famdoc

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About famdoc

  • Rank
    Newbie
  1. Thanks for the reply. When I do the above, the regcs.bat file, the resultant file is empty. Am I missing a step?
  2. I run Adaware SE fullscan and it brings up the win32.trojandownloader.zlob and win32.trojan.downlaodrer.zlob. It repairs, but the trojan returns after the scan or restart. Is there a complete solution? Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, July 23, 2007 6:29:11 PM Using definitions file:SE1R182 23.07.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Move deleted files to Recycle Bin Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Automatically check all objects in results lists Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects :29:11 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1396 ThreadCreationTime : :31:19 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1464 ThreadCreationTime : :31:24 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1492 ThreadCreationTime : :31:30 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1536 ThreadCreationTime : :31:31 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1548 ThreadCreationTime : :31:31 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1720 ThreadCreationTime : :31:33 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1768 ThreadCreationTime : :31:33 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 276 ThreadCreationTime : :31:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 380 ThreadCreationTime : :31:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 776 ThreadCreationTime : :31:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsvchst.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 868 ThreadCreationTime : :31:36 AM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec Service Framework InternalName : ccSvcHst LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccSvcHst.exe #:12 [appsvc32.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\ ProcessID : 1088 ThreadCreationTime : :31:41 AM BasePriority : Normal FileVersion : 1.0.00.101 ProductVersion : 1.0 ProductName : Symantec Application Core CompanyName : Symantec Corporation FileDescription : Symantec Application Core Service InternalName : AppSvc32 LegalCopyright : Copyright © Symantec Corporation OriginalFilename : AppSvc32.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1312 ThreadCreationTime : :31:41 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [lvprcsrv.exe] FilePath : c:\program files\common files\logishrd\lvmvfm\ ProcessID : 1392 ThreadCreationTime : :31:42 AM BasePriority : Normal FileVersion : 10.5.1.2027 ProductVersion : 10.5.1.2027 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : Logitech LVPrcSrv Module. InternalName : LVPrcSrv.exe LegalCopyright : © Logitech. All rights reserved. OriginalFilename : LVPrcSrv.exe #:15 [applemobiledeviceservice.exe] FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\ ProcessID : 240 ThreadCreationTime : :31:48 AM BasePriority : Normal FileVersion : 1, 12, 0, 0 ProductVersion : 1, 12, 0, 0 ProductName : Apple Mobile Device Service CompanyName : Apple, Inc. FileDescription : Apple Mobile Device Service InternalName : usbaapld LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved. OriginalFilename : usbmuxd.exe #:16 [aluschedulersvc.exe] FilePath : C:\Program Files\Symantec\LiveUpdate\ ProcessID : 268 ThreadCreationTime : :31:48 AM BasePriority : Normal FileVersion : 3.1.0.99 ProductVersion : 3.1.0.99 ProductName : LiveUpdate CompanyName : Symantec Corporation FileDescription : Automatic LiveUpdate Scheduler Service InternalName : Automatic LiveUpdate Scheduler Service LegalCopyright : Copyright © Symantec Corporation OriginalFilename : ALUSchedulerSvc.exe #:17 [guard.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 356 ThreadCreationTime : :31:48 AM BasePriority : Normal FileVersion : 7, 5, 1, 22 ProductVersion : 7, 5, 1, 22 ProductName : AVG Anti-Spyware CompanyName : GRISOFT s.r.o. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2007 GRISOFT s.r.o. OriginalFilename : guard.exe #:18 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 400 ThreadCreationTime : :31:49 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:19 [ctsvccda.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 416 ThreadCreationTime : :31:49 AM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:20 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 492 ThreadCreationTime : :31:49 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:21 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : :31:49 AM BasePriority : Normal FileVersion : 6.14.10.7777 ProductVersion : 6.14.10.7777 ProductName : NVIDIA Driver Helper Service, Version 77.77 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 77.77 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:22 [tcpsvcs.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1512 ThreadCreationTime : :31:52 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : TCP/IP Services Application InternalName : TCPSVCS.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : TCPSVCS.EXE #:23 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1844 ThreadCreationTime : :31:53 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:24 [mspmspsv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 948 ThreadCreationTime : :31:56 AM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. OriginalFilename : MSPMSPSV.EXE #:25 [wmpnetwk.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 1412 ThreadCreationTime : :31:56 AM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service InternalName : Windows Media Player Network Sharing Service LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNetwk.exe #:26 [calmain.exe] FilePath : C:\Program Files\Canon\CAL\ ProcessID : 2228 ThreadCreationTime : :31:58 AM BasePriority : Normal FileVersion : 8, 1, 0, 14 ProductVersion : 8, 1, 0, 14 CompanyName : Canon Inc. FileDescription : Canon Camera Access Library 8 LegalCopyright : Copyright © Canon Inc. OriginalFilename : CALMAIN.exe #:27 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3076 ThreadCreationTime : :32:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:28 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3232 ThreadCreationTime : :38:53 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:29 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 3148 ThreadCreationTime : :40:35 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:30 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1128 ThreadCreationTime : :40:48 AM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:31 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 4068 ThreadCreationTime : :40:52 AM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:32 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 1064 ThreadCreationTime : :40:55 AM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright © ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:33 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 3836 ThreadCreationTime : :40:56 AM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:34 [watchdog.exe] FilePath : C:\Program Files\mobile PhoneTools\ ProcessID : 668 ThreadCreationTime : :40:58 AM BasePriority : Normal #:35 [e_s0hic1.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ProcessID : 680 ThreadCreationTime : :40:58 AM BasePriority : Normal FileVersion : 3.02 ProductVersion : 3.02 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S0HIC1 LegalCopyright : Copyright © SEIKO EPSON CORP. 2003 OriginalFilename : E_S0HIC1.EXE #:36 [ad-watch.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\ ProcessID : 1516 ThreadCreationTime : :41:02 AM BasePriority : Normal FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : Team Lavasoft OriginalFilename : Ad-Watch.exe #:37 [wcescomm.exe] FilePath : C:\Program Files\Microsoft ActiveSync\ ProcessID : 592 ThreadCreationTime : :41:04 AM BasePriority : Normal FileVersion : 4.5.5096.0 ProductVersion : 4.5.5096 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync Connection Manager InternalName : wcescomm LegalCopyright : Copyright © Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:38 [wmpnscfg.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 3360 ThreadCreationTime : :41:06 AM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service Configuration Application LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNSCFG.EXE #:39 [rapimgr.exe] FilePath : C:\PROGRA~1\MI3AA1~1\ ProcessID : 936 ThreadCreationTime : :41:18 AM BasePriority : Normal FileVersion : 4.5.5096.0 ProductVersion : 4.5.5096 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync RAPI Manager InternalName : rapimgr LegalCopyright : Copyright © Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : rapimgr.exe #:40 [ipodservice.exe] FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\ ProcessID : 4064 ThreadCreationTime : :41:18 AM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:41 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 1268 ThreadCreationTime : :43:13 AM BasePriority : Normal FileVersion : 7.00.5730.7 (winmain(wmbla).) ProductVersion : 7.00.5730.7 ProductName : Windows® Internet Explorer CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:42 [m3srchmn.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ProcessID : 3424 ThreadCreationTime : :43:15 AM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 2, 1, 60, 0 ProductName : My Web Search Bar for Internet Explorer and FireFox CompanyName : MyWebSearch.com FileDescription : MyWebSearch SearchScope Monitor InternalName : m3SrchMn LegalCopyright : Copyright © 2006, 2007 OriginalFilename : m3SrchMn.exe #:43 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3784 ThreadCreationTime : :10:43 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:44 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2420 ThreadCreationTime : :11:01 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:45 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 3816 ThreadCreationTime : :21:11 AM BasePriority : Normal #:46 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\ ProcessID : 3124 ThreadCreationTime : :25:49 AM BasePriority : Normal FileVersion : 6.2.0.238 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:47 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 572 ThreadCreationTime : :26:04 AM BasePriority : Normal Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a6acae64-f-ad86-bd3fb32038db} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 1 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 6:31:22 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:11.79 Objects scanned: Objects identified:1 Objects ignored:0 New critical objects:1 Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, July 23, 2007 2:41:37 PM Using definitions file:SE1R182 23.07.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Automatically check all objects in results lists Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects :41:37 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1388 ThreadCreationTime : :18:08 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1460 ThreadCreationTime : :18:13 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1488 ThreadCreationTime : :18:18 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1532 ThreadCreationTime : :18:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1544 ThreadCreationTime : :18:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1712 ThreadCreationTime : :18:22 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1764 ThreadCreationTime : :18:22 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 272 ThreadCreationTime : :18:22 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 360 ThreadCreationTime : :18:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 688 ThreadCreationTime : :18:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsvchst.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 808 ThreadCreationTime : :18:23 AM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec Service Framework InternalName : ccSvcHst LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccSvcHst.exe #:12 [appsvc32.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\ ProcessID : 1028 ThreadCreationTime : :18:27 AM BasePriority : Normal FileVersion : 1.0.00.101 ProductVersion : 1.0 ProductName : Symantec Application Core CompanyName : Symantec Corporation FileDescription : Symantec Application Core Service InternalName : AppSvc32 LegalCopyright : Copyright © Symantec Corporation OriginalFilename : AppSvc32.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1336 ThreadCreationTime : :18:32 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [lvprcsrv.exe] FilePath : c:\program files\common files\logishrd\lvmvfm\ ProcessID : 1452 ThreadCreationTime : :18:33 AM BasePriority : Normal FileVersion : 10.5.1.2027 ProductVersion : 10.5.1.2027 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : Logitech LVPrcSrv Module. InternalName : LVPrcSrv.exe LegalCopyright : © Logitech. All rights reserved. OriginalFilename : LVPrcSrv.exe #:15 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 520 ThreadCreationTime : :18:36 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [applemobiledeviceservice.exe] FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\ ProcessID : 764 ThreadCreationTime : :18:40 AM BasePriority : Normal FileVersion : 1, 12, 0, 0 ProductVersion : 1, 12, 0, 0 ProductName : Apple Mobile Device Service CompanyName : Apple, Inc. FileDescription : Apple Mobile Device Service InternalName : usbaapld LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved. OriginalFilename : usbmuxd.exe #:17 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : :18:40 AM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:18 [aluschedulersvc.exe] FilePath : C:\Program Files\Symantec\LiveUpdate\ ProcessID : 820 ThreadCreationTime : :18:40 AM BasePriority : Normal FileVersion : 3.1.0.99 ProductVersion : 3.1.0.99 ProductName : LiveUpdate CompanyName : Symantec Corporation FileDescription : Automatic LiveUpdate Scheduler Service InternalName : Automatic LiveUpdate Scheduler Service LegalCopyright : Copyright © Symantec Corporation OriginalFilename : ALUSchedulerSvc.exe #:19 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 892 ThreadCreationTime : :18:41 AM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:20 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 1852 ThreadCreationTime : :18:41 AM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright © ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:21 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 1860 ThreadCreationTime : :18:41 AM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:22 [watchdog.exe] FilePath : C:\Program Files\mobile PhoneTools\ ProcessID : 1952 ThreadCreationTime : :18:42 AM BasePriority : Normal #:23 [e_s0hic1.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ProcessID : 1588 ThreadCreationTime : :18:42 AM BasePriority : Normal FileVersion : 3.02 ProductVersion : 3.02 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S0HIC1 LegalCopyright : Copyright © SEIKO EPSON CORP. 2003 OriginalFilename : E_S0HIC1.EXE #:24 [guard.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 428 ThreadCreationTime : :18:44 AM BasePriority : Normal FileVersion : 7, 5, 1, 22 ProductVersion : 7, 5, 1, 22 ProductName : AVG Anti-Spyware CompanyName : GRISOFT s.r.o. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2007 GRISOFT s.r.o. OriginalFilename : guard.exe #:25 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 500 ThreadCreationTime : :18:44 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:26 [ctsvccda.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1152 ThreadCreationTime : :18:45 AM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:27 [ad-watch.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\ ProcessID : 644 ThreadCreationTime : :18:46 AM BasePriority : Normal FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : Team Lavasoft OriginalFilename : Ad-Watch.exe #:28 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1000 ThreadCreationTime : :18:55 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:29 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1308 ThreadCreationTime : :18:56 AM BasePriority : Normal FileVersion : 6.14.10.7777 ProductVersion : 6.14.10.7777 ProductName : NVIDIA Driver Helper Service, Version 77.77 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 77.77 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:30 [wcescomm.exe] FilePath : C:\Program Files\Microsoft ActiveSync\ ProcessID : 836 ThreadCreationTime : :19:03 AM BasePriority : Normal FileVersion : 4.5.5096.0 ProductVersion : 4.5.5096 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync Connection Manager InternalName : wcescomm LegalCopyright : Copyright © Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:31 [wmpnscfg.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 2120 ThreadCreationTime : :19:08 AM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service Configuration Application LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNSCFG.EXE #:32 [tcpsvcs.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2248 ThreadCreationTime : :19:09 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : TCP/IP Services Application InternalName : TCPSVCS.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : TCPSVCS.EXE #:33 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2428 ThreadCreationTime : :19:09 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:34 [mspmspsv.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2628 ThreadCreationTime : :19:09 AM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. OriginalFilename : MSPMSPSV.EXE #:35 [rapimgr.exe] FilePath : C:\PROGRA~1\MI3AA1~1\ ProcessID : 2640 ThreadCreationTime : :19:11 AM BasePriority : Normal FileVersion : 4.5.5096.0 ProductVersion : 4.5.5096 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync RAPI Manager InternalName : rapimgr LegalCopyright : Copyright © Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : rapimgr.exe #:36 [wmpnetwk.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 2928 ThreadCreationTime : :19:21 AM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service InternalName : Windows Media Player Network Sharing Service LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNetwk.exe #:37 [calmain.exe] FilePath : C:\Program Files\Canon\CAL\ ProcessID : 3268 ThreadCreationTime : :19:23 AM BasePriority : Normal FileVersion : 8, 1, 0, 14 ProductVersion : 8, 1, 0, 14 CompanyName : Canon Inc. FileDescription : Canon Camera Access Library 8 LegalCopyright : Copyright © Canon Inc. OriginalFilename : CALMAIN.exe #:38 [ipodservice.exe] FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\ ProcessID : 4084 ThreadCreationTime : :19:42 AM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:39 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2676 ThreadCreationTime : :19:42 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:40 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 2972 ThreadCreationTime : :19:43 AM BasePriority : Normal #:41 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 3012 ThreadCreationTime : :19:43 AM BasePriority : High #:42 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 4052 ThreadCreationTime : :19:55 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:43 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2412 ThreadCreationTime : :19:57 AM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:44 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3468 ThreadCreationTime : :19:58 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:45 [e_s0hic1.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ProcessID : 848 ThreadCreationTime : :19:58 AM BasePriority : Normal FileVersion : 3.02 ProductVersion : 3.02 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S0HIC1 LegalCopyright : Copyright © SEIKO EPSON CORP. 2003 OriginalFilename : E_S0HIC1.EXE #:46 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1144 ThreadCreationTime : :19:58 AM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:47 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 844 ThreadCreationTime : :19:59 AM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright © ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:48 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 3888 ThreadCreationTime : :19:59 AM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:49 [watchdog.exe] FilePath : C:\Program Files\mobile PhoneTools\ ProcessID : 476 ThreadCreationTime : :19:59 AM BasePriority : Normal #:50 [steam.exe] FilePath : F:\C\games\half life\ ProcessID : 3344 ThreadCreationTime : :20:00 AM BasePriority : Normal FileVersion : 1.0.0.0 ProductVersion : 1.0.0.0 ProductName : Steam CompanyName : Valve Corporation FileDescription : Steam LegalCopyright : © Copyright Valve Corporation All rights reserved. OriginalFilename : Steam.exe #:51 [mwsoemon.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\5.bin\ ProcessID : 1960 ThreadCreationTime : :20:01 AM BasePriority : Normal FileVersion : 1,2,2,4 ProductVersion : 2,0,1,0 ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients CompanyName : MyWebSearch.com FileDescription : My Web Search Plugin Loader InternalName : mwsoemon LegalCopyright : Copyright © MyWebSearch.com OriginalFilename : mwsoemon.exe #:52 [backweb-.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\ ProcessID : 3588 ThreadCreationTime : :20:03 AM BasePriority : Normal #:53 [wmpnscfg.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 264 ThreadCreationTime : :20:03 AM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service Configuration Application LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNSCFG.EXE #:54 [avgas.exe] FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 3340 ThreadCreationTime : :36:53 AM BasePriority : Normal FileVersion : 7, 5, 1, 43 ProductVersion : 7, 5, 1, 43 ProductName : AVG Anti-Spyware CompanyName : GRISOFT s.r.o. FileDescription : AVG Anti-Spyware InternalName : AVG Anti-Spyware LegalCopyright : Copyright © 2007 GRISOFT s.r.o. OriginalFilename : avgas.exe #:55 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2460 ThreadCreationTime : :23:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:56 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 5040 ThreadCreationTime : :25:47 AM BasePriority : Normal FileVersion : 1.9.1.1034 ProductVersion : 1.9.1.1034 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:57 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 4952 ThreadCreationTime : :10:49 PM BasePriority : Normal #:58 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 3396 ThreadCreationTime : :10:50 PM BasePriority : High #:59 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2776 ThreadCreationTime : :10:57 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:60 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1264 ThreadCreationTime : :10:58 PM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:61 [e_s0hic1.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ProcessID : 3816 ThreadCreationTime : :11:01 PM BasePriority : Normal FileVersion : 3.02 ProductVersion : 3.02 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S0HIC1 LegalCopyright : Copyright © SEIKO EPSON CORP. 2003 OriginalFilename : E_S0HIC1.EXE #:62 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 4240 ThreadCreationTime : :11:01 PM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:63 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 4116 ThreadCreationTime : :11:02 PM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright © ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:64 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 4972 ThreadCreationTime : :11:02 PM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:65 [watchdog.exe] FilePath : C:\Program Files\mobile PhoneTools\ ProcessID : 5860 ThreadCreationTime : :11:03 PM BasePriority : Normal #:66 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 5036 ThreadCreationTime : :11:05 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:67 [wmpnscfg.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 1056 ThreadCreationTime : :11:05 PM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service Configuration Application LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNSCFG.EXE #:68 [backweb-.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\ ProcessID : 3836 ThreadCreationTime : :11:06 PM BasePriority : Normal #:69 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 5892 ThreadCreationTime : :00:20 PM BasePriority : Normal #:70 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 8084 ThreadCreationTime : :00:20 PM BasePriority : High #:71 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 7572 ThreadCreationTime : :00:29 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:72 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 8144 ThreadCreationTime : :00:32 PM BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:73 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 5332 ThreadCreationTime : :00:33 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:74 [e_s0hic1.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ProcessID : 6844 ThreadCreationTime : :00:33 PM BasePriority : Normal FileVersion : 3.02 ProductVersion : 3.02 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S0HIC1 LegalCopyright : Copyright © SEIKO EPSON CORP. 2003 OriginalFilename : E_S0HIC1.EXE #:75 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 7440 ThreadCreationTime : :00:34 PM BasePriority : Normal FileVersion : 106.2.0.21 ProductVersion : 106.2.0.21 ProductName : Symantec Security Technologies CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:76 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 7024 ThreadCreationTime : :00:34 PM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright © ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:77 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 7980 ThreadCreationTime : :00:35 PM BasePriority : Normal FileVersion : 7.2.0.35 ProductVersion : 7.2.0.35 ProductName : iTunes CompanyName : Apple Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © Apple Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:78 [watchdog.exe] FilePath : C:\Program Files\mobile PhoneTools\ ProcessID : 2276 ThreadCreationTime : :00:37 PM BasePriority : Normal #:79 [wmpnscfg.exe] FilePath : C:\Program Files\Windows Media Player\ ProcessID : 4688 ThreadCreationTime : :00:37 PM BasePriority : Normal FileVersion : 11.0.5721.5145 (WMP_11.) ProductVersion : 11.0.5721.5145 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Media Player Network Sharing Service Configuration Application LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WMPNSCFG.EXE #:80 [backweb-.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\ ProcessID : 7028 ThreadCreationTime : :00:38 PM BasePriority : Normal #:81 [m3srchmn.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ProcessID : 7528 ThreadCreationTime : :03:22 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 2, 1, 60, 0 ProductName : My Web Search Bar for Internet Explorer and FireFox CompanyName : MyWebSearch.com FileDescription : MyWebSearch SearchScope Monitor InternalName : m3SrchMn LegalCopyright : Copyright © 2006, 2007 OriginalFilename : m3SrchMn.exe #:82 [mwsoemon.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ProcessID : 7140 ThreadCreationTime : :03:23 PM BasePriority : Normal FileVersion : 1,2,2,4 ProductVersion : 2,0,1,0 ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients CompanyName : MyWebSearch.com FileDescription : My Web Search Plugin Loader InternalName : mwsoemon LegalCopyright : Copyright © MyWebSearch.com OriginalFilename : mwsoemon.exe #:83 [m3impipe.exe] FilePath : C:\Program Files\MyWebSearch\bar\1.bin\ ProcessID : 6448 ThreadCreationTime : :03:23 PM BasePriority : Normal FileVersion : 1, 0, 4, 0 ProductVersion : 2, 0, 5, 0 ProductName : My Web Search Community Tools CompanyName : MyWebSearch.com FileDescription : My Web Search Community Tools InternalName : m3IMPipe LegalCopyright : Copyright © 2001, 2002, 2003, 2004, 2005, 2006 OriginalFilename : m3IMPipe.exe #:84 [m3srchmn.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ProcessID : 6676 ThreadCreationTime : :42:16 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 2, 1, 60, 0 ProductName : My Web Search Bar for Internet Explorer and FireFox CompanyName : MyWebSearch.com FileDescription : MyWebSearch SearchScope Monitor InternalName : m3SrchMn LegalCopyright : Copyright © 2006, 2007 OriginalFilename : m3SrchMn.exe #:85 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 3312 ThreadCreationTime : :45:23 PM BasePriority : Normal #:86 [navw32.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\ ProcessID : 3956 ThreadCreationTime : :22:16 PM BasePriority : Normal FileVersion : 14.0.0.89 ProductVersion : 14.0.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Scanner Module InternalName : Navw32 LegalCopyright : Copyright © 2006 Symantec Corporation. All rights reserved. OriginalFilename : Navw32.exe #:87 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 6688 ThreadCreationTime : :27:02 PM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:88 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\ ProcessID : 8156 ThreadCreationTime : :36:13 PM BasePriority : Normal FileVersion : 6.2.0.238 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojandownloader.Zlob Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a6acae64-f-ad86-bd3fb32038db} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 1 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 2:46:43 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:06.359 Objects scanned: Objects identified:1 Objects ignored:0 New critical objects:1