Jump to content

Photogrrlz

Member
  • Posts

    44
  • Joined

  • Last visited

Posts posted by Photogrrlz

  1. okay I did a avg scan and adaware scan in normal mode and safe mode. I made a new hijack log in normal mode...

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 22:11, on 2007-11-17

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ACS.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\ltmoh\Ltmoh.exe

    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\Program Files\EzButton\EzButton.EXE

    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    C:\WINDOWS\System32\ZoomingHook.exe

    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\hkcmd.exe

    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    C:\toshiba\ivp\ism\pinger.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\NCLAUNCH.EXe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\ZoneLabs\isafe.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll (file missing)

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll

    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92

    O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --

    End of file - 10043 bytes

  2. Sorry, I meant Qoobox.

    You right click on a file and choose Unlocker, it tells you what file(s) are using that file and allows you to unlock and move/delete/etc.

    It looks like Ad-Aware was able to remove them all.

    They always come right back after removing them....

  3. Yeah, safe mode should definitely help.

    You may also wish to try Unlocker to unhook and delete the files.

    which files can I get rid of....

    also, I cant connect to internet in safe mode :(

    I beleive I need to get rid of Win32.Trojandownloader.Zlob but no clue....I did a google on it

  4. Sadly no they arent going away....it gets deleted I do another scan and its back....just like the combo fix....

    Was Ad-Aware able to successfully able to remove the malware found?

    Also, you may want to flush your System Restore since it finds malware there. To do this, do as follows:

    • My Computer
    • Right click C: and click Properties
    • Click Disk Cleanup
    • Click the More Options tab
    • Under System Restore click Clean up...
    • Click OK to finish

    You can also safely delete the Qoofix folder in your C: drive.

  5. Here is a quick scan....

    Ad-Aware SE Build 1.06r1

    Logfile Created on:Friday, November 16, 2007 7:43:28 PM

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R202 12.11.2007

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    MRU List(TAC index:0):8 total references

    Win32.Trojandownloader.Zlob(TAC index:10):6 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings

    ===========================

    Set : Search for negligible risk entries

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

    11-16-2007 7:43:28 PM - Scan started. (Smart mode)

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 148

    ThreadCreationTime : 11-17-2007 12:41:00 AM

    BasePriority : Normal

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 196

    ThreadCreationTime : 11-17-2007 12:41:12 AM

    BasePriority : Normal

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 220

    ThreadCreationTime : 11-17-2007 12:41:14 AM

    BasePriority : High

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 264

    ThreadCreationTime : 11-17-2007 12:41:20 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Services and Controller app

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : services.exe

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 276

    ThreadCreationTime : 11-17-2007 12:41:20 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

    #:6 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 424

    ThreadCreationTime : 11-17-2007 12:41:23 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 488

    ThreadCreationTime : 11-17-2007 12:41:26 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 596

    ThreadCreationTime : 11-17-2007 12:41:30 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:9 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 816

    ThreadCreationTime : 11-17-2007 12:41:57 AM

    BasePriority : Normal

    FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)

    ProductVersion : 6.00.2900.3156

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows Explorer

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : EXPLORER.EXE

    #:10 [ad-aware.exe]

    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 1164

    ThreadCreationTime : 11-17-2007 12:43:04 AM

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : RegValue

    Data :

    TAC Rating : 10

    Category : Malware

    Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}"

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\internet explorer\toolbar

    Value : {11a69ae4-fbed-4832-a2bf-45af82825583}

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 4

    Objects found so far: 4

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 4

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 4

    Deep scanning and examining files...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 4

    Disk Scan Result for C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 4

    Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 4

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    1 entries scanned.

    New critical objects:0

    Objects found so far: 4

    MRU List Object Recognized!

    Location: : C:\Documents and Settings\Administrator\recent

    Description : list of recently opened documents

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\microsoft management console\recent file list

    Description : list of recent snap-ins used in the microsoft management console

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\applets\regedit

    Description : last key accessed using the microsoft registry editor

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened

    MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

    MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : File

    Data : Online Security Guide.lnk

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : c:\documents and settings\all users\start menu\

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : File

    Data : tracking.log

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : c:\system volume information\

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 2

    Objects found so far: 14

    7:47:24 PM Scan Complete

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:03:56.344

    Objects scanned:94418

    Objects identified:6

    Objects ignored:0

    New critical objects:6

  6. Here is a full scan...

    Ad-Aware SE Build 1.06r1

    Logfile Created on:Friday, November 16, 2007 7:58:17 PM

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R202 12.11.2007

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    MRU List(TAC index:0):2 total references

    Tracking Cookie(TAC index:3):7 total references

    Virtumonde(TAC index:10):7 total references

    Win32.TrojanDownloader.Agent(TAC index:10):2 total references

    Win32.Trojandownloader.Zlob(TAC index:10):5 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings

    ===========================

    Set : Search for negligible risk entries

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

    11-16-2007 7:58:17 PM - Scan started. (Full System Scan)

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!

    Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 148

    ThreadCreationTime : 11-17-2007 12:41:00 AM

    BasePriority : Normal

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 196

    ThreadCreationTime : 11-17-2007 12:41:12 AM

    BasePriority : Normal

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 220

    ThreadCreationTime : 11-17-2007 12:41:14 AM

    BasePriority : High

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 264

    ThreadCreationTime : 11-17-2007 12:41:20 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Services and Controller app

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : services.exe

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 276

    ThreadCreationTime : 11-17-2007 12:41:20 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

    #:6 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 424

    ThreadCreationTime : 11-17-2007 12:41:23 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 488

    ThreadCreationTime : 11-17-2007 12:41:26 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 596

    ThreadCreationTime : 11-17-2007 12:41:30 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:9 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 816

    ThreadCreationTime : 11-17-2007 12:41:57 AM

    BasePriority : Normal

    FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)

    ProductVersion : 6.00.2900.3156

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows Explorer

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : EXPLORER.EXE

    #:10 [ad-aware.exe]

    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 1164

    ThreadCreationTime : 11-17-2007 12:43:04 AM

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

    #:11 [iexplore.exe]

    FilePath : C:\Program Files\Internet Explorer\

    ProcessID : 1700

    ThreadCreationTime : 11-17-2007 12:57:51 AM

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Internet Explorer

    InternalName : iexplore

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : IEXPLORE.EXE

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 2

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : RegValue

    Data :

    TAC Rating : 10

    Category : Malware

    Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}"

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\internet explorer\toolbar

    Value : {11a69ae4-fbed-4832-a2bf-45af82825583}

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 4

    Objects found so far: 6

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 6

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 6

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@ad.yieldmanager[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@adrevolver[3].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@advertising[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@atdmt[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@doubleclick[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@fastclick[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : guest@realmedia[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment :

    Value : C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt

    Virtumonde Object Recognized!

    Type : File

    Data : geebx.dll.vir

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\qoobox\Quarantine\C\WINDOWS\system32\

    Virtumonde Object Recognized!

    Type : File

    Data : xxyxwuu.dll.vir

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\qoobox\Quarantine\C\WINDOWS\system32\

    Virtumonde Object Recognized!

    Type : File

    Data : xxyxxya.dll.vir

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\qoobox\Quarantine\C\WINDOWS\system32\

    Win32.TrojanDownloader.Agent Object Recognized!

    Type : File

    Data : tsitra1000106.exe.vir

    TAC Rating : 10

    Category : Virus

    Comment :

    Object : C:\qoobox\Quarantine\C\WINDOWS\

    FileVersion : 0, 0, 0, 0

    ProductVersion : 0, 0, 0, 0

    Win32.TrojanDownloader.Agent Object Recognized!

    Type : File

    Data : A0114879.exe

    TAC Rating : 10

    Category : Virus

    Comment :

    Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\

    FileVersion : 0, 0, 0, 0

    ProductVersion : 0, 0, 0, 0

    Virtumonde Object Recognized!

    Type : File

    Data : A0114882.dll

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\

    Virtumonde Object Recognized!

    Type : File

    Data : A0114888.dll

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\

    Virtumonde Object Recognized!

    Type : File

    Data : A0114889.dll

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP218\

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 21

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    1 entries scanned.

    New critical objects:0

    Objects found so far: 21

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : File

    Data : Online Security Guide.lnk

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : c:\documents and settings\all users\start menu\

    Virtumonde Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\jkwslist

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 2

    Objects found so far: 23

    8:23:21 PM Scan Complete

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:25:03.875

    Objects scanned:182239

    Objects identified:21

    Objects ignored:0

    New critical objects:21

  7. Okay I did some scans, but here is some logfile info I got from the adware.... Here are some details of zlobs...

    Name:Virtumonde

    Category:Malware

    Object Type:File

    Size:34304 Bytes

    Location:C:\qoobox\Quarantine\C\WINDOWS\system32\xxyxxya.dll.vir

    Last Activity:11-17-2007 1:11:12 AM

    Relevance:Low

    TAC index:10

    Comment:

    Description:Virtumonde may cause system instability, auto updates and opens unsolicited websites. No uninstaller. Bundled install that is undisclosed.There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed.

    Name:Win32.Trojandownloader.Zlob

    Category:Malware

    Object Type:File

    Size:20480 Bytes

    Location:c:\system volume information\tracking.log

    Last Activity:11-17-2007 12:47:24 AM

    Relevance:Low

    TAC index:10

    Comment:

    Description:Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloads other applications such as SpyDawn and other rogue anti-spyware software.

  8. Here it is in safe mode....I havent attempted any fixes on this...

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:10, on 2007-11-15

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Safe mode

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll

    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --

    End of file - 7529 bytes

  9. Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:29:49 PM, on 11/14/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ACS.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    C:\WINDOWS\system32\svchost.exe

    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\ltmoh\Ltmoh.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\EzButton\EzButton.EXE

    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    C:\WINDOWS\System32\ZoomingHook.exe

    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\toshiba\ivp\ism\pinger.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\NCLAUNCH.EXe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe

    C:\WINDOWS\system32\ZoneLabs\isafe.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll

    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92

    O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --

    End of file - 9381 bytes

  10. Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:35:08 PM, on 11/14/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ACS.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\ltmoh\Ltmoh.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\EzButton\EzButton.EXE

    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    C:\WINDOWS\System32\ZoomingHook.exe

    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\toshiba\ivp\ism\pinger.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    C:\WINDOWS\system32\ctfmon.exe

    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    C:\WINDOWS\NCLAUNCH.EXe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\WINDOWS\system32\RAMASST.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\WINDOWS\system32\ZoneLabs\isafe.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)

    O2 - BHO: 0 - {2D887A9A-56E9-44C8-BBB3-1BCE19771E1B} - C:\Program Files\Messenger\lafune.dll (file missing)

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll

    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\ldfixrql.dll",b

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background

    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92

    O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --

    End of file - 9720 bytes

  11. I cant do the Java yet...It is offline for maintenance.... After that I will do a hijack :D

    Ok on a sidenote, when I did a combofix the caution symbol and desktop icons disappeared but it returend maybe under a half hour or so later.....

  12. Here is my Combofix log.....

    ComboFix 07-11-08.3 - Mobile Pimp 2007-11-13 22:38:39.1 - NTFSx86

    Running from: C:\Documents and Settings\Mobile Pimp\Desktop\ComboFix.exe

    * Created a new restore point

    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk

    C:\Documents and Settings\LocalService\Application Data\NetMon

    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt

    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt

    C:\Documents and Settings\Mobile Pimp\Desktop\Live Safety Center.lnk

    C:\Documents and Settings\Mobile Pimp\Desktop\Online Security Guide.lnk

    C:\Documents and Settings\Mobile Pimp\Favorites\Online Security Guide.lnk

    C:\Documents and Settings\Mobile Pimp\Start Menu\Programs\Startup\ta_start.lnk

    C:\Temp\1cb

    C:\Temp\1cb\syscheck.log

    C:\Temp\fCOe

    C:\Temp\fCOe\tOasF.log

    C:\temp\tn3

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml

    C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe

    C:\WINDOWS\system32\cxqjuoag.exe

    C:\WINDOWS\system32\dpugmgjl.exe

    C:\WINDOWS\system32\drivers\core.cache.dsk

    C:\WINDOWS\system32\drivers\core.sys

    C:\WINDOWS\system32\geebx.dll

    C:\WINDOWS\system32\kilitjkb.dllbox

    C:\WINDOWS\system32\oTt02e

    C:\WINDOWS\system32\oTt02e\oTt02e1065.exe

    C:\WINDOWS\system32\pac.txt

    C:\WINDOWS\system32\xbeeg.bak2

    C:\WINDOWS\system32\xbeeg.ini

    C:\WINDOWS\system32\xxyxwuu.dll

    C:\WINDOWS\system32\xxyxxya.dll

    C:\WINDOWS\tsitra1000106.exe

    C:\WINDOWS\TTC-4444.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\LEGACY_CORE

    -------\LEGACY_DOMAINSERVICE

    -------\core

    -------\DomainService

    ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))

    .

    2007-11-13 22:29 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-11-13 21:34 80,448 --a------ C:\WINDOWS\system32\vakblnxg.dll

    2007-11-13 21:28 89,664 --a------ C:\WINDOWS\system32\ldfixrql.dll

    2007-11-13 21:22 71,232 --a------ C:\WINDOWS\system32\qfpnojkb.exe

    2007-11-12 15:12 81,472 --a------ C:\WINDOWS\system32\gghjwdyj.dll

    2007-11-12 15:10 89,664 --a------ C:\WINDOWS\system32\mebhqppl.dll

    2007-11-12 15:04 71,232 --a------ C:\WINDOWS\system32\uywreggn.exe

    2007-11-11 21:13 <DIR> d-------- C:\Program Files\Alwil Software

    2007-11-11 19:49 <DIR> d-------- C:\Program Files\UPHClean

    2007-11-11 18:47 <DIR> d-------- C:\Program Files\RogueRemover FREE

    2007-11-10 23:21 81,472 --a------ C:\WINDOWS\system32\ffojbjgl.dll

    2007-11-10 23:15 71,232 --a------ C:\WINDOWS\system32\fotebmsd.exe

    2007-11-10 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2007-11-10 20:31 <DIR> d-------- C:\Program Files\XoftSpySE

    2007-11-07 21:29 1,152 --a------ C:\WINDOWS\system32\windrv.sys

    2007-11-06 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2007-11-06 22:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2007-11-06 00:13 81,472 --a------ C:\WINDOWS\system32\hdygkjre.dll

    2007-11-05 23:12 3,870 --a------ C:\WINDOWS\system32\tmp.reg

    2007-11-05 00:02 340,032 --a------ C:\WINDOWS\system32\kilitjkb.dll

    2007-11-05 00:02 340,032 --a------ C:\WINDOWS\system32\ccwltkiu.dll

    2007-10-20 14:23 507,147 --a------ C:\Temp\cilo.exe

    2007-10-20 14:19 <DIR> d--hs---- C:\WINDOWS\TW9iaWxlIFBpbXA

    2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\od2

    2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\ib1

    2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\cp1

    2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\bo2

    2007-10-20 14:18 <DIR> d-------- C:\WINDOWS\system32\ap1

    2007-10-20 14:17 <DIR> d-------- C:\Temp

    2007-10-20 14:17 <DIR> d-------- C:\Program Files\WinUpdater

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-11-14 03:08 --------- d-----w C:\Program Files\SpywareBlaster

    2007-11-14 03:08 --------- d-----w C:\Program Files\Logitech

    2007-11-14 03:08 --------- d-----w C:\Program Files\Lavasoft

    2007-11-14 03:08 --------- d-----w C:\Program Files\Common Files\Real

    2007-11-14 03:08 --------- d-----w C:\Program Files\Common Files\Logitech

    2007-11-14 03:08 --------- d-----w C:\Documents and Settings\Mobile Pimp\Application Data\uTorrent

    2007-11-14 03:07 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2007-11-14 03:07 --------- d-----w C:\Program Files\LimeWire

    2007-11-07 04:24 --------- d-----w C:\Documents and Settings\Mobile Pimp\Application Data\Lavasoft

    2007-11-06 03:44 --------- d-----w C:\Program Files\XoftSpy

    2007-09-25 03:32 --------- d-----w C:\Program Files\ASA

    2007-08-25 22:26 29,592 ----a-w C:\Documents and Settings\Mobile Pimp\Application Data\GDIPFONTCACHEV1.DAT

    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

    2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TW9iaWxlIFBpbXA\nq62uqU5KI1DvrE.vbs

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D887A9A-56E9-44C8-BBB3-1BCE19771E1B}]

    C:\Program Files\Messenger\lafune.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dd20c28-751b-4a1d-a242-12fd0bef19a2}]

    2007-11-13 21:34 80448 --a------ C:\WINDOWS\system32\vakblnxg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

    2007-11-05 00:02 340032 --a------ C:\WINDOWS\system32\kilitjkb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\kilitjkb.dll [2007-11-05 00:02 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14]

    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 04:04]

    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43]

    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe]

    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46]

    "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-07-07 18:25]

    "NDSTray.exe"="NDSTray.exe" []

    "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14]

    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47]

    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45]

    "ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07]

    "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10]

    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39]

    "Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 15:59]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-19 19:44]

    "CFSServ.exe"="CFSServ.exe" []

    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 16:54]

    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

    "d03245e7"="C:\WINDOWS\system32\ldfixrql.dll" [2007-11-13 21:28]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

    "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-09-26 17:37]

    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-07-05 07:29]

    "WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-09-28 05:08]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kilitjkb]

    kilitjkb.dll 2007-11-05 00:02 340032 C:\WINDOWS\system32\kilitjkb.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebx.dll

    .

    Contents of the 'Scheduled Tasks' folder

    "2006-02-03 22:46:44 C:\WINDOWS\Tasks\XoftSpy.job"

    - C:\Program Files\XoftSpy\XoftSpy.exe

    "2007-11-14 04:24:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    "2007-11-11 01:32:16 C:\WINDOWS\Tasks\XoftSpySE.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    .

    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-11-13 23:26:21

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2007-11-13 23:33:48 - machine was rebooted

    .

    --- E O F ---

  13. My new updated one......

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:17:03 PM, on 11/11/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ACS.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\ltmoh\Ltmoh.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\EzButton\EzButton.EXE

    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

    C:\WINDOWS\system32\DVDRAMSV.exe

    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    C:\WINDOWS\System32\ZoomingHook.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\toshiba\ivp\ism\pinger.exe

    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\NCLAUNCH.EXe

    C:\WINDOWS\system32\RAMASST.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe

    C:\WINDOWS\system32\ZoneLabs\isafe.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

    C:\Program Files\UPHClean\uphclean.exe

    C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midgetlink.com/t1.php

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)

    O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - C:\WINDOWS\system32\xxyxwuu.dll

    O2 - BHO: 0 - {2D887A9A-56E9-44C8-BBB3-1BCE19771E1B} - C:\Program Files\Messenger\lafune.dll (file missing)

    O2 - BHO: (no name) - {4AE06038-A98C-449D-BB0E-E2C8193F8C06} - C:\WINDOWS\system32\geebx.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: (no name) - {5D6A0055-3CB7-4DE1-8823-85A2ADCCB7A0} - C:\Program Files\Windows Media Player\hose4444.dll

    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll

    O2 - BHO: (no name) - {E31BDE0D-69E0-4C7A-ADD2-998E66991F2E} - C:\Program Files\Windows Media Player\hose83122.dll

    O2 - BHO: {a94375d3-6cc1-59b9-e144-423d2cdba15f} - {f51abdc2-d324-441e-9b95-1cc63d57349a} - C:\WINDOWS\system32\ffojbjgl.dll

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll

    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe

    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [{24-45-54-48-ZN}] C:\DOCUME~1\MOBILE~1\LOCALS~1\Temp\thinksnet.exe CHD003

    O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\kvtuefto.dll",b

    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background

    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe

    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Mobile Pimp\Local Settings\Temp\thinksnet.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92

    O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll

    O20 - Winlogon Notify: xxyxwuu - C:\WINDOWS\SYSTEM32\xxyxwuu.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: DVD-RAM_Service - Matsus***a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe

    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

    O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --

    End of file - 10514 bytes

×
×
  • Create New...