-Fix has done.
Are those updates getting installed now ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 16 June 2008 - 07:01 PM

I feel we are getting closer to the problem. I did everything you said todo. Now the updates will install. When I went to turn off the computer and reboot Windows said 47 updates installing and I watched each one install as I think they did. When it rebooted another update came up, and I installed that one and it did install.

Now I went to my processer running in the back ground and update.exe was poping up all over. So I did a search and here it is.

update*.exe
search all files.

result

267 update*.exe were found.

Is that bad? LMK

Thank you for your time so far.

James W.

Texas Fan Works.

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 17 June 2008 - 04:00 AM

Hello James,

Well, it seems the updating problem is fixed. :thumbsup:

Now about those update.exe's you found,
can you tell me where they are found, give a full path description of some of them ?

Greetings,
Thunder

Edited by Thunder, 17 June 2008 - 04:00 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 17 June 2008 - 08:35 PM

Here is what came up.

update*.exe

There is like 310 total now.

One of these.
C:\8\update
C:\Program Files\FoneSync
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Strategy First\AutoUpdate

73 of these files below
C:\WINDOWS\$NtUninstallKB885835$
C:\WINDOWS\$NtUninstallKB885836$
C:\WINDOWS\$NtUninstallKB950749$

134 of these files below
C:\WINDOWS\$hf_mig$\KB873333\update
C:\WINDOWS\$hf_mig$\KB873339\update
C:\WINDOWS\$hf_mig$\KB931768-IE7\update
C:\WINDOWS\$hf_mig$\KB932823-v3\update

2 of these
C:\WINDOWS\$xpsp1hfm$\Q329048\update
C:\WINDOWS\$xpsp1hfm$\Q329834\update

97 of these files below.
C:\WINDOWS\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\update
C:\WINDOWS\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\update
C:\WINDOWS\SoftwareDistribution\Download\f90f6c0c452945125b5a22f96ec4c469\update

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:24 AM

Posted 18 June 2008 - 07:59 AM

Hello James,

Those are all legit Windows updates. :thumbsup:

Now I went to my processer running in the back ground and update.exe was poping up all over.

Can it be you checked while the update installations were in progress ?

What problems are you still experiencing ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 Jwindyka

Jwindyka
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:05:24 PM

Posted 18 June 2008 - 03:51 PM

I still can not get on the Internet with Internet Explorer 7.0. I can't even surf. I can get e-mail from outlook express and send and receive e-mail with no problem. I can update now. but when I open Internet Explorer 7.0. It will open fine but when I type a web address it like www.yahoo.com or www.google.com it will go white blank screen and then another window of IE7 will open up then it will just sit there. I was thinking of going back to 6.0 and see if that will fix it. or do another windows repair to see if that will fix the problem. I don't know.

James W.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users