Members Login
Username 
 
Password 
    Remember Me  
The Other Place -> Technical Issues -> Zlobs
Post Info TOPIC: Zlobs
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Zlobs
Permalink  

I have been trying to find a good program that wont cost me an arm and a leg.... I know I have a zlob on my laptop, but I cant get rid of the darn thing. also hello to everyone I havent talked to for awhile.

__________________

To talk without thinking is to shoot without aiming.
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

my hijack log....

Logfile of HijackThis v1.99.1
Scan saved at 11:36:38 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
C:\WINDOWS\system32\fotebmsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mobile Pimp\My Documents\Anti-Malware Lite\Anti-Malware Lite\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{24-45-54-48-ZN}] C:\DOCUME~1\MOBILE~1\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\kvtuefto.dll",b
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Mobile Pimp\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



__________________

To talk without thinking is to shoot without aiming.
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

Photo, try this:
Back-up your regestry!!--save it in "my documents" or to a "pen-drive".

Step 1 : Use Windows File Search Tool to Find Zlob Path

  1. Go to Start > Search > All Files or Folders.
  2. In the "All or part of the the file name" section, type in "Zlob" file name(s).
  3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
  4. When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps.

Step 2 : Use Windows Task Manager to Remove Zlob Processes

  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the "Image Name" button to search for "Zlob" process by name.
  3. Select the "Zlob" process and click on the "End Process" button to kill it.
  4. Remove the "Zlob" processes files:

msmsgs.exe
nvctrl.exe
msmsgs.exe
nvctrl.exe

Step 3 : Use Registry Editor to Remove Zlob Registry Values

  1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
  2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
  3. To delete "Zlob" value, right-click on it and select the "Delete" option.
  4. Locate and delete "Zlob" registry entries:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe,  msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe

Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
  2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
  3. To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
  4. Search and unregister "Zlob" DLL files:

uimcu.dll
antzozc.dll
dtjby.dll

Step 5 : Detect and Delete Other Zlob Files

  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
  2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
  3. To change directory, type in "cd name_of_the_folder".
  4. Once you have the file you're looking for type in "del name_of_the_file".
  5. To delete a file in folder, type in "del name_of_the_file".
  6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
  7. Select the "Zlob" process and click on the "End Process" button to kill it.
  8. Remove the "Zlob" processes files:

uimcu.dll
antzozc.dll
dtjby.dll
dumpserv.com
zxserv0.com
vnp7s.net
Protect
RSA
ncompat.tlb
msvol.tlb
hp[X].tmp
msmsgs.exe
dumpserv.com nvctrl.exe
zxserv0.com
vnp7s.net
%UserProfile%\Application Data\Microsoft\Protect
%UserProfile%\Application Data\Microsoft\Crypto\RSA
ncompat.tlb
msvol.tlb
hp[X].tmp

Run "defrag" and reboot your computer.

Here is Symantec's reccomendations:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99&tabid=3

You can also go here and post your problem:
http://forum.mechcom.net/phpBB2/

GOOD LUCK!!!! smile



__________________

"All you need is love"
The Beatles
Straight Up


Beer please

Status: Offline
Posts: 1945
Date:
Permalink  

Maybe this thread might afford you a solution ..... lots of good programs listed in it ....
if you use Kaspersky WebScanner .... make sure nothing interrupts it or you might loose everything ....

http://sparkysplace.activeboard.com/forum.spark?forumID=113298&p=3&topicID=13550150

__________________

Straight Up ...
mavriktu


Spicy Hot

Status: Offline
Posts: 169
Date:
Permalink  

A zlob onyour laptop????,have you tried an alcohol wipe??ashamed

__________________
GROWING OLD IS MANDATORY---GROWING UP IS AN OPTION...
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Thanks Wood....I will have to try it when I get back from the football game....

__________________

To talk without thinking is to shoot without aiming.
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

Photogrrlz wrote:

Thanks Wood....I will have to try it when I get back from the football game....


NP! Also try what was suggested on Lunarsoft, I had forgotten about the removal tool that Windows has!
Go to "run" and type  mrt



__________________

"All you need is love"
The Beatles
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

what would happen if I just boot the old registry that was saved..

__________________

To talk without thinking is to shoot without aiming.
KatScratch


Bad kitty....in the best possible way

Status: Offline
Posts: 4186
Date:
Permalink  

PRINT THIS IF YOU NEED TO.....

Turn off system restore first. ( http://support.mechling.com/computer/systemrestore.html )

then download AVG Free & Adaware SE by Lavasoft. Install them both (don't run any scans yet). Update them both.

Disconnect your network cable.....run AVG first.....it will find and remove the trojans and virus. If it asks you to reboot afterward, do so.....

When it reboots, run the Adaware Se program.....delete all the shit it finds....

Reboot....as your PC is rebooting....start tappin the F8 key and boot into safe mode.....run the adaware scan and virus scan again while in safe mode....

After all is done, you should be virus free.....Invest in a good AV or you will get it back w/in a week!

Oh, and you should turn system restore back on too and create a clean point.....you might need it later. :sad:

http://support.mechling.com/

Good luck...I've been makin big $$$$$ on this little bugger for almost a year!

__________________
And your point is???? Don't have one? Well then shut up and I'll give you one!
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

Kat is right, I didn't even think about adaware!
It's alot easier to let the software dig thru the registry!!
Sorry if I got you confused with way too much info!

__________________

"All you need is love"
The Beatles
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

So what would happen back for a registry?

__________________

To talk without thinking is to shoot without aiming.
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Ran a combofix....we will see how that goes

__________________

To talk without thinking is to shoot without aiming.
entre new


Et tu, Brute?

Status: Offline
Posts: 2346
Date:
Permalink  

What is a zlob?

__________________
So make the best of this test, and don't ask why. It's not a question, but a lesson learned in time. - Green Day
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

Photogrrlz wrote:

So what would happen back for a registry?


confused 



__________________

"All you need is love"
The Beatles
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

entre new wrote:

What is a zlob?


Read this:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99

They say the risk is very low, it is extremely annoying and a MAJOR pain!!



__________________

"All you need is love"
The Beatles
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

well I meant a system restore....

__________________

To talk without thinking is to shoot without aiming.
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

A syatem restore might be infected also, that's why Kat said to shut off system restore.

__________________

"All you need is love"
The Beatles
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Okay I did some scans, but here is some logfile info I got from the adware.... Here are some details of zlobs...

Name:Virtumonde
Category:Malware
Object Type:File
Size:34304 Bytes
Location:C:\qoobox\Quarantine\C\WINDOWS\system32\xxyxxya.dll.vir
Last Activity:11-17-2007 1:11:12 AM
Relevance:Low
TAC index:10
Comment:
Description:Virtumonde may cause system instability, auto updates and opens unsolicited websites. No uninstaller. Bundled install that is undisclosed.There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed.


Name:Win32.Trojandownloader.Zlob
Category:Malware
Object Type:File
Size:20480 Bytes
Location:c:\system volume information\tracking.log
Last Activity:11-17-2007 12:47:24 AM
Relevance:Low
TAC index:10
Comment:
Description:Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloads other applications such as SpyDawn and other rogue anti-spyware software.

__________________

To talk without thinking is to shoot without aiming.
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Here is a quick scan....

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 16, 2007 7:43:28 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R202 12.11.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
Win32.Trojandownloader.Zlob(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-16-2007 7:43:28 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 11-17-2007 12:41:00 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 196
ThreadCreationTime : 11-17-2007 12:41:12 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 220
ThreadCreationTime : 11-17-2007 12:41:14 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 11-17-2007 12:41:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 276
ThreadCreationTime : 11-17-2007 12:41:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 11-17-2007 12:41:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 11-17-2007 12:41:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 11-17-2007 12:41:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 816
ThreadCreationTime : 11-17-2007 12:41:57 AM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1164
ThreadCreationTime : 11-17-2007 12:43:04 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "{11a69ae4-fbed-4832-a2bf-45af82825583}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {11a69ae4-fbed-4832-a2bf-45af82825583}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4



MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator
ecent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\microsoft management console
ecent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\applets
egedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2830030001-2813528681-1042858952-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : Online Security Guide.lnk
TAC Rating : 10
Category : Malware
Comment :
Object : c:\documents and settings\all users\start menu\



Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : tracking.log
TAC Rating : 10
Category : Malware
Comment :
Object : c:\system volume information\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 14

7:47:24 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:56.344
Objects scanned:94418
Objects identified:6
Objects ignored:0
New critical objects:6

__________________

To talk without thinking is to shoot without aiming.
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

After the scan finishes, it will show the files in red. Click next, the next screen is "tabbed" on "scan summary", put a check in all boxes, and click on next, it'll ask if you want to remove them, OK, the next screen will have the quarrantined list on it, check the box and delete the quarrantined files, make sure they are not put into the recycle bin.
Run the scan in safe mode also.

__________________

"All you need is love"
The Beatles
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Did it to both, lets see how it takes to see if it worked....

__________________

To talk without thinking is to shoot without aiming.
Photogrrlz


Buttercup Groupie

Status: Offline
Posts: 5322
Date:
Permalink  

Here is my new hijack log after that...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11, on 2007-11-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mobile Pimp\Desktop\Anti-Malware Professional\HJThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2a91feb0-df21-242a-d1a4-b15782c02dd8} - {8dd20c28-751b-4a1d-a242-12fd0bef19a2} - C:\WINDOWS\system32\vakblnxg.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kilitjkb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kilitjkb.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4294EBA-13BB-43BC-BAC8-C75ECD10A6C8}: NameServer = 68.28.146.92 68.28.154.92
O20 - Winlogon Notify: kilitjkb - C:\WINDOWS\SYSTEM32\kilitjkb.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Unknown owner - C:\Program Files\GhostSurf 2005\DeleteSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10043 bytes


__________________

To talk without thinking is to shoot without aiming.
woodbutcher


Giggidy, giggidy, gig-gi-dy!

Status: Offline
Posts: 3123
Date:
Permalink  

What does the Adaware log say after the scan in safe-mode?
There shouldn't be any "recognised objects".

__________________

"All you need is love"
The Beatles
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
The Other Place -> Technical Issues -> Zlobs
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard