Sign in to follow this  
kt777blue

trojan zlob

Recommended Posts

A few weeks ago ad aware detected a trojan.zlob file on our computer and also isamonitor.exe Between Nortons and Ad Aware. We thought we had removed this from our computer but Norton's keeps finding the trojan again on accasion as does ad aware. Other error messages come up that we didn't see before this infection. There is one error message that comes up everytime the computer is shut down but it does not stay long enough that we can read the information. I ran ad aware and it doesn't pick anything up now but our computer is not running as it was. This is the log file from the last scan. Maybe it means something to you that it doesn't mean to me. Thanks for your help.

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, 5 March 2007 2:34:23 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R155 26.02.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):7 total references

Tracking Cookie(TAC index:3):39 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

5-03-2007 2:34:23 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Katy\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3759424940-2111553141-3975579058-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3759424940-2111553141-3975579058-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3759424940-2111553141-3975579058-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3759424940-2111553141-3975579058-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3759424940-2111553141-3975579058-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 632

ThreadCreationTime : 4-03-2007 8:54:10 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 696

ThreadCreationTime : 4-03-2007 8:54:13 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 720

ThreadCreationTime : 4-03-2007 8:54:15 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 4-03-2007 8:54:18 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 776

ThreadCreationTime : 4-03-2007 8:54:18 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 992

ThreadCreationTime : 4-03-2007 8:54:26 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1060

ThreadCreationTime : 4-03-2007 8:54:27 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1156

ThreadCreationTime : 4-03-2007 8:54:27 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1340

ThreadCreationTime : 4-03-2007 8:54:30 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1452

ThreadCreationTime : 4-03-2007 8:54:32 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsvchst.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1588

ThreadCreationTime : 4-03-2007 8:54:33 PM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec Service Framework

InternalName : ccSvcHst

LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.

OriginalFilename : ccSvcHst.exe

 

#:12 [appsvc32.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\

ProcessID : 1712

ThreadCreationTime : 4-03-2007 8:54:36 PM

BasePriority : Normal

FileVersion : 1.0.00.101

ProductVersion : 1.0

ProductName : Symantec Application Core

CompanyName : Symantec Corporation

FileDescription : Symantec Application Core Service

InternalName : AppSvc32

LegalCopyright : Copyright © 1997-2006 Symantec Corporation

OriginalFilename : AppSvc32.exe

 

#:13 [brsvc01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2016

ThreadCreationTime : 4-03-2007 8:54:37 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : brother Industries Ltd brsvc01a

CompanyName : brother Industries Ltd

FileDescription : brsvc01a

InternalName : brsvc01a

LegalCopyright : Copyright © Brother Industries, Ltd 2001

OriginalFilename : brsvc01a.exe

 

#:14 [brss01a.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 132

ThreadCreationTime : 4-03-2007 8:54:38 PM

BasePriority : Normal

FileVersion : 1.004

ProductVersion : 1, 0, 0, 4

ProductName : brother Industries Ltd brss01a.exe

CompanyName : brother Industries Ltd

FileDescription : brss01a.exe

InternalName : brss01a.exe

LegalCopyright : Copyright ? 2001

OriginalFilename : brss01a.exe

Comments : Brsplproc XP wrapper

 

#:15 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 140

ThreadCreationTime : 4-03-2007 8:54:38 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:16 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 520

ThreadCreationTime : 4-03-2007 8:54:45 PM

BasePriority : Normal

FileVersion : 3.1.0.99

ProductVersion : 3.1.0.99

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2006 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:17 [gs30s.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 780

ThreadCreationTime : 4-03-2007 8:54:46 PM

BasePriority : Normal

 

 

#:18 [nicconfigsvc.exe]

FilePath : C:\Program Files\Dell\NICCONFIGSVC\

ProcessID : 1012

ThreadCreationTime : 4-03-2007 8:54:46 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : NicConfigSvc

CompanyName : Dell Inc.

FileDescription : Internal Network Card Power Management Service

InternalName : TestMFCAppWiz

LegalCopyright : Copyright © 2004 Dell Inc.

OriginalFilename : NicConfigSvc.EXE

 

#:19 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1144

ThreadCreationTime : 4-03-2007 8:54:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:20 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1276

ThreadCreationTime : 4-03-2007 8:54:47 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1316

ThreadCreationTime : 4-03-2007 8:54:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:22 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 3484

ThreadCreationTime : 4-03-2007 8:55:24 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:23 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 3812

ThreadCreationTime : 4-03-2007 8:55:25 PM

BasePriority : Normal

FileVersion : 7.0.2.16

ProductVersion : 7.0.2.16

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:24 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1124

ThreadCreationTime : 4-03-2007 8:55:31 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:25 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3080

ThreadCreationTime : 4-03-2007 8:55:37 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:26 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 3448

ThreadCreationTime : 4-03-2007 8:55:51 PM

BasePriority : Normal

FileVersion : 1.9.1.1034

ProductVersion : 1.9.1.1034

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:27 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3468

ThreadCreationTime : 4-03-2007 9:34:32 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:28 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\

ProcessID : 1956

ThreadCreationTime : 4-03-2007 9:34:37 PM

BasePriority : Normal

 

 

#:29 [syntplpr.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 1116

ThreadCreationTime : 4-03-2007 9:34:37 PM

BasePriority : Normal

FileVersion : 7.10.11 13May04

ProductVersion : 7.10.11 13May04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : TouchPad Driver Helper Application

InternalName : SynTPLpr

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPLpr.exe

 

#:30 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 2104

ThreadCreationTime : 4-03-2007 9:34:37 PM

BasePriority : Normal

FileVersion : 7.10.11 13May04

ProductVersion : 7.10.11 13May04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Scrolleroo

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPEnh.exe

 

#:31 [pronomgr.exe]

FilePath : C:\Program Files\Intel\PROSetWired\NCS\PROSet\

ProcessID : 2080

ThreadCreationTime : 4-03-2007 9:34:38 PM

BasePriority : Normal

FileVersion : 6.6.10.7

ProductVersion : 6.6.10.7

ProductName : Intel® Network Configuration Services

CompanyName : Intel® Corporation

FileDescription : PRONotifyMgr Module

InternalName : PRONotifyMgr

LegalCopyright : Copyright© 2001-2004 Intel Corporation

OriginalFilename : PRONoMgr.exe

 

#:32 [dvdlauncher.exe]

FilePath : C:\Program Files\CyberLink\PowerDVD\

ProcessID : 2184

ThreadCreationTime : 4-03-2007 9:34:38 PM

BasePriority : Normal

FileVersion : 3.00.0000

ProductVersion : 3.00.0000

ProductName : Cyberlink PowerCinema 3.0

CompanyName : CyberLink Corp.

FileDescription : CyberLink PowerCinema Resident Program

InternalName : CyberLink PowerCinema Resident Program

LegalCopyright : Copyright © 2003 CyberLink Corp.

OriginalFilename : DVDLauncher.EXE

 

#:33 [dmxlauncher.exe]

FilePath : C:\Program Files\Dell\Media Experience\

ProcessID : 2756

ThreadCreationTime : 4-03-2007 9:34:38 PM

BasePriority : Normal

 

 

#:34 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla\

ProcessID : 2152

ThreadCreationTime : 4-03-2007 9:34:39 PM

BasePriority : Normal

FileVersion : 1.04.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:35 [opwarese2.exe]

FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\

ProcessID : 2192

ThreadCreationTime : 4-03-2007 9:34:39 PM

BasePriority : Normal

FileVersion : 12.0

ProductVersion : 2.0

ProductName : OmniPage SE

CompanyName : ScanSoft, Inc.

FileDescription : OCR Aware (32-bit)

InternalName : OPWARE12.EXE

LegalCopyright : Copyright © 1995-2003 ScanSoft, Inc.

LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

 

OriginalFilename : OPWARE12.EXE

 

#:36 [pptd40nt.exe]

FilePath : C:\Program Files\ScanSoft\PaperPort\

ProcessID : 1436

ThreadCreationTime : 4-03-2007 9:34:40 PM

BasePriority : Normal

FileVersion : 9.0

ProductVersion : 9.0

ProductName : PaperPort

CompanyName : ScanSoft, Inc.

FileDescription : PaperPort Print to Desktop for NT

InternalName : PPTD40NT

LegalCopyright : Copyright © 1993-2004 ScanSoft, Inc.

OriginalFilename : PPTD40NT.EXE

 

#:37 [brctrcen.exe]

FilePath : C:\Program Files\Brother\ControlCenter2\

ProcessID : 2424

ThreadCreationTime : 4-03-2007 9:34:43 PM

BasePriority : Normal

 

 

#:38 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 280

ThreadCreationTime : 4-03-2007 9:34:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:39 [msgplus.exe]

FilePath : C:\Program Files\MessengerPlus! 3\

ProcessID : 1964

ThreadCreationTime : 4-03-2007 9:34:47 PM

BasePriority : Normal

 

 

#:40 [sweetim.exe]

FilePath : C:\Program Files\Macrogaming\SweetIM\

ProcessID : 2012

ThreadCreationTime : 4-03-2007 9:34:48 PM

BasePriority : Normal

FileVersion : 1, 1, 0, 151

ProductVersion : 1.1.0.151

ProductName : MacroGaming SweetIM

CompanyName : MacroGaming LTD.

FileDescription : SweetIM MSN Messenger Enhancer

InternalName : SweetIM

LegalCopyright : Copyright © 2005

OriginalFilename : SweetIM.exe

 

#:41 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3456

ThreadCreationTime : 4-03-2007 9:34:50 PM

BasePriority : Normal

FileVersion : 3.0.0.4410

ProductVersion : 7.0.0.4410

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:42 [igfxpers.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 184

ThreadCreationTime : 4-03-2007 9:34:50 PM

BasePriority : Normal

FileVersion : 3.0.0.4410

ProductVersion : 7.0.0.4410

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : persistence Module

InternalName : PERSISTENCE

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXPERS.EXE

 

#:43 [e_fatibep.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 1576

ThreadCreationTime : 4-03-2007 9:34:50 PM

BasePriority : Normal

FileVersion : 4.00

ProductVersion : 4.00

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S7I3E1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2006

OriginalFilename : E_S7I3E1.EXE

 

#:44 [igfxsrvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2536

ThreadCreationTime : 4-03-2007 9:34:50 PM

BasePriority : Normal

FileVersion : 3.0.0.4410

ProductVersion : 7.0.0.4410

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxsrvc Module

InternalName : IGFXSRVC

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : IGFXSRVC.EXE

 

#:45 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2564

ThreadCreationTime : 4-03-2007 9:34:51 PM

BasePriority : Normal

FileVersion : 7.1.3

ProductVersion : QuickTime 7.1.3

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Computer, Inc. 1989-2006

OriginalFilename : QTTask.exe

 

#:46 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 1480

ThreadCreationTime : 4-03-2007 9:34:51 PM

BasePriority : Normal

FileVersion : 7.0.2.16

ProductVersion : 7.0.2.16

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:47 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3524

ThreadCreationTime : 4-03-2007 9:34:51 PM

BasePriority : Normal

FileVersion : 106.2.0.21

ProductVersion : 106.2.0.21

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:48 [dlg.exe]

FilePath : C:\Program Files\Digital Line Detect\

ProcessID : 3516

ThreadCreationTime : 4-03-2007 9:34:52 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : BVRP Software TestLine

CompanyName : BVRP Software

FileDescription : Digital Line Detection

InternalName : TestLine

LegalCopyright : Copyright © 2003

OriginalFilename : TestLine.exe

 

#:49 [easyshare.exe]

FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\

ProcessID : 3652

ThreadCreationTime : 4-03-2007 9:34:53 PM

BasePriority : Normal

FileVersion : 5, 0, 4, 128

ProductVersion : 4, 0, 2, 134

ProductName : Kodak EasyShare software

CompanyName : Eastman Kodak Company

FileDescription : Kodak EasyShare software

InternalName : EasyShare

LegalCopyright : Copyright © Eastman Kodak Company 2002

LegalTrademarks : EasyShare

OriginalFilename : EasyShare.exe

 

#:50 [kodak software updater.exe]

FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\

ProcessID : 3756

ThreadCreationTime : 4-03-2007 9:34:53 PM

BasePriority : Normal

 

 

#:51 [msimn.exe]

FilePath : C:\Program Files\Outlook Express\

ProcessID : 1128

ThreadCreationTime : 4-03-2007 9:35:24 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Outlook Express

InternalName : MSIMN

LegalCopyright : © 2004 Microsoft Corporation. All rights reserved.

OriginalFilename : MSIMN.EXE

 

#:52 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 1568

ThreadCreationTime : 5-03-2007 4:22:53 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:53 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 3548

ThreadCreationTime : 5-03-2007 4:31:48 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:54 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3292

ThreadCreationTime : 5-03-2007 4:34:07 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 7

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 7

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 7

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 29-02-2012 9:52:48 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:13

Value : Cookie:[email protected]/

Expires : 24-02-2008 9:19:40 AM

LastSync : Hits:13

UseCount : 0

Hits : 13

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 17-02-2012 8:40:58 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 16-03-2020 11:00:00 AM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:25

Value : Cookie:[email protected]/

Expires : 3-03-2008 2:24:40 PM

LastSync : Hits:25

UseCount : 0

Hits : 25

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:[email protected]/

Expires : 22-06-2009 10:00:00 AM

LastSync : Hits:9

UseCount : 0

Hits : 9

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:43:54 PM

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 1-03-2009 9:54:40 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 16-02-2017 3:57:56 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:[email protected]/

Expires : 22-02-2008 4:11:54 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:11

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:51:22 PM

LastSync : Hits:11

UseCount : 0

Hits : 11

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:45:02 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 1-01-2011 9:12:40 AM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 25-02-2027 9:54:40 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:[email protected]/

Expires : 2-03-2012 1:41:16 PM

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:[email protected]/

Expires : 1-01-2038 8:00:00 AM

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:69

Value : Cookie:[email protected]/

Expires : 14-08-2017 10:00:00 AM

LastSync : Hits:69

UseCount : 0

Hits : 69

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:18

Value : Cookie:[email protected]/

Expires : 3-03-2008 2:24:40 PM

LastSync : Hits:18

UseCount : 0

Hits : 18

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:29

Value : Cookie:[email protected]/

Expires : 17-02-2010 8:57:20 PM

LastSync : Hits:29

UseCount : 0

Hits : 29

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 20-02-2012 5:17:24 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:36:34 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]et/adserver

Expires : 22-02-2039 9:54:40 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:[email protected]/

Expires : 28-02-2027 7:45:58 AM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 17-02-2012 8:52:20 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:[email protected]/

Expires : 27-03-2007 1:15:32 PM

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:16

Value : Cookie:[email protected]/

Expires : 18-02-2017 5:02:16 PM

LastSync : Hits:16

UseCount : 0

Hits : 16

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:31

Value : Cookie:[email protected]/

Expires : 17-02-2012 10:00:00 AM

LastSync : Hits:31

UseCount : 0

Hits : 31

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 19-02-2012 8:32:22 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:33:36 PM

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 1-01-2038 8:00:00 AM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:[email protected]/

Expires : 17-02-2011 8:38:24 PM

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 26-02-2012 8:56:32 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 32

Objects found so far: 39

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Josh\Cookies\[email protected][1].txt

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 46

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 46

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 46

 

3:15:16 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:40:53.438

Objects scanned:193966

Objects identified:39

Objects ignored:0

New critical objects:39

Share this post


Link to post
Share on other sites

Hi and welcome!

 

Thanks for posting the Ad-Aware scan log. Nothing is jumping out at me from that.

 

Could you please run this free tool to create a log for review. It looks for leftover ZLOB (aka Smitfraud) related files that may be missed by your other security programs

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Share this post


Link to post
Share on other sites

I have the same probleme as this guy.

 

 

SmitFraudFix v2.147

 

Scan done at 14:53:19.10, 05/03/2007

Run from C:\Documents and Settings\Kurt\My Documents\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\tvomnc.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kurt

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kurt\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KURT\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\SpyDawn\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{634be415-da12-496b-b89e-329b73c4807f}"="cam"

 

[HKEY_CLASSES_ROOT\CLSID\{634be415-da12-496b-b89e-329b73c4807f}\InProcServer32]

@="C:\WINDOWS\system32\tvomnc.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{634be415-da12-496b-b89e-329b73c4807f}\InProcServer32]

@="C:\WINDOWS\system32\tvomnc.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Thanks so much for you assistance so far. I really appreciate it! Have performed the steps you asked and copied and pasted the document. Thanks.

 

 

SmitFraudFix v2.141

 

Scan done at 13:08:23.18, Tue 06/03/2007

Run from C:\Documents and Settings\Katy\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Katy

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Katy\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Sorry for the delay in replying. The forums were down for a bit to do some site maintenance. We're back now :(

 

No signs of Zlob at all on those logs. Let's do a little cleanup and then let me know if you are still getting advices from Norton.

 

1. Go to Start > Run and type in the box: cleanmgr

Wait while Windows searches for files to delete that will free up disk space (and clean up unneeded files on your hard disk)

 

When it finishes, it will present a list. Make sure these 3 are checkmarked, then press *ok* to delete them:

 

Temporary Files

Temporary Internet Files

Recycle bin

 

Do that for each user on the system.

 

2. Reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Sometimes 3rd party programs (like your antivirus program) will find infected files in the System restore but cannot remove them because that directory is protected by Windows from all 3rd party programs. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

 

Do those steps please and let me know if you get any further alerts from Norton or Ad-Aware?

Share this post


Link to post
Share on other sites

Hi, Thanks so much for your continual support. Norton today found the following "thing" trojan.byteverify. Is it at all related or something different? I have run the smitfraud thing again. I think Norton can delete it so is that all I need to do? Thanks once again.

 

SmitFraudFix v2.147

 

Scan done at 17:53:13.04, Mon 12/03/2007

Run from C:\Documents and Settings\Katy\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Katy

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Katy\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Katy\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Re: Trojan ByteVerify:

 

http://www.symantec.com/avcenter/venc/data...byteverify.html

Sometimes, found a trojan byte.verify are previously viewed webpages containing a malicious appelet in your Java cache (not the Java program itself). These are cached as webpages you view and if you are protected, just viewing them doesn't mean you are infected.

 

See further details here on what it's about and how to clear your Java cache when you see those:

Virus found in the Java's Runtime Environment, Standard Edition (JRE) cache directory

http://java.com/en/download/help/cache_virus.jsp

 

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

 

1. From the Start button, click Settings > Control Panel

2. In the Control Panel, open the "Java Plug-in Control Panel"

3. Select the Cache Tab

4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

.................

For Later versions of java

 

In the Control Panel, select the Java icon (looks like a coffee cup).

 

Under the General tab at the bottom your will see a section: "Temporary Internet files"

 

choose *delete files* and then *ok*.

Share this post


Link to post
Share on other sites
Sign in to follow this