Sign in to follow this  
famdoc

Cannot Get Rid Of The Zlob Trojans

Recommended Posts

I run Adaware SE fullscan and it brings up the win32.trojandownloader.zlob and win32.trojan.downlaodrer.zlob.

It repairs, but the trojan returns after the scan or restart. Is there a complete solution?

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, July 23, 2007 6:29:11 PM

Using definitions file:SE1R182 23.07.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob(TAC index:10):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Move deleted files to Recycle Bin

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Automatically check all objects in results lists

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

:29:11 PM - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 1396

ThreadCreationTime : :31:19 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1464

ThreadCreationTime : :31:24 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1492

ThreadCreationTime : :31:30 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1536

ThreadCreationTime : :31:31 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1548

ThreadCreationTime : :31:31 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1720

ThreadCreationTime : :31:33 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1768

ThreadCreationTime : :31:33 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 276

ThreadCreationTime : :31:34 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 380

ThreadCreationTime : :31:34 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 776

ThreadCreationTime : :31:34 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsvchst.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 868

ThreadCreationTime : :31:36 AM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec Service Framework

InternalName : ccSvcHst

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccSvcHst.exe

 

#:12 [appsvc32.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\

ProcessID : 1088

ThreadCreationTime : :31:41 AM

BasePriority : Normal

FileVersion : 1.0.00.101

ProductVersion : 1.0

ProductName : Symantec Application Core

CompanyName : Symantec Corporation

FileDescription : Symantec Application Core Service

InternalName : AppSvc32

LegalCopyright : Copyright © Symantec Corporation

OriginalFilename : AppSvc32.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1312

ThreadCreationTime : :31:41 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [lvprcsrv.exe]

FilePath : c:\program files\common files\logishrd\lvmvfm\

ProcessID : 1392

ThreadCreationTime : :31:42 AM

BasePriority : Normal

FileVersion : 10.5.1.2027

ProductVersion : 10.5.1.2027

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : Logitech LVPrcSrv Module.

InternalName : LVPrcSrv.exe

LegalCopyright : © Logitech. All rights reserved.

OriginalFilename : LVPrcSrv.exe

 

#:15 [applemobiledeviceservice.exe]

FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\

ProcessID : 240

ThreadCreationTime : :31:48 AM

BasePriority : Normal

FileVersion : 1, 12, 0, 0

ProductVersion : 1, 12, 0, 0

ProductName : Apple Mobile Device Service

CompanyName : Apple, Inc.

FileDescription : Apple Mobile Device Service

InternalName : usbaapld

LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.

OriginalFilename : usbmuxd.exe

 

#:16 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 268

ThreadCreationTime : :31:48 AM

BasePriority : Normal

FileVersion : 3.1.0.99

ProductVersion : 3.1.0.99

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:17 [guard.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 356

ThreadCreationTime : :31:48 AM

BasePriority : Normal

FileVersion : 7, 5, 1, 22

ProductVersion : 7, 5, 1, 22

ProductName : AVG Anti-Spyware

CompanyName : GRISOFT s.r.o.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2007 GRISOFT s.r.o.

OriginalFilename : guard.exe

 

#:18 [cisvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 400

ThreadCreationTime : :31:49 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:19 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 416

ThreadCreationTime : :31:49 AM

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:20 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 492

ThreadCreationTime : :31:49 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:21 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 580

ThreadCreationTime : :31:49 AM

BasePriority : Normal

FileVersion : 6.14.10.7777

ProductVersion : 6.14.10.7777

ProductName : NVIDIA Driver Helper Service, Version 77.77

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 77.77

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:22 [tcpsvcs.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1512

ThreadCreationTime : :31:52 AM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : TCP/IP Services Application

InternalName : TCPSVCS.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : TCPSVCS.EXE

 

#:23 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1844

ThreadCreationTime : :31:53 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:24 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 948

ThreadCreationTime : :31:56 AM

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp.

OriginalFilename : MSPMSPSV.EXE

 

#:25 [wmpnetwk.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 1412

ThreadCreationTime : :31:56 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service

InternalName : Windows Media Player Network Sharing Service

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNetwk.exe

 

#:26 [calmain.exe]

FilePath : C:\Program Files\Canon\CAL\

ProcessID : 2228

ThreadCreationTime : :31:58 AM

BasePriority : Normal

FileVersion : 8, 1, 0, 14

ProductVersion : 8, 1, 0, 14

CompanyName : Canon Inc.

FileDescription : Canon Camera Access Library 8

LegalCopyright : Copyright © Canon Inc.

OriginalFilename : CALMAIN.exe

 

#:27 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3076

ThreadCreationTime : :32:08 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:28 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3232

ThreadCreationTime : :38:53 AM

BasePriority : Idle

FileVersion : 5.1.2600.0 (xpclient.)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cidaemon.exe

 

#:29 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3148

ThreadCreationTime : :40:35 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:30 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1128

ThreadCreationTime : :40:48 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:31 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 4068

ThreadCreationTime : :40:52 AM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:32 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 1064

ThreadCreationTime : :40:55 AM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:33 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 3836

ThreadCreationTime : :40:56 AM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:34 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 668

ThreadCreationTime : :40:58 AM

BasePriority : Normal

 

 

#:35 [e_s0hic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 680

ThreadCreationTime : :40:58 AM

BasePriority : Normal

FileVersion : 3.02

ProductVersion : 3.02

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S0HIC1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2003

OriginalFilename : E_S0HIC1.EXE

 

#:36 [ad-watch.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 1516

ThreadCreationTime : :41:02 AM

BasePriority : Normal

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:37 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ProcessID : 592

ThreadCreationTime : :41:04 AM

BasePriority : Normal

FileVersion : 4.5.5096.0

ProductVersion : 4.5.5096

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync Connection Manager

InternalName : wcescomm

LegalCopyright : Copyright © Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : WCESCOMM.EXE

 

#:38 [wmpnscfg.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 3360

ThreadCreationTime : :41:06 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:39 [rapimgr.exe]

FilePath : C:\PROGRA~1\MI3AA1~1\

ProcessID : 936

ThreadCreationTime : :41:18 AM

BasePriority : Normal

FileVersion : 4.5.5096.0

ProductVersion : 4.5.5096

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync RAPI Manager

InternalName : rapimgr

LegalCopyright : Copyright © Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : rapimgr.exe

 

#:40 [ipodservice.exe]

FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\

ProcessID : 4064

ThreadCreationTime : :41:18 AM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:41 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 1268

ThreadCreationTime : :43:13 AM

BasePriority : Normal

FileVersion : 7.00.5730.7 (winmain(wmbla).)

ProductVersion : 7.00.5730.7

ProductName : Windows® Internet Explorer

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:42 [m3srchmn.exe]

FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\

ProcessID : 3424

ThreadCreationTime : :43:15 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 2, 1, 60, 0

ProductName : My Web Search Bar for Internet Explorer and FireFox

CompanyName : MyWebSearch.com

FileDescription : MyWebSearch SearchScope Monitor

InternalName : m3SrchMn

LegalCopyright : Copyright © 2006, 2007

OriginalFilename : m3SrchMn.exe

 

#:43 [notepad.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3784

ThreadCreationTime : :10:43 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Notepad

InternalName : Notepad

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : NOTEPAD.EXE

 

#:44 [notepad.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2420

ThreadCreationTime : :11:01 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Notepad

InternalName : Notepad

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : NOTEPAD.EXE

 

#:45 [firefox.exe]

FilePath : C:\PROGRA~1\MOZILL~1\

ProcessID : 3816

ThreadCreationTime : :21:11 AM

BasePriority : Normal

 

 

#:46 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 3124

ThreadCreationTime : :25:49 AM

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:47 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 572

ThreadCreationTime : :26:04 AM

BasePriority : Normal

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{a6acae64-f-ad86-bd3fb32038db}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

6:31:22 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:02:11.79

Objects scanned:

Objects identified:1

Objects ignored:0

New critical objects:1

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, July 23, 2007 2:41:37 PM

Using definitions file:SE1R182 23.07.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob(TAC index:10):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Automatically check all objects in results lists

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

:41:37 PM - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 1388

ThreadCreationTime : :18:08 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1460

ThreadCreationTime : :18:13 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1488

ThreadCreationTime : :18:18 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1532

ThreadCreationTime : :18:20 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1544

ThreadCreationTime : :18:20 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1712

ThreadCreationTime : :18:22 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1764

ThreadCreationTime : :18:22 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 272

ThreadCreationTime : :18:22 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 360

ThreadCreationTime : :18:23 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 688

ThreadCreationTime : :18:23 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsvchst.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 808

ThreadCreationTime : :18:23 AM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec Service Framework

InternalName : ccSvcHst

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccSvcHst.exe

 

#:12 [appsvc32.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\

ProcessID : 1028

ThreadCreationTime : :18:27 AM

BasePriority : Normal

FileVersion : 1.0.00.101

ProductVersion : 1.0

ProductName : Symantec Application Core

CompanyName : Symantec Corporation

FileDescription : Symantec Application Core Service

InternalName : AppSvc32

LegalCopyright : Copyright © Symantec Corporation

OriginalFilename : AppSvc32.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1336

ThreadCreationTime : :18:32 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [lvprcsrv.exe]

FilePath : c:\program files\common files\logishrd\lvmvfm\

ProcessID : 1452

ThreadCreationTime : :18:33 AM

BasePriority : Normal

FileVersion : 10.5.1.2027

ProductVersion : 10.5.1.2027

ProductName : Logitech QuickCam

CompanyName : Logitech Inc.

FileDescription : Logitech LVPrcSrv Module.

InternalName : LVPrcSrv.exe

LegalCopyright : © Logitech. All rights reserved.

OriginalFilename : LVPrcSrv.exe

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 520

ThreadCreationTime : :18:36 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:16 [applemobiledeviceservice.exe]

FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\

ProcessID : 764

ThreadCreationTime : :18:40 AM

BasePriority : Normal

FileVersion : 1, 12, 0, 0

ProductVersion : 1, 12, 0, 0

ProductName : Apple Mobile Device Service

CompanyName : Apple, Inc.

FileDescription : Apple Mobile Device Service

InternalName : usbaapld

LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.

OriginalFilename : usbmuxd.exe

 

#:17 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 784

ThreadCreationTime : :18:40 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:18 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 820

ThreadCreationTime : :18:40 AM

BasePriority : Normal

FileVersion : 3.1.0.99

ProductVersion : 3.1.0.99

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:19 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 892

ThreadCreationTime : :18:41 AM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:20 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 1852

ThreadCreationTime : :18:41 AM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:21 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 1860

ThreadCreationTime : :18:41 AM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:22 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 1952

ThreadCreationTime : :18:42 AM

BasePriority : Normal

 

 

#:23 [e_s0hic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 1588

ThreadCreationTime : :18:42 AM

BasePriority : Normal

FileVersion : 3.02

ProductVersion : 3.02

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S0HIC1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2003

OriginalFilename : E_S0HIC1.EXE

 

#:24 [guard.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 428

ThreadCreationTime : :18:44 AM

BasePriority : Normal

FileVersion : 7, 5, 1, 22

ProductVersion : 7, 5, 1, 22

ProductName : AVG Anti-Spyware

CompanyName : GRISOFT s.r.o.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2007 GRISOFT s.r.o.

OriginalFilename : guard.exe

 

#:25 [cisvc.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 500

ThreadCreationTime : :18:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:26 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1152

ThreadCreationTime : :18:45 AM

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:27 [ad-watch.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 644

ThreadCreationTime : :18:46 AM

BasePriority : Normal

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:28 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1000

ThreadCreationTime : :18:55 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:29 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1308

ThreadCreationTime : :18:56 AM

BasePriority : Normal

FileVersion : 6.14.10.7777

ProductVersion : 6.14.10.7777

ProductName : NVIDIA Driver Helper Service, Version 77.77

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 77.77

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:30 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ProcessID : 836

ThreadCreationTime : :19:03 AM

BasePriority : Normal

FileVersion : 4.5.5096.0

ProductVersion : 4.5.5096

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync Connection Manager

InternalName : wcescomm

LegalCopyright : Copyright © Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : WCESCOMM.EXE

 

#:31 [wmpnscfg.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 2120

ThreadCreationTime : :19:08 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:32 [tcpsvcs.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2248

ThreadCreationTime : :19:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : TCP/IP Services Application

InternalName : TCPSVCS.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : TCPSVCS.EXE

 

#:33 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2428

ThreadCreationTime : :19:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:34 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2628

ThreadCreationTime : :19:09 AM

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp.

OriginalFilename : MSPMSPSV.EXE

 

#:35 [rapimgr.exe]

FilePath : C:\PROGRA~1\MI3AA1~1\

ProcessID : 2640

ThreadCreationTime : :19:11 AM

BasePriority : Normal

FileVersion : 4.5.5096.0

ProductVersion : 4.5.5096

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync RAPI Manager

InternalName : rapimgr

LegalCopyright : Copyright © Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : rapimgr.exe

 

#:36 [wmpnetwk.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 2928

ThreadCreationTime : :19:21 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service

InternalName : Windows Media Player Network Sharing Service

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNetwk.exe

 

#:37 [calmain.exe]

FilePath : C:\Program Files\Canon\CAL\

ProcessID : 3268

ThreadCreationTime : :19:23 AM

BasePriority : Normal

FileVersion : 8, 1, 0, 14

ProductVersion : 8, 1, 0, 14

CompanyName : Canon Inc.

FileDescription : Canon Camera Access Library 8

LegalCopyright : Copyright © Canon Inc.

OriginalFilename : CALMAIN.exe

 

#:38 [ipodservice.exe]

FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\

ProcessID : 4084

ThreadCreationTime : :19:42 AM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:39 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2676

ThreadCreationTime : :19:42 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:40 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 2972

ThreadCreationTime : :19:43 AM

BasePriority : Normal

 

 

#:41 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 3012

ThreadCreationTime : :19:43 AM

BasePriority : High

 

 

#:42 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 4052

ThreadCreationTime : :19:55 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:43 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2412

ThreadCreationTime : :19:57 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:44 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3468

ThreadCreationTime : :19:58 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:45 [e_s0hic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 848

ThreadCreationTime : :19:58 AM

BasePriority : Normal

FileVersion : 3.02

ProductVersion : 3.02

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S0HIC1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2003

OriginalFilename : E_S0HIC1.EXE

 

#:46 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1144

ThreadCreationTime : :19:58 AM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:47 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 844

ThreadCreationTime : :19:59 AM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:48 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 3888

ThreadCreationTime : :19:59 AM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:49 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 476

ThreadCreationTime : :19:59 AM

BasePriority : Normal

 

 

#:50 [steam.exe]

FilePath : F:\C\games\half life\

ProcessID : 3344

ThreadCreationTime : :20:00 AM

BasePriority : Normal

FileVersion : 1.0.0.0

ProductVersion : 1.0.0.0

ProductName : Steam

CompanyName : Valve Corporation

FileDescription : Steam

LegalCopyright : © Copyright Valve Corporation All rights reserved.

OriginalFilename : Steam.exe

 

#:51 [mwsoemon.exe]

FilePath : C:\PROGRA~1\MYWEBS~1\bar\5.bin\

ProcessID : 1960

ThreadCreationTime : :20:01 AM

BasePriority : Normal

FileVersion : 1,2,2,4

ProductVersion : 2,0,1,0

ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients

CompanyName : MyWebSearch.com

FileDescription : My Web Search Plugin Loader

InternalName : mwsoemon

LegalCopyright : Copyright © MyWebSearch.com

OriginalFilename : mwsoemon.exe

 

#:52 [backweb-.exe]

FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\

ProcessID : 3588

ThreadCreationTime : :20:03 AM

BasePriority : Normal

 

 

#:53 [wmpnscfg.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 264

ThreadCreationTime : :20:03 AM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:54 [avgas.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 3340

ThreadCreationTime : :36:53 AM

BasePriority : Normal

FileVersion : 7, 5, 1, 43

ProductVersion : 7, 5, 1, 43

ProductName : AVG Anti-Spyware

CompanyName : GRISOFT s.r.o.

FileDescription : AVG Anti-Spyware

InternalName : AVG Anti-Spyware

LegalCopyright : Copyright © 2007 GRISOFT s.r.o.

OriginalFilename : avgas.exe

 

#:55 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2460

ThreadCreationTime : :23:18 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:56 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 5040

ThreadCreationTime : :25:47 AM

BasePriority : Normal

FileVersion : 1.9.1.1034

ProductVersion : 1.9.1.1034

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:57 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 4952

ThreadCreationTime : :10:49 PM

BasePriority : Normal

 

 

#:58 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 3396

ThreadCreationTime : :10:50 PM

BasePriority : High

 

 

#:59 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2776

ThreadCreationTime : :10:57 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:60 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1264

ThreadCreationTime : :10:58 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:61 [e_s0hic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 3816

ThreadCreationTime : :11:01 PM

BasePriority : Normal

FileVersion : 3.02

ProductVersion : 3.02

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S0HIC1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2003

OriginalFilename : E_S0HIC1.EXE

 

#:62 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 4240

ThreadCreationTime : :11:01 PM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:63 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 4116

ThreadCreationTime : :11:02 PM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:64 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 4972

ThreadCreationTime : :11:02 PM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:65 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 5860

ThreadCreationTime : :11:03 PM

BasePriority : Normal

 

 

#:66 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 5036

ThreadCreationTime : :11:05 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:67 [wmpnscfg.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 1056

ThreadCreationTime : :11:05 PM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:68 [backweb-.exe]

FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\

ProcessID : 3836

ThreadCreationTime : :11:06 PM

BasePriority : Normal

 

 

#:69 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 5892

ThreadCreationTime : :00:20 PM

BasePriority : Normal

 

 

#:70 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 8084

ThreadCreationTime : :00:20 PM

BasePriority : High

 

 

#:71 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 7572

ThreadCreationTime : :00:29 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:72 [cthelper.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 8144

ThreadCreationTime : :00:32 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:73 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 5332

ThreadCreationTime : :00:33 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:74 [e_s0hic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 6844

ThreadCreationTime : :00:33 PM

BasePriority : Normal

FileVersion : 3.02

ProductVersion : 3.02

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S0HIC1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2003

OriginalFilename : E_S0HIC1.EXE

 

#:75 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 7440

ThreadCreationTime : :00:34 PM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:76 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 7024

ThreadCreationTime : :00:34 PM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:77 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 7980

ThreadCreationTime : :00:35 PM

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:78 [watchdog.exe]

FilePath : C:\Program Files\mobile PhoneTools\

ProcessID : 2276

ThreadCreationTime : :00:37 PM

BasePriority : Normal

 

 

#:79 [wmpnscfg.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 4688

ThreadCreationTime : :00:37 PM

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service Configuration Application

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNSCFG.EXE

 

#:80 [backweb-.exe]

FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\

ProcessID : 7028

ThreadCreationTime : :00:38 PM

BasePriority : Normal

 

 

#:81 [m3srchmn.exe]

FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\

ProcessID : 7528

ThreadCreationTime : :03:22 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 2, 1, 60, 0

ProductName : My Web Search Bar for Internet Explorer and FireFox

CompanyName : MyWebSearch.com

FileDescription : MyWebSearch SearchScope Monitor

InternalName : m3SrchMn

LegalCopyright : Copyright © 2006, 2007

OriginalFilename : m3SrchMn.exe

 

#:82 [mwsoemon.exe]

FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\

ProcessID : 7140

ThreadCreationTime : :03:23 PM

BasePriority : Normal

FileVersion : 1,2,2,4

ProductVersion : 2,0,1,0

ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients

CompanyName : MyWebSearch.com

FileDescription : My Web Search Plugin Loader

InternalName : mwsoemon

LegalCopyright : Copyright © MyWebSearch.com

OriginalFilename : mwsoemon.exe

 

#:83 [m3impipe.exe]

FilePath : C:\Program Files\MyWebSearch\bar\1.bin\

ProcessID : 6448

ThreadCreationTime : :03:23 PM

BasePriority : Normal

FileVersion : 1, 0, 4, 0

ProductVersion : 2, 0, 5, 0

ProductName : My Web Search Community Tools

CompanyName : MyWebSearch.com

FileDescription : My Web Search Community Tools

InternalName : m3IMPipe

LegalCopyright : Copyright © 2001, 2002, 2003, 2004, 2005, 2006

OriginalFilename : m3IMPipe.exe

 

#:84 [m3srchmn.exe]

FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\

ProcessID : 6676

ThreadCreationTime : :42:16 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 2, 1, 60, 0

ProductName : My Web Search Bar for Internet Explorer and FireFox

CompanyName : MyWebSearch.com

FileDescription : MyWebSearch SearchScope Monitor

InternalName : m3SrchMn

LegalCopyright : Copyright © 2006, 2007

OriginalFilename : m3SrchMn.exe

 

#:85 [firefox.exe]

FilePath : C:\PROGRA~1\MOZILL~1\

ProcessID : 3312

ThreadCreationTime : :45:23 PM

BasePriority : Normal

 

 

#:86 [navw32.exe]

FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\

ProcessID : 3956

ThreadCreationTime : :22:16 PM

BasePriority : Normal

FileVersion : 14.0.0.89

ProductVersion : 14.0.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Scanner Module

InternalName : Navw32

LegalCopyright : Copyright © 2006 Symantec Corporation. All rights reserved.

OriginalFilename : Navw32.exe

 

#:87 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 6688

ThreadCreationTime : :27:02 PM

BasePriority : Idle

FileVersion : 5.1.2600.0 (xpclient.)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cidaemon.exe

 

#:88 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 8156

ThreadCreationTime : :36:13 PM

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{a6acae64-f-ad86-bd3fb32038db}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

2:46:43 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:06.359

Objects scanned:

Objects identified:1

Objects ignored:0

New critical objects:1

Share this post


Link to post
Share on other sites

hello loffie.. i want to give you a quick reply.. there are different ways that you could manage to get "zlob" removed from your computer.. i am not an "expert" at helping people to remove malware from their computer, but i can try to help..

 

first, there is another lavasoft forum for help with removing malware, called "hijackthis logs".. here is a link for it:

 

http://www.lavasoftsupport.com/index.php?showforum=36

 

 

there are also other forums where you can get "expert" help in removing malware.. some of them are:

 

http://www.dslreports.com/forum/cleanup

 

http://www.bleepingcomputer.com/forums/forum22.html

 

http://www.techsupportforum.com/security-c...kthis-log-help/

 

one tool that i think would probably be helpful in removing "zlob" would be "smitfraudfix".. here is a link for it:

 

http://siri.geekstogo.com/SmitfraudFix.php

 

another option that you could try would be to install the "superantispyware" program and do a scan with it and let it clean the malware that it finds.. many people say that it is very good at removing malware.. there is a free version and a pay version.. i would suggest that you install the free version which is what most people use.. here is a link for it:

 

http://www.superantispyware.com/download.html

 

i would try both of those programs and then doing another "hijackthis" scan and posting the new hijackthis log in one of the forums that i listed, where "experts" can help you..

 

incidentally, "calamityjane" is one of the best "experts" in helping people in cleaning malware from their computers and she helps people in the "lavasoft"/"hijackthis logs" forum, among other places, so you could go there for help..

Edited by redwolfe_98

Share this post


Link to post
Share on other sites

Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat.

regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}"
start notepad.exe regcs.txt
exit

Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.

Share this post


Link to post
Share on other sites
Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat.

regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}"
start notepad.exe regcs.txt
exit

Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.

 

 

 

Thanks for the reply. When I do the above, the regcs.bat file, the resultant file is empty. Am I missing a step?

Share this post


Link to post
Share on other sites
Sign in to follow this