I also can't rid this from my computer. i've pasted both the AA logfile and Hijackthis logfile.
Your assistance is greatly appreciated.
Thank you.
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, October 10, 2006 4:44:00 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R125 06.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
10-10-2006 4:44:00 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 556
ThreadCreationTime : 10-6-2006 2:49:50 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 10-6-2006 2:49:54 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 10-6-2006 2:49:56 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 10-6-2006 2:49:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 10-6-2006 2:49:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 10-6-2006 2:49:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 10-6-2006 2:49:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 10-6-2006 2:49:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [stylexpservice.exe]
FilePath : C:\Program Files\TGTSoft\StyleXP\
ProcessID : 1080
ThreadCreationTime : 10-6-2006 2:49:57 AM
BasePriority : Normal
FileVersion : 0, 20, 0, 3000
ProductVersion : 0, 20, 0, 3000
ProductName : StyleXPService Module
FileDescription : StyleXPService Module
InternalName : StyleXPService
LegalCopyright : Copyright 2001
OriginalFilename : StyleXPService.EXE
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1136
ThreadCreationTime : 10-6-2006 2:49:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1256
ThreadCreationTime : 10-6-2006 2:49:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [brsvc01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1532
ThreadCreationTime : 10-6-2006 2:49:59 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 10-6-2006 2:49:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [brss01a.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1564
ThreadCreationTime : 10-6-2006 2:49:59 AM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1752
ThreadCreationTime : 10-6-2006 2:50:07 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [brmfrmps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1860
ThreadCreationTime : 10-6-2006 2:50:08 AM
BasePriority : Normal
FileVersion : 1.10.10.144
ProductVersion : 1.45.11.403
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother Popup Suspend service ( for R/M )
InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager
LegalCopyright : Copyright © 2002 brother
OriginalFilename : BrmfRmps.exe
#:17 [isamonitor.exe]
FilePath : C:\Program Files\PCODEC\
ProcessID : 1972
ThreadCreationTime : 10-6-2006 2:50:08 AM
BasePriority : Normal
#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 10-6-2006 2:50:08 AM
BasePriority : Normal
FileVersion : 6.14.10.8198
ProductVersion : 6.14.10.8198
ProductName : NVIDIA Driver Helper Service, Version 81.98
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.98
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [zlclient.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\
ProcessID : 260
ThreadCreationTime : 10-6-2006 2:50:08 AM
BasePriority : Normal
FileVersion : 4.5.530.000
ProductVersion : 4.5.530.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:20 [pptd40nt.exe]
FilePath : C:\Program Files\ScanSoft\PaperPort\
ProcessID : 312
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 9.0
ProductVersion : 9.0
ProductName : PaperPort
CompanyName : ScanSoft, Inc.
FileDescription : PaperPort Print to Desktop for NT
InternalName : PPTD40NT
LegalCopyright : Copyright © 1993-2004 ScanSoft, Inc.
OriginalFilename : PPTD40NT.EXE
#:21 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 416
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 1.02.27b
CompanyName : VERITAS Software, Inc.
FileDescription : Direct Access Component
LegalCopyright : Copyright © VERITAS Software, Inc.
#:22 [sgtray.exe]
FilePath : C:\Program Files\VERITAS Software\StorageGuard\
ProcessID : 444
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 1.00.90a
CompanyName : VERITAS Software, Inc.
FileDescription : VERITAS StorageGuard
LegalCopyright : Copyright © 2000 VERITAS Software, Inc.
#:23 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 476
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
#:24 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1138860219\ee\
ProcessID : 484
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 1.4.16.3
ProductVersion : 1.4.16.3
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:25 [vttimer.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 2.00.01-0307
ProductVersion : 2.00.01-0307
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2005 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 10-6-2006 2:50:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:27 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 140
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:28 [isamini.exe]
FilePath : C:\Program Files\PCODEC\
ProcessID : 908
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
#:29 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 916
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
FileVersion : 8.0.3.1112
ProductVersion : 8.0.3.1112
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:30 [stylexp.exe]
FilePath : C:\Program Files\TGTSoft\StyleXP\
ProcessID : 944
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
FileVersion : 0, 21, 0, 0
ProductVersion : 0, 21, 0, 0
ProductName : StyleXP Application
FileDescription : StyleXP Application
InternalName : StyleXP
LegalCopyright : Copyright © 2001-2004 TGT Soft Corp
OriginalFilename : StyleXP.EXE
#:31 [profiler.exe]
FilePath : C:\Program Files\Saitek\Software\
ProcessID : 996
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
FileVersion : 2.6.0.37
ProductVersion : 2.6 Build 0037
ProductName : Configuration Software
CompanyName : Saitek
FileDescription : Manual Configuration
InternalName : Profiler
LegalCopyright : Copyright © Saitek plc 2002
OriginalFilename : Profiler.exe
#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1032
ThreadCreationTime : 10-6-2006 2:50:10 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:33 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 1208
ThreadCreationTime : 10-6-2006 2:50:11 AM
BasePriority : Normal
#:34 [mssysmgr.exe]
FilePath : C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\
ProcessID : 1276
ThreadCreationTime : 10-6-2006 2:50:11 AM
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : PhotoShow Media Manager
CompanyName : Simple Star, Inc.
FileDescription : PhotoShow Media Manager
LegalCopyright : Copyright © 2003-2005 Simple Star, Inc.
OriginalFilename : mssysmgr.exe
#:35 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 10-6-2006 2:50:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:36 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1452
ThreadCreationTime : 10-6-2006 2:50:12 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:37 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 1372
ThreadCreationTime : 10-6-2006 2:50:12 AM
BasePriority : Normal
FileVersion : 4.0.1
ProductVersion : 4.0.1
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
#:38 [setpoint.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 1620
ThreadCreationTime : 10-6-2006 2:50:12 AM
BasePriority : Normal
FileVersion : 2.40.849
ProductVersion : 2.40.849
ProductName : Logitech SetPoint
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint Event Manager (UNICODE)
InternalName : SetPoint
LegalCopyright : © 1998-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
OriginalFilename : SetPoint.exe
Comments : Created by the Productivity Software team
#:39 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1628
ThreadCreationTime : 10-6-2006 2:50:13 AM
BasePriority : Normal
FileVersion : 4.5.530.000
ProductVersion : 4.5.530.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:40 [khalmnpr.exe]
FilePath : C:\Program Files\Common Files\Logitech\KHAL\
ProcessID : 1776
ThreadCreationTime : 10-6-2006 2:50:14 AM
BasePriority : Normal
FileVersion : 2.40.840
ProductVersion : 2.40.840
ProductName : Logitech SetPoint
CompanyName : Logitech Inc.
FileDescription : Logitech KHAL Main Process
InternalName : KHAL
LegalCopyright : © 1998-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.EXE
Comments : Created by the Productivity Software team
#:41 [lvcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2260
ThreadCreationTime : 10-6-2006 2:50:16 AM
BasePriority : Normal
FileVersion : 8.0.3.1110
ProductVersion : 8.0.3.1110
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:42 [lowlight.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2436
ThreadCreationTime : 10-6-2006 2:50:20 AM
BasePriority : Normal
FileVersion : 8.0.3.1112
ProductVersion : 8.0.3.1112
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Automatic Low Light Module
InternalName : LowLight.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LowLight.exe
#:43 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2828
ThreadCreationTime : 10-6-2006 2:50:28 AM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:44 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3252
ThreadCreationTime : 10-6-2006 2:50:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:45 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3760
ThreadCreationTime : 10-6-2006 2:50:37 AM
BasePriority : Normal
FileVersion : 1.5.0526.0
ProductVersion : 1.5.0526.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe
#:46 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4036
ThreadCreationTime : 10-6-2006 2:50:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:47 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1636
ThreadCreationTime : 10-6-2006 2:51:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:48 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2140
ThreadCreationTime : 10-10-2006 10:39:49 PM
BasePriority : Normal
#:49 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 3068
ThreadCreationTime : 10-10-2006 11:29:45 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
5:00:47 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:46.797
Objects scanned:202912
Objects identified:2
Objects ignored:0
New critical objects:2
Logfile of HijackThis v1.99.1
Scan saved at 7:06:27 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\PCODEC\isamonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1138860219\ee\AOLSoftware.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PCODEC\isamini.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\PCODEC\iesplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138860219\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pikachu\Start Menu\Programs\Internet Stuff\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130039752082
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe