Hi,
I have Adware SE personal Build 1.06 r1 and have done the latest update.
When I do a scan for spyware it keeps coming up with Win32.Trojandownloader.Zlob and Aureate. I quarentine and delete them but as soon as I do that and scan again they are back.
Also my default home page has changed to an advert for anti virus software and a pop up keeps apearing telling me my system is being attacked etc, etc.
Please can you help me with this.
Thanks, Matt Franks.
Full Version: Win32.Trojandownloader.Zlob and Aureate won't go away!
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hi Matt Franks,
Please post both Ad-Aware and HijackThis logs, as set out in my post in this thread: Unable to remove spywares Boran.g et Smitfraud-C
Once posted, please be patient, as there could be a delay in getting to you. Logs are read from oldest to newest.
Regards,
Spike
Please post both Ad-Aware and HijackThis logs, as set out in my post in this thread: Unable to remove spywares Boran.g et Smitfraud-C
Once posted, please be patient, as there could be a delay in getting to you. Logs are read from oldest to newest.
Regards,
Spike
Hi Splike,
Thanks for your speedy response and clear instructions.
I hope I've done it right!
Logfiles are listed below:
Ad-Aware SE Build 1.06r1
Logfile Created on:09 October 2006 AM 09:17:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R125 06.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate(TAC index:5):2 total references
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
09-10-2006 AM 09:17:42 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 472
ThreadCreationTime : 09-10-2006 AM 07:32:46
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 09-10-2006 AM 07:32:47
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [incdsrv.exe]
FilePath : H:\Program Files\Ahead\InCD\
ProcessID : 900
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 4, 3, 12, 0
ProductVersion : 4, 3, 12, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [brsvc01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe
#:13 [brss01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1280
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1520
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [inetinfo.exe]
FilePath : C:\WINDOWS\system32\inetsrv\
ProcessID : 1568
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:17 [ftpsrvnt.exe]
FilePath : H:\Program Files\ArGo Software Design\FTP Server\
ProcessID : 1620
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 1.4.3.6
ProductVersion : 1.4
ProductName : ArGoSoft FTP Server for Windows NT/2000/XP
CompanyName : ArGo Software Design
FileDescription : FTP Server Service Application
LegalCopyright : © ArGo Software Design, 1999-2006
OriginalFilename : ftpsrvnt.exe
#:18 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1848
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1944
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 420
ThreadCreationTime : 09-10-2006 AM 07:33:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1460
ThreadCreationTime : 09-10-2006 AM 07:33:15
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:23 [isamonitor.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 1824
ThreadCreationTime : 09-10-2006 AM 07:33:16
BasePriority : Normal
#:24 [pmsngr.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 1836
ThreadCreationTime : 09-10-2006 AM 07:33:16
BasePriority : Normal
#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1712
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2080
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:27 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2088
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:28 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2096
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:29 [pmmon.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 2120
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:30 [isamini.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 2148
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:31 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2156
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 5.1.0.34
ProductVersion : 5.1.0.34
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:32 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 2188
ThreadCreationTime : 09-10-2006 AM 07:33:18
BasePriority : Normal
FileVersion : 2.5.0
ProductVersion : 2.5.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2006 Google Inc.
OriginalFilename : Picasa2.exe
#:33 [incd.exe]
FilePath : H:\Program Files\Ahead\InCD\
ProcessID : 2224
ThreadCreationTime : 09-10-2006 AM 07:33:18
BasePriority : Normal
FileVersion : 4, 3, 12, 0
ProductVersion : 4, 3, 12, 0
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe
#:34 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 2244
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 1,0,0,98
ProductVersion : 1,0,0,98
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright © 2005-2006
OriginalFilename : googletalk.exe
#:35 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2252
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:36 [gozilla.exe]
FilePath : H:\Program Files\Go!Zilla\
ProcessID : 2268
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 4, 1, 1, 39
ProductVersion : 4, 1, 1, 39
ProductName : Go!Zilla
CompanyName : DigitalCandle, Inc.
FileDescription : Go!Zilla
InternalName : Go!Zilla
LegalCopyright : Copyright © 2000-2002 DigitalCandle, Inc. All rights reserved.
LegalTrademarks : RSA Data Security, Inc. MD5 Message-Digest Algorithm
OriginalFilename : GoZilla.exe
Comments : http://www.gozilla.com
#:37 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\
ProcessID : 2276
ThreadCreationTime : 09-10-2006 AM 07:33:20
BasePriority : Normal
FileVersion : 1, 0, 720, 3640
ProductVersion : 1, 0, 720, 3640
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:38 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2312
ThreadCreationTime : 09-10-2006 AM 07:33:21
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:39 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 2496
ThreadCreationTime : 09-10-2006 AM 07:33:25
BasePriority : Normal
FileVersion : 1.2.567.20382.beta
ProductVersion : 1.2.567.20382.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater
#:40 [perstray.exe]
FilePath : H:\Program Files\PerSono\
ProcessID : 2544
ThreadCreationTime : 09-10-2006 AM 07:33:26
BasePriority : Normal
FileVersion : 2.04.000
ProductVersion : 2.04.000
ProductName : Persono
CompanyName : Plantronics
LegalCopyright : Copyright © 2002 Plantronics
#:41 [sistray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2576
ThreadCreationTime : 09-10-2006 AM 07:33:27
BasePriority : Normal
FileVersion : 0.0.0.3620
ProductVersion : 0.0.0.3620
ProductName : SiS ® Compatible Super VGA SiSTray application
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Tray Application
InternalName : SISTRAY 3.62.52
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : SISTRAY.EXE
Comments : SiS Compatible Super VGA Tray Application
#:42 [googledesktopdisplay.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2716
ThreadCreationTime : 09-10-2006 AM 07:33:31
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2788
ThreadCreationTime : 09-10-2006 AM 07:33:31
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:44 [wmplayer.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3108
ThreadCreationTime : 09-10-2006 AM 07:33:41
BasePriority : Normal
FileVersion : 10.00.00.3646
ProductVersion : 10.00.00.3646
ProductName : Microsoft® Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE
#:45 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3652
ThreadCreationTime : 09-10-2006 AM 07:49:16
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:46 [wfcrun32.exe]
FilePath : C:\PROGRA~1\Citrix\icaweb32\
ProcessID : 3576
ThreadCreationTime : 09-10-2006 AM 08:04:50
BasePriority : Normal
FileVersion : 9.150.39151
ProductVersion : 9.150
ProductName : Citrix ICA Client
CompanyName : Citrix Systems, Inc.
FileDescription : Remote Application Runtime (Win32 version)
InternalName : WFCRUN32
LegalCopyright : Copyright © 1990-2004 Citrix Systems, Inc.
OriginalFilename : WFCRUN32.EXE
#:47 [wfica32.exe]
FilePath : C:\PROGRA~1\Citrix\icaweb32\
ProcessID : 3424
ThreadCreationTime : 09-10-2006 AM 08:04:51
BasePriority : Normal
FileVersion : 9.150.39151
ProductVersion : 9.150
ProductName : Citrix ICA Client
CompanyName : Citrix Systems, Inc.
FileDescription : Citrix ICA Client Engine (Win32)
InternalName : WFICA32
LegalCopyright : Copyright © 1990-2004 Citrix Systems, Inc.
OriginalFilename : WFICA32.EXE
#:48 [ad-aware.exe]
FilePath : H:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 180
ThreadCreationTime : 09-10-2006 AM 08:14:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}
Aureate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1957994488-1409082233-682003330-1004\software\radiate
Aureate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\radiate
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
AM 09:28:35 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:53.141
Objects scanned:237537
Objects identified:4
Objects ignored:0
New critical objects:4
Thanks for your speedy response and clear instructions.
I hope I've done it right!
Logfiles are listed below:
Ad-Aware SE Build 1.06r1
Logfile Created on:09 October 2006 AM 09:17:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R125 06.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate(TAC index:5):2 total references
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
09-10-2006 AM 09:17:42 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 472
ThreadCreationTime : 09-10-2006 AM 07:32:46
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 09-10-2006 AM 07:32:47
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [incdsrv.exe]
FilePath : H:\Program Files\Ahead\InCD\
ProcessID : 900
ThreadCreationTime : 09-10-2006 AM 07:32:48
BasePriority : Normal
FileVersion : 4, 3, 12, 0
ProductVersion : 4, 3, 12, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [brsvc01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe
#:13 [brss01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1280
ThreadCreationTime : 09-10-2006 AM 07:32:49
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1520
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [inetinfo.exe]
FilePath : C:\WINDOWS\system32\inetsrv\
ProcessID : 1568
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:17 [ftpsrvnt.exe]
FilePath : H:\Program Files\ArGo Software Design\FTP Server\
ProcessID : 1620
ThreadCreationTime : 09-10-2006 AM 07:32:56
BasePriority : Normal
FileVersion : 1.4.3.6
ProductVersion : 1.4
ProductName : ArGoSoft FTP Server for Windows NT/2000/XP
CompanyName : ArGo Software Design
FileDescription : FTP Server Service Application
LegalCopyright : © ArGo Software Design, 1999-2006
OriginalFilename : ftpsrvnt.exe
#:18 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1848
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1944
ThreadCreationTime : 09-10-2006 AM 07:32:59
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 420
ThreadCreationTime : 09-10-2006 AM 07:33:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1460
ThreadCreationTime : 09-10-2006 AM 07:33:15
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:23 [isamonitor.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 1824
ThreadCreationTime : 09-10-2006 AM 07:33:16
BasePriority : Normal
#:24 [pmsngr.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 1836
ThreadCreationTime : 09-10-2006 AM 07:33:16
BasePriority : Normal
#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1712
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2080
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:27 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2088
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:28 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2096
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:29 [pmmon.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 2120
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:30 [isamini.exe]
FilePath : C:\Program Files\SoftCodec\
ProcessID : 2148
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
#:31 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2156
ThreadCreationTime : 09-10-2006 AM 07:33:17
BasePriority : Normal
FileVersion : 5.1.0.34
ProductVersion : 5.1.0.34
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:32 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 2188
ThreadCreationTime : 09-10-2006 AM 07:33:18
BasePriority : Normal
FileVersion : 2.5.0
ProductVersion : 2.5.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2006 Google Inc.
OriginalFilename : Picasa2.exe
#:33 [incd.exe]
FilePath : H:\Program Files\Ahead\InCD\
ProcessID : 2224
ThreadCreationTime : 09-10-2006 AM 07:33:18
BasePriority : Normal
FileVersion : 4, 3, 12, 0
ProductVersion : 4, 3, 12, 0
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe
#:34 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 2244
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 1,0,0,98
ProductVersion : 1,0,0,98
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright © 2005-2006
OriginalFilename : googletalk.exe
#:35 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2252
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:36 [gozilla.exe]
FilePath : H:\Program Files\Go!Zilla\
ProcessID : 2268
ThreadCreationTime : 09-10-2006 AM 07:33:19
BasePriority : Normal
FileVersion : 4, 1, 1, 39
ProductVersion : 4, 1, 1, 39
ProductName : Go!Zilla
CompanyName : DigitalCandle, Inc.
FileDescription : Go!Zilla
InternalName : Go!Zilla
LegalCopyright : Copyright © 2000-2002 DigitalCandle, Inc. All rights reserved.
LegalTrademarks : RSA Data Security, Inc. MD5 Message-Digest Algorithm
OriginalFilename : GoZilla.exe
Comments : http://www.gozilla.com
#:37 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\
ProcessID : 2276
ThreadCreationTime : 09-10-2006 AM 07:33:20
BasePriority : Normal
FileVersion : 1, 0, 720, 3640
ProductVersion : 1, 0, 720, 3640
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe
#:38 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2312
ThreadCreationTime : 09-10-2006 AM 07:33:21
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:39 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 2496
ThreadCreationTime : 09-10-2006 AM 07:33:25
BasePriority : Normal
FileVersion : 1.2.567.20382.beta
ProductVersion : 1.2.567.20382.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater
#:40 [perstray.exe]
FilePath : H:\Program Files\PerSono\
ProcessID : 2544
ThreadCreationTime : 09-10-2006 AM 07:33:26
BasePriority : Normal
FileVersion : 2.04.000
ProductVersion : 2.04.000
ProductName : Persono
CompanyName : Plantronics
LegalCopyright : Copyright © 2002 Plantronics
#:41 [sistray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2576
ThreadCreationTime : 09-10-2006 AM 07:33:27
BasePriority : Normal
FileVersion : 0.0.0.3620
ProductVersion : 0.0.0.3620
ProductName : SiS ® Compatible Super VGA SiSTray application
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Tray Application
InternalName : SISTRAY 3.62.52
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : SISTRAY.EXE
Comments : SiS Compatible Super VGA Tray Application
#:42 [googledesktopdisplay.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2716
ThreadCreationTime : 09-10-2006 AM 07:33:31
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2788
ThreadCreationTime : 09-10-2006 AM 07:33:31
BasePriority : Normal
FileVersion : 4.2006.627.443
ProductVersion : 4.2006.627.443
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:44 [wmplayer.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 3108
ThreadCreationTime : 09-10-2006 AM 07:33:41
BasePriority : Normal
FileVersion : 10.00.00.3646
ProductVersion : 10.00.00.3646
ProductName : Microsoft® Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE
#:45 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3652
ThreadCreationTime : 09-10-2006 AM 07:49:16
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:46 [wfcrun32.exe]
FilePath : C:\PROGRA~1\Citrix\icaweb32\
ProcessID : 3576
ThreadCreationTime : 09-10-2006 AM 08:04:50
BasePriority : Normal
FileVersion : 9.150.39151
ProductVersion : 9.150
ProductName : Citrix ICA Client
CompanyName : Citrix Systems, Inc.
FileDescription : Remote Application Runtime (Win32 version)
InternalName : WFCRUN32
LegalCopyright : Copyright © 1990-2004 Citrix Systems, Inc.
OriginalFilename : WFCRUN32.EXE
#:47 [wfica32.exe]
FilePath : C:\PROGRA~1\Citrix\icaweb32\
ProcessID : 3424
ThreadCreationTime : 09-10-2006 AM 08:04:51
BasePriority : Normal
FileVersion : 9.150.39151
ProductVersion : 9.150
ProductName : Citrix ICA Client
CompanyName : Citrix Systems, Inc.
FileDescription : Citrix ICA Client Engine (Win32)
InternalName : WFICA32
LegalCopyright : Copyright © 1990-2004 Citrix Systems, Inc.
OriginalFilename : WFICA32.EXE
#:48 [ad-aware.exe]
FilePath : H:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 180
ThreadCreationTime : 09-10-2006 AM 08:14:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}
Aureate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1957994488-1409082233-682003330-1004\software\radiate
Aureate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\radiate
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
AM 09:28:35 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:53.141
Objects scanned:237537
Objects identified:4
Objects ignored:0
New critical objects:4
Also my Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:35:44, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftCodec\isamonitor.exe
C:\Program Files\SoftCodec\pmsngr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SoftCodec\pmmon.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SoftCodec\isamini.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Go!Zilla\gozilla.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\PerSono\perstray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Ruurd Beerstra\IVT VT220 Telnet\ivt.exe
H:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided by doorphoneking@gmail.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp3102.tmp (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - H:\Program Files\Go!Zilla\GoIEHlp.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\SoftCodec\iesplugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdwareAlert] h:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Go!Zilla] "H:\Program Files\Go!Zilla\gozilla.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Go!Zilla.lnk = H:\Program Files\Go!Zilla\gozilla.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with Go!Zilla - file://H:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141667437359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9AF90FD-A27F-4ABB-967A-D1194BD96B09}: NameServer = 192.168.252.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ArGoSoft FTP Server (msFTPServerForm) - ArGo Software Design - H:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:35:44, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftCodec\isamonitor.exe
C:\Program Files\SoftCodec\pmsngr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SoftCodec\pmmon.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SoftCodec\isamini.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Go!Zilla\gozilla.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\PerSono\perstray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Ruurd Beerstra\IVT VT220 Telnet\ivt.exe
H:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided by doorphoneking@gmail.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp3102.tmp (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - H:\Program Files\Go!Zilla\GoIEHlp.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\SoftCodec\iesplugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdwareAlert] h:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Go!Zilla] "H:\Program Files\Go!Zilla\gozilla.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Go!Zilla.lnk = H:\Program Files\Go!Zilla\gozilla.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with Go!Zilla - file://H:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141667437359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9AF90FD-A27F-4ABB-967A-D1194BD96B09}: NameServer = 192.168.252.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ArGoSoft FTP Server (msFTPServerForm) - ArGo Software Design - H:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
Hi, I think I have sorted this one now. I followed the instructions in the following post: http://www.lavasoftsupport.com/index.php?showtopic=3697 and I think I got it.
Thanks anyway, Matt.
Thanks anyway, Matt.
Hi Matt,
You had the "softcodec" variant of Zlob (Smitfraud family) which was added to Ad-Aware's latest reference file:
SE1R128 18.10.2006
Make sure you update your Adaware and do a full system scan in case any remnants remain.
Did you also run SmitfraudFix from the other topic you found?
If so, could you post the report it generated. It is named: rapport.txt and located on your hard-drive (usually c:\rapport.txt
And also post a fresh HijackThis log for review.
You had the "softcodec" variant of Zlob (Smitfraud family) which was added to Ad-Aware's latest reference file:
SE1R128 18.10.2006
Make sure you update your Adaware and do a full system scan in case any remnants remain.
Did you also run SmitfraudFix from the other topic you found?
If so, could you post the report it generated. It is named: rapport.txt and located on your hard-drive (usually c:\rapport.txt
And also post a fresh HijackThis log for review.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.