Jump to content

Photogrrlz

Member
  • Posts

    44
  • Joined

  • Last visited

Everything posted by Photogrrlz

  1. okay I did a avg scan and adaware scan in normal mode and safe mode. I made a new hijack log in normal mode... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:11, on 2007-11-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92 O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10043 bytes
  2. I beat games pretty quick so its pointless for me to buy them
  3. They always come right back after removing them....
  4. which files can I get rid of.... also, I cant connect to internet in safe mode :( I beleive I need to get rid of Win32.Trojandownloader.Zlob but no clue....I did a google on it
  5. should I try to do a fix in safe mode?
  6. It just seems as soon as its deleted it is right back....
  7. I dont see a Qoofix, but I do see a Qoobox.....
  8. Sadly no they arent going away....it gets deleted I do another scan and its back....just like the combo fix....
  9. Also this keeps changing to this on IE..... I hate IE I dont even use it..... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php
  10. Here is a quick scan.... Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, November 16, 2007 7:43:28 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R202 12.11.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):8 total references Win32.Trojandownloader.Zlob(TAC index:10):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-16-2007 7:43:28 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 148 ThreadCreationTime : 11-17-2007 12:41:00 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 11-17-2007 12:41:12 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 11-17-2007 12:41:14 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 11-17-2007 12:41:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 11-17-2007 12:41:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 11-17-2007 12:41:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 488 ThreadCreationTime : 11-17-2007 12:41:26 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 596 ThreadCreationTime : 11-17-2007 12:41:30 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 816 ThreadCreationTime : 11-17-2007 12:41:57 AM BasePriority : Normal FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) ProductVersion : 6.00.2900.3156 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1164 ThreadCreationTime : 11-17-2007 12:43:04 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {11a69ae4-fbed-4832-a2bf-45af82825583} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 4 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 4 MRU List Object Recognized! Location: : C:\Documents and Settings\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : File Data : Online Security Guide.lnk TAC Rating : 10 Category : Malware Comment : Object : c:\documents and settings\all users\start menu\ Win32.Trojandownloader.Zlob Object Recognized! Type : File Data : tracking.log TAC Rating : 10 Category : Malware Comment : Object : c:\system volume information\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 14 7:47:24 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:03:56.344 Objects scanned:94418 Objects identified:6 Objects ignored:0 New critical objects:6
  11. Here is a full scan... Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, November 16, 2007 7:58:17 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R202 12.11.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):2 total references Tracking Cookie(TAC index:3):7 total references Virtumonde(TAC index:10):7 total references Win32.TrojanDownloader.Agent(TAC index:10):2 total references Win32.Trojandownloader.Zlob(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-16-2007 7:58:17 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 148 ThreadCreationTime : 11-17-2007 12:41:00 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 11-17-2007 12:41:12 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 11-17-2007 12:41:14 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 11-17-2007 12:41:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 11-17-2007 12:41:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 11-17-2007 12:41:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 488 ThreadCreationTime : 11-17-2007 12:41:26 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 596 ThreadCreationTime : 11-17-2007 12:41:30 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 816 ThreadCreationTime : 11-17-2007 12:41:57 AM BasePriority : Normal FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) ProductVersion : 6.00.2900.3156 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1164 ThreadCreationTime : 11-17-2007 12:43:04 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:11 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 1700 ThreadCreationTime : 11-17-2007 12:57:51 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} Win32.Trojandownloader.Zlob Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {11a69ae4-fbed-4832-a2bf-45af82825583} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 6 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@ad.yieldmanager[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@adrevolver[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : guest@realmedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt Virtumonde Object Recognized! Type : File Data : geebx.dll.vir TAC Rating : 10 Category : Malware Comment : Object : C:\qoobox\Quarantine\C\WINDOWS\system32\ Virtumonde Object Recognized! Type : File Data : xxyxwuu.dll.vir TAC Rating : 10 Category : Malware Comment : Object : C:\qoobox\Quarantine\C\WINDOWS\system32\ Virtumonde Object Recognized! Type : File Data : xxyxxya.dll.vir TAC Rating : 10 Category : Malware Comment : Object : C:\qoobox\Quarantine\C\WINDOWS\system32\ Win32.TrojanDownloader.Agent Object Recognized! Type : File Data : tsitra1000106.exe.vir TAC Rating : 10 Category : Virus Comment : Object : C:\qoobox\Quarantine\C\WINDOWS\ FileVersion : 0, 0, 0, 0 ProductVersion : 0, 0, 0, 0 Win32.TrojanDownloader.Agent Object Recognized! Type : File Data : A0114879.exe TAC Rating : 10 Category : Virus Comment : Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\ FileVersion : 0, 0, 0, 0 ProductVersion : 0, 0, 0, 0 Virtumonde Object Recognized! Type : File Data : A0114882.dll TAC Rating : 10 Category : Malware Comment : Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\ Virtumonde Object Recognized! Type : File Data : A0114888.dll TAC Rating : 10 Category : Malware Comment : Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\ Virtumonde Object Recognized! Type : File Data : A0114889.dll TAC Rating : 10 Category : Malware Comment : Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 21 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : File Data : Online Security Guide.lnk TAC Rating : 10 Category : Malware Comment : Object : c:\documents and settings\all users\start menu\ Virtumonde Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\jkwslist Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 23 8:23:21 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:25:03.875 Objects scanned:182239 Objects identified:21 Objects ignored:0 New critical objects:21
  12. Okay I did some scans, but here is some logfile info I got from the adware.... Here are some details of zlobs... Name:Virtumonde Category:Malware Object Type:File Size:34304 Bytes Location:C:\qoobox\Quarantine\C\WINDOWS\system32\xxyxxya.dll.vir Last Activity:11-17-2007 1:11:12 AM Relevance:Low TAC index:10 Comment: Description:Virtumonde may cause system instability, auto updates and opens unsolicited websites. No uninstaller. Bundled install that is undisclosed.There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed. Name:Win32.Trojandownloader.Zlob Category:Malware Object Type:File Size:20480 Bytes Location:c:\system volume information\tracking.log Last Activity:11-17-2007 12:47:24 AM Relevance:Low TAC index:10 Comment: Description:Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloads other applications such as SpyDawn and other rogue anti-spyware software.
  13. Here it is in safe mode....I havent attempted any fixes on this... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:10, on 2007-11-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7529 bytes
  14. I currently use Zone Alarm is there a better program out there for me to use? FYI...I would like free if possible....
  15. Okay I have a dumb question since I seen it on the combofix... what is a rootkit? also I guess that is the catchme program off of combofix? I read that it was because of a rootkit that the system32 folder was deleted
  16. I want to rent this game, I heard it has great reviews so far. Never played the other Call of Dutys, but this one looks great.
  17. It comes out on DVD Nov. 20.....
  18. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:49 PM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe C:\WINDOWS\system32\RUNDLL32.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92 O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9381 bytes
  19. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:08 PM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing) O2 - BHO: 0 - {2D887A9A-56E9-44C8-BBB3-1BCE19771E1B} - C:\Program Files\Messenger\lafune.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\ldfixrql.dll",b O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92 O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9720 bytes
  20. Ok on a sidenote, when I did a combofix the caution symbol and desktop icons disappeared but it returend maybe under a half hour or so later.....
  21. I cant do the Java yet...It is offline for maintenance.... After that I will do a hijack :D
  22. Here is my Combofix log..... ComboFix 07-11-08.3 - Mobile Pimp 2007-11-13 22:38:39.1 - NTFSx86 Running from: C:\Documents and Settings\Mobile Pimp\Desktop\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\Mobile Pimp\Desktop\Live Safety Center.lnk C:\Documents and Settings\Mobile Pimp\Desktop\Online Security Guide.lnk C:\Documents and Settings\Mobile Pimp\Favorites\Online Security Guide.lnk C:\Documents and Settings\Mobile Pimp\Start Menu\Programs\Startup\ta_start.lnk C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fCOe C:\Temp\fCOe\tOasF.log C:\temp\tn3 C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67 C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe C:\WINDOWS\system32\cxqjuoag.exe C:\WINDOWS\system32\dpugmgjl.exe C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\kilitjkb.dllbox C:\WINDOWS\system32\oTt02e C:\WINDOWS\system32\oTt02e\oTt02e1065.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\xbeeg.bak2 C:\WINDOWS\system32\xbeeg.ini C:\WINDOWS\system32\xxyxwuu.dll C:\WINDOWS\system32\xxyxxya.dll C:\WINDOWS\tsitra1000106.exe C:\WINDOWS\TTC-4444.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\core -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-13 22:29 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 21:34 80,448 --a------ C:\WINDOWS\system32\vakblnxg.dll 2007-11-13 21:28 89,664 --a------ C:\WINDOWS\system32\ldfixrql.dll 2007-11-13 21:22 71,232 --a------ C:\WINDOWS\system32\qfpnojkb.exe 2007-11-12 15:12 81,472 --a------ C:\WINDOWS\system32\gghjwdyj.dll 2007-11-12 15:10 89,664 --a------ C:\WINDOWS\system32\mebhqppl.dll 2007-11-12 15:04 71,232 --a------ C:\WINDOWS\system32\uywreggn.exe 2007-11-11 21:13 <DIR> d-------- C:\Program Files\Alwil Software 2007-11-11 19:49 <DIR> d-------- C:\Program Files\UPHClean 2007-11-11 18:47 <DIR> d-------- C:\Program Files\RogueRemover FREE 2007-11-10 23:21 81,472 --a------ C:\WINDOWS\system32\ffojbjgl.dll 2007-11-10 23:15 71,232 --a------ C:\WINDOWS\system32\fotebmsd.exe 2007-11-10 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-10 20:31 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-07 21:29 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2007-11-06 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-06 22:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-06 00:13 81,472 --a------ C:\WINDOWS\system32\hdygkjre.dll 2007-11-05 23:12 3,870 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-05 00:02 340,032 --a------ C:\WINDOWS\system32\kilitjkb.dll 2007-11-05 00:02 340,032 --a------ C:\WINDOWS\system32\ccwltkiu.dll 2007-10-20 14:23 507,147 --a------ C:\Temp\cilo.exe 2007-10-20 14:19 <DIR> d--hs---- C:\WINDOWS\TW9iaWxlIFBpbXA 2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\od2 2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\ib1 2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\cp1 2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\bo2 2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\ap1 2007-10-20 14:17 <DIR> d-------- C:\Temp 2007-10-20 14:17 <DIR> d-------- C:\Program Files\WinUpdater . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 03:08 --------- d-----w C:\Program Files\SpywareBlaster 2007-11-14 03:08 --------- d-----w C:\Program Files\Logitech 2007-11-14 03:08 --------- d-----w C:\Program Files\Lavasoft 2007-11-14 03:08 --------- d-----w C:\Program Files\Common Files\Real 2007-11-14 03:08 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-14 03:08 --------- d-----w C:\Documents and Settings\Mobile Pimp\Application Data\uTorrent 2007-11-14 03:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-14 03:07 --------- d-----w C:\Program Files\LimeWire 2007-11-07 04:24 --------- d-----w C:\Documents and Settings\Mobile Pimp\Application Data\Lavasoft 2007-11-06 03:44 --------- d-----w C:\Program Files\XoftSpy 2007-09-25 03:32 --------- d-----w C:\Program Files\ASA 2007-08-25 22:26 29,592 ----a-w C:\Documents and Settings\Mobile Pimp\Application Data\GDIPFONTCACHEV1.DAT 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TW9iaWxlIFBpbXA\nq62uqU5KI1DvrE.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D887A9A-56E9-44C8-BBB3-1BCE19771E1B}] C:\Program Files\Messenger\lafune.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dd20c28-751b-4a1d-a242-12fd0bef19a2}] 2007-11-13 21:34 80448 --a------ C:\WINDOWS\system32\vakblnxg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-05 00:02 340032 --a------ C:\WINDOWS\system32\kilitjkb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\kilitjkb.dll [2007-11-05 00:02 340032] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 04:04] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-07-07 18:25] "NDSTray.exe"="NDSTray.exe" [] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45] "ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39] "Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 15:59] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-19 19:44] "CFSServ.exe"="CFSServ.exe" [] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 16:54] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] "d03245e7"="C:\WINDOWS\system32\ldfixrql.dll" [2007-11-13 21:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-09-26 17:37] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-07-05 07:29] "WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-09-28 05:08] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kilitjkb] kilitjkb.dll 2007-11-05 00:02 340032 C:\WINDOWS\system32\kilitjkb.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebx.dll . Contents of the 'Scheduled Tasks' folder "2006-02-03 22:46:44 C:\WINDOWS\Tasks\XoftSpy.job" - C:\Program Files\XoftSpy\XoftSpy.exe "2007-11-14 04:24:59 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-11 01:32:16 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 23:26:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 23:33:48 - machine was rebooted . --- E O F ---
  23. I tried the MRT and it says no problem with malware...ugh I want to pull what little hair I have out...lol oh and I did a windows update.... would it be easier or better to do a system registry recovery?
  24. My new updated one...... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:03 PM, on 11/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apntex.exe C:\toshiba\ivp\ism\pinger.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Program Files\UPHClean\uphclean.exe C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - C:\WINDOWS\system32\xxyxwuu.dll O2 - BHO: 0 - {2D887A9A-56E9-44C8-BBB3-1BCE19771E1B} - C:\Program Files\Messenger\lafune.dll (file missing) O2 - BHO: (no name) - {4AE06038-A98C-449D-BB0E-E2C8193F8C06} - C:\WINDOWS\system32\geebx.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5D6A0055-3CB7-4DE1-8823-85A2ADCCB7A0} - C:\Program Files\Windows Media Player\hose4444.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll O2 - BHO: (no name) - {E31BDE0D-69E0-4C7A-ADD2-998E66991F2E} - C:\Program Files\Windows Media Player\hose83122.dll O2 - BHO: {a94375d3-6cc1-59b9-e144-423d2cdba15f} - {f51abdc2-d324-441e-9b95-1cc63d57349a} - C:\WINDOWS\system32\ffojbjgl.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [{24-45-54-48-ZN}] C:\DOCUME~1\MOBILE~1\LOCALS~1\Temp\thinksnet.exe CHD003 O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\kvtuefto.dll",b O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Mobile Pimp\Local Settings\Temp\thinksnet.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92 O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll O20 - Winlogon Notify: xxyxwuu - C:\WINDOWS\SYSTEM32\xxyxwuu.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10514 bytes
×
×
  • Create New...