I run Adaware SE fullscan and it brings up the win32.trojandownloader.zlob and win32.trojan.downlaodrer.zlob.
It repairs, but the trojan returns after the scan or restart. Is there a complete solution?
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, July 23, 2007 6:29:11 PM
Using definitions file:SE1R182 23.07.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Automatically check all objects in results lists
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
:29:11 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1396
ThreadCreationTime : :31:19 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1464
ThreadCreationTime : :31:24 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1492
ThreadCreationTime : :31:30 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : :31:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : :31:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1720
ThreadCreationTime : :31:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1768
ThreadCreationTime : :31:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 276
ThreadCreationTime : :31:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 380
ThreadCreationTime : :31:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 776
ThreadCreationTime : :31:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsvchst.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 868
ThreadCreationTime : :31:36 AM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe
#:12 [appsvc32.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\
ProcessID : 1088
ThreadCreationTime : :31:41 AM
BasePriority : Normal
FileVersion : 1.0.00.101
ProductVersion : 1.0
ProductName : Symantec Application Core
CompanyName : Symantec Corporation
FileDescription : Symantec Application Core Service
InternalName : AppSvc32
LegalCopyright : Copyright © Symantec Corporation
OriginalFilename : AppSvc32.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1312
ThreadCreationTime : :31:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [lvprcsrv.exe]
FilePath : c:\program files\common files\logishrd\lvmvfm\
ProcessID : 1392
ThreadCreationTime : :31:42 AM
BasePriority : Normal
FileVersion : 10.5.1.2027
ProductVersion : 10.5.1.2027
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
LegalCopyright : © Logitech. All rights reserved.
OriginalFilename : LVPrcSrv.exe
#:15 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 240
ThreadCreationTime : :31:48 AM
BasePriority : Normal
FileVersion : 1, 12, 0, 0
ProductVersion : 1, 12, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe
#:16 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 268
ThreadCreationTime : :31:48 AM
BasePriority : Normal
FileVersion : 3.1.0.99
ProductVersion : 3.1.0.99
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:17 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 356
ThreadCreationTime : :31:48 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 22
ProductVersion : 7, 5, 1, 22
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : guard.exe
#:18 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 400
ThreadCreationTime : :31:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:19 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 416
ThreadCreationTime : :31:49 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 492
ThreadCreationTime : :31:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : :31:49 AM
BasePriority : Normal
FileVersion : 6.14.10.7777
ProductVersion : 6.14.10.7777
ProductName : NVIDIA Driver Helper Service, Version 77.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:22 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1512
ThreadCreationTime : :31:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1844
ThreadCreationTime : :31:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:24 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : :31:56 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp.
OriginalFilename : MSPMSPSV.EXE
#:25 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 1412
ThreadCreationTime : :31:56 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe
#:26 [calmain.exe]
FilePath : C:\Program Files\Canon\CAL\
ProcessID : 2228
ThreadCreationTime : :31:58 AM
BasePriority : Normal
FileVersion : 8, 1, 0, 14
ProductVersion : 8, 1, 0, 14
CompanyName : Canon Inc.
FileDescription : Canon Camera Access Library 8
LegalCopyright : Copyright © Canon Inc.
OriginalFilename : CALMAIN.exe
#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3076
ThreadCreationTime : :32:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:28 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3232
ThreadCreationTime : :38:53 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:29 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3148
ThreadCreationTime : :40:35 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:30 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1128
ThreadCreationTime : :40:48 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:31 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 4068
ThreadCreationTime : :40:52 AM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:32 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 1064
ThreadCreationTime : :40:55 AM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.
OriginalFilename : OPWARE12.EXE
#:33 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3836
ThreadCreationTime : :40:56 AM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:34 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 668
ThreadCreationTime : :40:58 AM
BasePriority : Normal
#:35 [e_s0hic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 680
ThreadCreationTime : :40:58 AM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0HIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S0HIC1.EXE
#:36 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 1516
ThreadCreationTime : :41:02 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:37 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 592
ThreadCreationTime : :41:04 AM
BasePriority : Normal
FileVersion : 4.5.5096.0
ProductVersion : 4.5.5096
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE
#:38 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3360
ThreadCreationTime : :41:06 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE
#:39 [rapimgr.exe]
FilePath : C:\PROGRA~1\MI3AA1~1\
ProcessID : 936
ThreadCreationTime : :41:18 AM
BasePriority : Normal
FileVersion : 4.5.5096.0
ProductVersion : 4.5.5096
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync RAPI Manager
InternalName : rapimgr
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : rapimgr.exe
#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\
ProcessID : 4064
ThreadCreationTime : :41:18 AM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:41 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1268
ThreadCreationTime : :43:13 AM
BasePriority : Normal
FileVersion : 7.00.5730.7 (winmain(wmbla).)
ProductVersion : 7.00.5730.7
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:42 [m3srchmn.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\
ProcessID : 3424
ThreadCreationTime : :43:15 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 2, 1, 60, 0
ProductName : My Web Search Bar for Internet Explorer and FireFox
CompanyName : MyWebSearch.com
FileDescription : MyWebSearch SearchScope Monitor
InternalName : m3SrchMn
LegalCopyright : Copyright © 2006, 2007
OriginalFilename : m3SrchMn.exe
#:43 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3784
ThreadCreationTime : :10:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:44 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2420
ThreadCreationTime : :11:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:45 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 3816
ThreadCreationTime : :21:11 AM
BasePriority : Normal
#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3124
ThreadCreationTime : :25:49 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:47 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : :26:04 AM
BasePriority : Normal
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a6acae64-f-ad86-bd3fb32038db}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
6:31:22 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:11.79
Objects scanned:
Objects identified:1
Objects ignored:0
New critical objects:1
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, July 23, 2007 2:41:37 PM
Using definitions file:SE1R182 23.07.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Automatically check all objects in results lists
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
:41:37 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1388
ThreadCreationTime : :18:08 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : :18:13 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1488
ThreadCreationTime : :18:18 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1532
ThreadCreationTime : :18:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : :18:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : :18:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1764
ThreadCreationTime : :18:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 272
ThreadCreationTime : :18:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 360
ThreadCreationTime : :18:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 688
ThreadCreationTime : :18:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsvchst.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 808
ThreadCreationTime : :18:23 AM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe
#:12 [appsvc32.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\
ProcessID : 1028
ThreadCreationTime : :18:27 AM
BasePriority : Normal
FileVersion : 1.0.00.101
ProductVersion : 1.0
ProductName : Symantec Application Core
CompanyName : Symantec Corporation
FileDescription : Symantec Application Core Service
InternalName : AppSvc32
LegalCopyright : Copyright © Symantec Corporation
OriginalFilename : AppSvc32.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : :18:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [lvprcsrv.exe]
FilePath : c:\program files\common files\logishrd\lvmvfm\
ProcessID : 1452
ThreadCreationTime : :18:33 AM
BasePriority : Normal
FileVersion : 10.5.1.2027
ProductVersion : 10.5.1.2027
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
LegalCopyright : © Logitech. All rights reserved.
OriginalFilename : LVPrcSrv.exe
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 520
ThreadCreationTime : :18:36 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 764
ThreadCreationTime : :18:40 AM
BasePriority : Normal
FileVersion : 1, 12, 0, 0
ProductVersion : 1, 12, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe
#:17 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : :18:40 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:18 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 820
ThreadCreationTime : :18:40 AM
BasePriority : Normal
FileVersion : 3.1.0.99
ProductVersion : 3.1.0.99
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 892
ThreadCreationTime : :18:41 AM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:20 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 1852
ThreadCreationTime : :18:41 AM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.
OriginalFilename : OPWARE12.EXE
#:21 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1860
ThreadCreationTime : :18:41 AM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:22 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 1952
ThreadCreationTime : :18:42 AM
BasePriority : Normal
#:23 [e_s0hic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1588
ThreadCreationTime : :18:42 AM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0HIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S0HIC1.EXE
#:24 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 428
ThreadCreationTime : :18:44 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 22
ProductVersion : 7, 5, 1, 22
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : guard.exe
#:25 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 500
ThreadCreationTime : :18:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:26 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1152
ThreadCreationTime : :18:45 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:27 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 644
ThreadCreationTime : :18:46 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : :18:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:29 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1308
ThreadCreationTime : :18:56 AM
BasePriority : Normal
FileVersion : 6.14.10.7777
ProductVersion : 6.14.10.7777
ProductName : NVIDIA Driver Helper Service, Version 77.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:30 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 836
ThreadCreationTime : :19:03 AM
BasePriority : Normal
FileVersion : 4.5.5096.0
ProductVersion : 4.5.5096
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE
#:31 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2120
ThreadCreationTime : :19:08 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE
#:32 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2248
ThreadCreationTime : :19:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
#:33 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2428
ThreadCreationTime : :19:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:34 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2628
ThreadCreationTime : :19:09 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp.
OriginalFilename : MSPMSPSV.EXE
#:35 [rapimgr.exe]
FilePath : C:\PROGRA~1\MI3AA1~1\
ProcessID : 2640
ThreadCreationTime : :19:11 AM
BasePriority : Normal
FileVersion : 4.5.5096.0
ProductVersion : 4.5.5096
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync RAPI Manager
InternalName : rapimgr
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : rapimgr.exe
#:36 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2928
ThreadCreationTime : :19:21 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNetwk.exe
#:37 [calmain.exe]
FilePath : C:\Program Files\Canon\CAL\
ProcessID : 3268
ThreadCreationTime : :19:23 AM
BasePriority : Normal
FileVersion : 8, 1, 0, 14
ProductVersion : 8, 1, 0, 14
CompanyName : Canon Inc.
FileDescription : Canon Camera Access Library 8
LegalCopyright : Copyright © Canon Inc.
OriginalFilename : CALMAIN.exe
#:38 [ipodservice.exe]
FilePath : C:\Program Files\iPod\iPod Updater \iPod\bin\
ProcessID : 4084
ThreadCreationTime : :19:42 AM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:39 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2676
ThreadCreationTime : :19:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:40 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2972
ThreadCreationTime : :19:43 AM
BasePriority : Normal
#:41 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3012
ThreadCreationTime : :19:43 AM
BasePriority : High
#:42 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4052
ThreadCreationTime : :19:55 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:43 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2412
ThreadCreationTime : :19:57 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:44 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3468
ThreadCreationTime : :19:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:45 [e_s0hic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 848
ThreadCreationTime : :19:58 AM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0HIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S0HIC1.EXE
#:46 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1144
ThreadCreationTime : :19:58 AM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:47 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 844
ThreadCreationTime : :19:59 AM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.
OriginalFilename : OPWARE12.EXE
#:48 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3888
ThreadCreationTime : :19:59 AM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:49 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 476
ThreadCreationTime : :19:59 AM
BasePriority : Normal
#:50 [steam.exe]
FilePath : F:\C\games\half life\
ProcessID : 3344
ThreadCreationTime : :20:00 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright Valve Corporation All rights reserved.
OriginalFilename : Steam.exe
#:51 [mwsoemon.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\5.bin\
ProcessID : 1960
ThreadCreationTime : :20:01 AM
BasePriority : Normal
FileVersion : 1,2,2,4
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Plugin Loader
InternalName : mwsoemon
LegalCopyright : Copyright © MyWebSearch.com
OriginalFilename : mwsoemon.exe
#:52 [backweb-.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\
ProcessID : 3588
ThreadCreationTime : :20:03 AM
BasePriority : Normal
#:53 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 264
ThreadCreationTime : :20:03 AM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE
#:54 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3340
ThreadCreationTime : :36:53 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe
#:55 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2460
ThreadCreationTime : :23:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:56 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 5040
ThreadCreationTime : :25:47 AM
BasePriority : Normal
FileVersion : 1.9.1.1034
ProductVersion : 1.9.1.1034
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:57 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 4952
ThreadCreationTime : :10:49 PM
BasePriority : Normal
#:58 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3396
ThreadCreationTime : :10:50 PM
BasePriority : High
#:59 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2776
ThreadCreationTime : :10:57 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:60 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1264
ThreadCreationTime : :10:58 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:61 [e_s0hic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 3816
ThreadCreationTime : :11:01 PM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0HIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S0HIC1.EXE
#:62 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 4240
ThreadCreationTime : :11:01 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:63 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 4116
ThreadCreationTime : :11:02 PM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.
OriginalFilename : OPWARE12.EXE
#:64 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 4972
ThreadCreationTime : :11:02 PM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:65 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 5860
ThreadCreationTime : :11:03 PM
BasePriority : Normal
#:66 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 5036
ThreadCreationTime : :11:05 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:67 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 1056
ThreadCreationTime : :11:05 PM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE
#:68 [backweb-.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\
ProcessID : 3836
ThreadCreationTime : :11:06 PM
BasePriority : Normal
#:69 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 5892
ThreadCreationTime : :00:20 PM
BasePriority : Normal
#:70 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 8084
ThreadCreationTime : :00:20 PM
BasePriority : High
#:71 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 7572
ThreadCreationTime : :00:29 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:72 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 8144
ThreadCreationTime : :00:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:73 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 5332
ThreadCreationTime : :00:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:74 [e_s0hic1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 6844
ThreadCreationTime : :00:33 PM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0HIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S0HIC1.EXE
#:75 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 7440
ThreadCreationTime : :00:34 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:76 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 7024
ThreadCreationTime : :00:34 PM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.
OriginalFilename : OPWARE12.EXE
#:77 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 7980
ThreadCreationTime : :00:35 PM
BasePriority : Normal
FileVersion : 7.2.0.35
ProductVersion : 7.2.0.35
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:78 [watchdog.exe]
FilePath : C:\Program Files\mobile PhoneTools\
ProcessID : 2276
ThreadCreationTime : :00:37 PM
BasePriority : Normal
#:79 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 4688
ThreadCreationTime : :00:37 PM
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.)
ProductVersion : 11.0.5721.5145
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE
#:80 [backweb-.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\\Program\
ProcessID : 7028
ThreadCreationTime : :00:38 PM
BasePriority : Normal
#:81 [m3srchmn.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\
ProcessID : 7528
ThreadCreationTime : :03:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 2, 1, 60, 0
ProductName : My Web Search Bar for Internet Explorer and FireFox
CompanyName : MyWebSearch.com
FileDescription : MyWebSearch SearchScope Monitor
InternalName : m3SrchMn
LegalCopyright : Copyright © 2006, 2007
OriginalFilename : m3SrchMn.exe
#:82 [mwsoemon.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\
ProcessID : 7140
ThreadCreationTime : :03:23 PM
BasePriority : Normal
FileVersion : 1,2,2,4
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Plugin Loader
InternalName : mwsoemon
LegalCopyright : Copyright © MyWebSearch.com
OriginalFilename : mwsoemon.exe
#:83 [m3impipe.exe]
FilePath : C:\Program Files\MyWebSearch\bar\1.bin\
ProcessID : 6448
ThreadCreationTime : :03:23 PM
BasePriority : Normal
FileVersion : 1, 0, 4, 0
ProductVersion : 2, 0, 5, 0
ProductName : My Web Search Community Tools
CompanyName : MyWebSearch.com
FileDescription : My Web Search Community Tools
InternalName : m3IMPipe
LegalCopyright : Copyright © 2001, 2002, 2003, 2004, 2005, 2006
OriginalFilename : m3IMPipe.exe
#:84 [m3srchmn.exe]
FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\
ProcessID : 6676
ThreadCreationTime : :42:16 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 2, 1, 60, 0
ProductName : My Web Search Bar for Internet Explorer and FireFox
CompanyName : MyWebSearch.com
FileDescription : MyWebSearch SearchScope Monitor
InternalName : m3SrchMn
LegalCopyright : Copyright © 2006, 2007
OriginalFilename : m3SrchMn.exe
#:85 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 3312
ThreadCreationTime : :45:23 PM
BasePriority : Normal
#:86 [navw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\
ProcessID : 3956
ThreadCreationTime : :22:16 PM
BasePriority : Normal
FileVersion : 14.0.0.89
ProductVersion : 14.0.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Scanner Module
InternalName : Navw32
LegalCopyright : Copyright © 2006 Symantec Corporation. All rights reserved.
OriginalFilename : Navw32.exe
#:87 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 6688
ThreadCreationTime : :27:02 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:88 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 8156
ThreadCreationTime : :36:13 PM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a6acae64-f-ad86-bd3fb32038db}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\Leslie\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
2:46:43 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:06.359
Objects scanned:
Objects identified:1
Objects ignored:0
New critical objects:1
Full Version: Cannot Get Rid Of The Zlob Trojans
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
hello loffie.. i want to give you a quick reply.. there are different ways that you could manage to get "zlob" removed from your computer.. i am not an "expert" at helping people to remove malware from their computer, but i can try to help..
first, there is another lavasoft forum for help with removing malware, called "hijackthis logs".. here is a link for it:
http://www.lavasoftsupport.com/index.php?showforum=36
there are also other forums where you can get "expert" help in removing malware.. some of them are:
http://www.dslreports.com/forum/cleanup
http://www.bleepingcomputer.com/forums/forum22.html
http://www.techsupportforum.com/security-c...kthis-log-help/
one tool that i think would probably be helpful in removing "zlob" would be "smitfraudfix".. here is a link for it:
http://siri.geekstogo.com/SmitfraudFix.php
another option that you could try would be to install the "superantispyware" program and do a scan with it and let it clean the malware that it finds.. many people say that it is very good at removing malware.. there is a free version and a pay version.. i would suggest that you install the free version which is what most people use.. here is a link for it:
http://www.superantispyware.com/download.html
i would try both of those programs and then doing another "hijackthis" scan and posting the new hijackthis log in one of the forums that i listed, where "experts" can help you..
incidentally, "calamityjane" is one of the best "experts" in helping people in cleaning malware from their computers and she helps people in the "lavasoft"/"hijackthis logs" forum, among other places, so you could go there for help..
first, there is another lavasoft forum for help with removing malware, called "hijackthis logs".. here is a link for it:
http://www.lavasoftsupport.com/index.php?showforum=36
there are also other forums where you can get "expert" help in removing malware.. some of them are:
http://www.dslreports.com/forum/cleanup
http://www.bleepingcomputer.com/forums/forum22.html
http://www.techsupportforum.com/security-c...kthis-log-help/
one tool that i think would probably be helpful in removing "zlob" would be "smitfraudfix".. here is a link for it:
http://siri.geekstogo.com/SmitfraudFix.php
another option that you could try would be to install the "superantispyware" program and do a scan with it and let it clean the malware that it finds.. many people say that it is very good at removing malware.. there is a free version and a pay version.. i would suggest that you install the free version which is what most people use.. here is a link for it:
http://www.superantispyware.com/download.html
i would try both of those programs and then doing another "hijackthis" scan and posting the new hijackthis log in one of the forums that i listed, where "experts" can help you..
incidentally, "calamityjane" is one of the best "experts" in helping people in cleaning malware from their computers and she helps people in the "lavasoft"/"hijackthis logs" forum, among other places, so you could go there for help..
Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat.
Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
CODE
regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}"
start notepad.exe regcs.txt
exit
start notepad.exe regcs.txt
exit
Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
QUOTE(Oldfrog @ Jul , 10:15 AM) 
Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat.
Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
CODE
regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}"
start notepad.exe regcs.txt
exit
start notepad.exe regcs.txt
exit
Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
Thanks for the reply. When I do the above, the regcs.bat file, the resultant file is empty. Am I missing a step?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.