Hi friend´s. Merry Christmas to you all.
After install a sofftware, my pc was infected by WIN32.TROJANDOWNLOADER.ZLOB. After thousand of uses of the ad-aware software and do all the instructions of the software, the malware stiil in there.
I´m sending the log file too...
Someone can help´me, please.....
Thanks
Ad-Aware SE Build 1.06r1
Logfile Created on:terça-feira, 26 de dezembro de 2006 14:35:06
Using definitions file:SE1R140 18.12.2006
Computer name:WINXP-A3CA6533F
User name:Julio
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Win32.Trojandownloader.Zlob(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R140 18.12.2006
Internal build : 176
File location : C:\ARQUIV~1\Lavasoft\AD-AWA~1\defs.ref
File size : 900556 Bytes
Total size : 2938809 Bytes
Signature data size : 2889075 Bytes
Reference data size : 49222 Bytes
Signatures total : 78386
CSI Fingerprints total : 4901
CSI data size : 219293 Bytes
Target categories : 15
Target families : 1010
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Non Intel
Memory available:58 %
Total physical memory:2078584 kb
Available physical memory:1186884 kb
Total page file size:4017232 kb
Available on page file:3263768 kb
Total virtual memory:2097024 kb
Available virtual memory:2029700 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include info about ignored objects in log file, if detected in scan
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include computer and username in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
26-12-2006 14:35:06 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 772
ThreadCreationTime : 26-12-2006 16:12:05
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 26-12-2006 16:12:11
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 26-12-2006 16:12:13
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 26-12-2006 16:12:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicativo de serviços e controle
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 26-12-2006 16:12:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 26-12-2006 16:12:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1160
ThreadCreationTime : 26-12-2006 16:12:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1288
ThreadCreationTime : 26-12-2006 16:12:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1400
ThreadCreationTime : 26-12-2006 16:12:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 26-12-2006 16:12:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1652
ThreadCreationTime : 26-12-2006 16:12:21
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [dpwinlct.exe]
FilePath : C:\Arquivos de programas\DigitalPersona\Bin\
ProcessID : 1760
ThreadCreationTime : 26-12-2006 16:12:22
BasePriority : Normal
#:13 [guard.exe]
FilePath : C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1880
ThreadCreationTime : 26-12-2006 16:12:29
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:14 [awserv.exe]
FilePath : C:\Arquivos de programas\Intel\IDU\
ProcessID : 1892
ThreadCreationTime : 26-12-2006 16:12:29
BasePriority : Normal
FileVersion : 1.6.29.86
ProductVersion : 1.5
ProductName : AdminWorks
CompanyName : OSA Technologies Inc., An Avocent Company
FileDescription : AdminWorks Agent
LegalCopyright : Copyright 2006 OSA Technologies Inc., An Avocent Company
OriginalFilename : awServ.exe
#:15 [dphost.exe]
FilePath : C:\Arquivos de programas\DigitalPersona\Bin\
ProcessID : 1944
ThreadCreationTime : 26-12-2006 16:12:37
BasePriority : Normal
#:16 [gearsec.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2016
ThreadCreationTime : 26-12-2006 16:12:37
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe
#:17 [incdsrv.exe]
FilePath : C:\Arquivos de programas\Nero\Nero 7\InCD\
ProcessID : 2036
ThreadCreationTime : 26-12-2006 16:12:37
BasePriority : Normal
FileVersion : 5, 5, 0, 11
ProductVersion : 5, 5, 0, 11
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 2006 Nero AG and its licensors
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe
#:18 [lssrvc.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\LightScribe\
ProcessID : 144
ThreadCreationTime : 26-12-2006 16:12:39
BasePriority : Normal
FileVersion : 1.4.113.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe
#:19 [mbackmonitor.exe]
FilePath : C:\Arquivos de programas\McAfee\MBK\
ProcessID : 284
ThreadCreationTime : 26-12-2006 16:12:44
BasePriority : Normal
#:20 [hwapi.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\
ProcessID : 480
ThreadCreationTime : 26-12-2006 16:12:49
BasePriority : Normal
FileVersion : 8.1.105.0
ProductVersion : 8.1.105.0
ProductName : McAfee HackerWatch Service
CompanyName : McAfee, Inc.
FileDescription : McAfee HackerWatch Service
LegalCopyright : © McAfee, Inc. All rights reserved.
OriginalFilename : HWAPI.exe
#:21 [mclogsrv.exe]
FilePath : C:\ARQUIV~1\McAfee\MSC\
ProcessID : 520
ThreadCreationTime : 26-12-2006 16:12:49
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MSC Log Manager
InternalName : mclogsrv
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mclogsrv.exe
#:22 [mcupdmgr.exe]
FilePath : C:\ARQUIV~1\McAfee\MSC\
ProcessID : 548
ThreadCreationTime : 26-12-2006 16:12:50
BasePriority : Normal
FileVersion : 7,1,137,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Update Manager Service
InternalName : mcupdmgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcupdmgr.exe
#:23 [mcnasvc.exe]
FilePath : c:\arquivos de programas\arquivos comuns\mcafee\mna\
ProcessID : 580
ThreadCreationTime : 26-12-2006 16:12:51
BasePriority : Normal
FileVersion : 1,1,110,0
ProductVersion : 1,1,0,0
ProductName : McAfee Integrated Security Platform
CompanyName : McAfee, Inc.
FileDescription : McAfee Network Agent
InternalName : McNASvc
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McNASvc.exe
#:24 [mcods.exe]
FilePath : C:\ARQUIV~1\McAfee\VIRUSS~1\
ProcessID : 616
ThreadCreationTime : 26-12-2006 16:12:52
BasePriority : Normal
FileVersion : 11,1,124,0
ProductVersion : 11,1,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan - On Demand Scan
InternalName : mcods.exe
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcods.exe
#:25 [mcpromgr.exe]
FilePath : C:\ARQUIV~1\McAfee\MSC\
ProcessID : 644
ThreadCreationTime : 26-12-2006 16:12:52
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McProMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProMgr.exe
#:26 [mcproxy.exe]
FilePath : c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\
ProcessID : 712
ThreadCreationTime : 26-12-2006 16:12:53
BasePriority : Normal
FileVersion : 1,1,118,0
ProductVersion : 1,1,0,0
ProductName : McAfee Proxy
CompanyName : McAfee, Inc.
FileDescription : McAfee Proxy Service Module
InternalName : McProxy
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProxy.exe
Comments : McAfee Proxy Service
#:27 [redirsvc.exe]
FilePath : c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\
ProcessID : 804
ThreadCreationTime : 26-12-2006 16:12:53
BasePriority : Normal
FileVersion : 1,1,116,0
ProductVersion : 1,1,0,0
ProductName : McAfee Redirector
CompanyName : McAfee, Inc.
FileDescription : McAfee Redirector Service Module
InternalName : McRedirector
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : RedirSvc.exe
Comments : McAfee Redirector Service
#:28 [mcshield.exe]
FilePath : C:\ARQUIV~1\McAfee\VIRUSS~1\
ProcessID : 836
ThreadCreationTime : 26-12-2006 16:12:54
BasePriority : High
#:29 [mcsysmon.exe]
FilePath : C:\ARQUIV~1\McAfee\VIRUSS~1\
ProcessID : 1144
ThreadCreationTime : 26-12-2006 16:12:55
BasePriority : Normal
FileVersion : 11,1,125,0
ProductVersion : 11,1,0,0
ProductName : McAfee VirusScan API
CompanyName : McAfee, Inc.
FileDescription : McAfee SystemGuards Service
InternalName : sysmon
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : sysmon.exe
#:30 [mctskshd.exe]
FilePath : C:\ARQUIV~1\McAfee\MSC\
ProcessID : 1356
ThreadCreationTime : 26-12-2006 16:13:00
BasePriority : Normal
FileVersion : 7,1,133,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Tqsk Scheduler
InternalName : McTskShd
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mctskshd.exe
#:31 [mcusrmgr.exe]
FilePath : C:\ARQUIV~1\McAfee\MSC\
ProcessID : 1380
ThreadCreationTime : 26-12-2006 16:13:00
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MISP User Manager
InternalName : McUsrMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McUsrMgr.exe
#:32 [mdm.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\
ProcessID : 1428
ThreadCreationTime : 26-12-2006 16:13:01
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:33 [mpfsrv.exe]
FilePath : C:\Arquivos de programas\McAfee\MPF\
ProcessID : 1476
ThreadCreationTime : 26-12-2006 16:13:01
BasePriority : Normal
FileVersion : 8.1.123.0
ProductVersion : 8.1.123.0
ProductName : McAfee Personal Firewall
CompanyName : McAfee, Inc.
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:34 [mscams32.exe]
FilePath : C:\Arquivos de programas\Microsoft LifeCam\
ProcessID : 1500
ThreadCreationTime : 26-12-2006 16:13:03
BasePriority : Normal
#:35 [msksrver.exe]
FilePath : C:\Arquivos de programas\McAfee\MSK\
ProcessID : 1832
ThreadCreationTime : 26-12-2006 16:13:03
BasePriority : Normal
FileVersion : 8.1.117.0
ProductVersion : 8.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller MskServer
InternalName : MskServe
LegalCopyright : Copyright © 2006, McAfee Inc.
OriginalFilename : MskServe.exe
#:36 [sqlservr.exe]
FilePath : C:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\
ProcessID : 1976
ThreadCreationTime : 26-12-2006 16:13:04
BasePriority : Normal
FileVersion : 2000.080.2039.00
ProductVersion : 8.00.2039
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:37 [mwlsvc.exe]
FilePath : C:\Arquivos de programas\Mcafee\MWL\
ProcessID : 2136
ThreadCreationTime : 26-12-2006 16:13:08
BasePriority : Normal
FileVersion : 2,1,123,0
ProductVersion : 2,1,0,0
ProductName : McAfee Wireless Network Security
CompanyName : McAfee, Inc.
FileDescription : McAfee Wireless Network Security Service
InternalName : MwlSvc
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MwlSvc.exe
#:38 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2460
ThreadCreationTime : 26-12-2006 16:13:20
BasePriority : Normal
FileVersion : 6.14.10.9371
ProductVersion : 6.14.10.9371
ProductName : NVIDIA Driver Helper Service, Version 93.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 93.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:39 [sdhelp.exe]
FilePath : C:\Arquivos de programas\Spyware Doctor\
ProcessID : 2608
ThreadCreationTime : 26-12-2006 16:13:24
BasePriority : Normal
FileVersion : 3.6.0.2026
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
#:40 [saservice.exe]
FilePath : C:\Arquivos de programas\SiteAdvisor\4608\
ProcessID : 2732
ThreadCreationTime : 26-12-2006 16:13:28
BasePriority : Normal
#:41 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3004
ThreadCreationTime : 26-12-2006 16:13:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:42 [dpfusmgr.exe]
FilePath : C:\Arquivos de programas\DigitalPersona\Bin\
ProcessID : 3068
ThreadCreationTime : 26-12-2006 16:13:29
BasePriority : Normal
#:43 [searchindexer.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3296
ThreadCreationTime : 26-12-2006 16:13:36
BasePriority : Normal
FileVersion : 6.0.5486.108 (winmain(wmbla).060818-2106)
ProductVersion : 6.0.5486.108
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Windows Search Indexer
InternalName : SearchIndexer.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SearchIndexer.exe
#:44 [mps.exe]
FilePath : C:\ARQUIV~1\McAfee\MPS\
ProcessID : 3360
ThreadCreationTime : 26-12-2006 16:13:42
BasePriority : Normal
FileVersion : 9.1.137.0
ProductVersion : 9.1.137.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0
InternalName : mps9
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mps.exe
#:45 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3884
ThreadCreationTime : 26-12-2006 16:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:46 [mpsevh.exe]
FilePath : C:\Arquivos de programas\McAfee\MPS\
ProcessID : 2896
ThreadCreationTime : 26-12-2006 16:14:28
BasePriority : Normal
FileVersion : 9.1.130.0
ProductVersion : 9.1.130.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0 Event Handler
InternalName : MpsEventHandler
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mpsevh.exe
#:47 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2964
ThreadCreationTime : 26-12-2006 16:14:31
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operacional Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.
OriginalFilename : EXPLORER.EXE
#:48 [mcagent.exe]
FilePath : c:\ARQUIV~1\mcafee.com\agent\
ProcessID : 3812
ThreadCreationTime : 26-12-2006 16:14:37
BasePriority : Normal
FileVersion : 7,1,133,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McAgent
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McAgent.exe
#:49 [logonhook.exe]
FilePath : C:\Arquivos de programas\McAfee\MBK\
ProcessID : 3768
ThreadCreationTime : 26-12-2006 16:14:56
BasePriority : Normal
#:50 [avgas.exe]
FilePath : C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3952
ThreadCreationTime : 26-12-2006 16:15:00
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe
#:51 [vvx6000.exe]
FilePath : C:\WINDOWS\
ProcessID : 2828
ThreadCreationTime : 26-12-2006 16:15:10
BasePriority : Normal
#:52 [vm_sti.exe]
FilePath : C:\WINDOWS\
ProcessID : 2880
ThreadCreationTime : 26-12-2006 16:15:27
BasePriority : Normal
FileVersion : 4.2.610.4
CompanyName : VM.
FileDescription : Still Image (STI) Driver
LegalCopyright : VM., 2002.
OriginalFilename : VM_STI.EXE
Comments : For Windows XP only
#:53 [windowssearch.exe]
FilePath : C:\Arquivos de programas\Windows Desktop Search\
ProcessID : 1772
ThreadCreationTime : 26-12-2006 16:15:31
BasePriority : Normal
FileVersion : 6.0.5486.108 (winmain(wmbla).060818-2106)
ProductVersion : 6.0.5486.108
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Desktop Search System Tray
InternalName : WindowsSearch.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WindowsSearch.exe
#:54 [msnmsgr.exe]
FilePath : C:\Arquivos de programas\MSN Messenger\
ProcessID : 456
ThreadCreationTime : 26-12-2006 16:15:40
BasePriority : Normal
FileVersion : 8.1.0168.00_ClientV8.1
ProductVersion : 8.1.0168
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:55 [sttray.exe]
FilePath : C:\Arquivos de programas\SigmaTel\C-Major Audio\STACGUI\
ProcessID : 140
ThreadCreationTime : 26-12-2006 16:15:45
BasePriority : Normal
FileVersion : 1.0.5067.0 nd477 cp1
ProductVersion : 1.0.5067.0 nd477 cp1
ProductName : C-Major Audio
CompanyName : SigmaTel, Inc.
FileDescription : Sigmatel Audio system tray application
InternalName : stsystray.exe
LegalCopyright : Copyright © 2004-2006, SigmaTel, Inc.
OriginalFilename : stsystray.exe
#:56 [iptray.exe]
FilePath : C:\Arquivos de programas\Intel\IDU\
ProcessID : 1888
ThreadCreationTime : 26-12-2006 16:15:49
BasePriority : Normal
FileVersion : 3.0.6.10
ProductVersion : 3.0
ProductName : Intel® Desktop Utilities
CompanyName : OSA Technologies Inc., An Avocent Company
FileDescription : Tray Program for Intel® Desktop Utilities
InternalName : TEAL
LegalCopyright : Copyright 2005 OSA Technologies Inc., An Avocent Company
#:57 [ad-watch.exe]
FilePath : C:\ARQUIV~1\Lavasoft\AD-AWA~1\
ProcessID : 2324
ThreadCreationTime : 26-12-2006 16:15:53
BasePriority : Idle
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:58 [incd.exe]
FilePath : C:\Arquivos de programas\Nero\Nero 7\InCD\
ProcessID : 2516
ThreadCreationTime : 26-12-2006 16:15:58
BasePriority : Normal
FileVersion : 5, 5, 0, 11
ProductVersion : 5, 5, 0, 11
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 2006 Nero AG and its licensors
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe
#:59 [itype.exe]
FilePath : C:\Arquivos de programas\Microsoft IntelliType Pro\
ProcessID : 4440
ThreadCreationTime : 26-12-2006 16:16:07
BasePriority : Normal
#:60 [sidebar_clear.exe]
FilePath : C:\Documents and Settings\Julio\Meus documentos\windows_sidebar_XP_PT_BR\Windows Sidebar\
ProcessID : 4484
ThreadCreationTime : 26-12-2006 16:16:11
BasePriority : Normal
FileVersion : 6.0.5744.16384 (vista_rtm_edw.061003-1945)
ProductVersion : 1.0.5744.16384
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI
#:61 [sidebar_clear.exe]
FilePath : C:\Documents and Settings\Julio\Meus documentos\windows_sidebar_XP_PT_BR\Windows Sidebar\
ProcessID : 4512
ThreadCreationTime : 26-12-2006 16:16:12
BasePriority : Normal
FileVersion : 6.0.5744.16384 (vista_rtm_edw.061003-1945)
ProductVersion : 1.0.5744.16384
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI
#:62 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4568
ThreadCreationTime : 26-12-2006 16:16:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:63 [mskagent.exe]
FilePath : C:\ARQUIV~1\McAfee\MSK\
ProcessID : 4608
ThreadCreationTime : 26-12-2006 16:16:15
BasePriority : Normal
FileVersion : 8.1.117.0
ProductVersion : 8.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller MskAgent Application
InternalName : MskAgent
LegalCopyright : Copyright © 2006, McAfee Inc.
OriginalFilename : MskAgent.exe
#:64 [usnsvc.exe]
FilePath : C:\Arquivos de programas\MSN Messenger\
ProcessID : 4788
ThreadCreationTime : 26-12-2006 16:16:21
BasePriority : Normal
FileVersion : 8.1.0168.00_ClientV8.1
ProductVersion : 8.1.0168
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : usnsvc.exe
#:65 [netdetector.exe]
FilePath : c:\windows\system32\
ProcessID : 5536
ThreadCreationTime : 26-12-2006 16:16:29
BasePriority : Normal
FileVersion : 1.00.0040
ProductVersion : 1.00.0040
ProductName : Net Detector
InternalName : NetDetector
OriginalFilename : NetDetector.exe
#:66 [sfagent.exe]
FilePath : C:\Arquivos de programas\Startup Faster 2004\
ProcessID : 5840
ThreadCreationTime : 26-12-2006 16:16:38
BasePriority : Normal
FileVersion : 2.5.5.2628
ProductVersion : 2.5.5
ProductName : Startup Faster! 2004
CompanyName : URSoft,Inc
FileDescription : Startup Faster! 2004 - Boot Windows faster.
InternalName : sf.exe
LegalCopyright : Copyright ?1998-2004 URSoft,Inc.
#:67 [cursorxp.exe]
FilePath : C:\Arquivos de programas\CursorXP\
ProcessID : 6016
ThreadCreationTime : 26-12-2006 16:16:43
BasePriority : High
#:68 [ipoint.exe]
FilePath : C:\Arquivos de programas\Microsoft IntelliPoint\
ProcessID : 4368
ThreadCreationTime : 26-12-2006 16:16:48
BasePriority : Normal
#:69 [mwlgui.exe]
FilePath : C:\Arquivos de programas\Mcafee\MWL\
ProcessID : 5084
ThreadCreationTime : 26-12-2006 16:17:00
BasePriority : Normal
FileVersion : 2,1,123,0
ProductVersion : 2,1,0,0
ProductName : McAfee Wireless Network Security
CompanyName : McAfee, Inc.
FileDescription : McAfee Wireless Network Security User Interface
InternalName : MwlGui
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MwlGui.EXE
#:70 [firefox.exe]
FilePath : C:\Arquivos de programas\Mozilla Firefox\
ProcessID : 5276
ThreadCreationTime : 26-12-2006 16:17:05
BasePriority : Normal
#:71 [dvzincmsgr.exe]
FilePath : C:\Arquivos de programas\Arquivos comuns\DataViz\
ProcessID : 6056
ThreadCreationTime : 26-12-2006 16:17:09
BasePriority : Normal
FileVersion : 6,0,1,723
ProductVersion : 6,0,1,723
ProductName : Documents To Go
CompanyName : DataViz, Inc.
FileDescription : DataViz Update Checker
InternalName : Web Savvy Agent
LegalCopyright : Copyright © 1998-2004 by DataViz, Inc.
OriginalFilename : WebSavvyAgent.exe
Comments : This component checks for updates of DataViz products.
#:72 [siteadv.exe]
FilePath : C:\Arquivos de programas\SiteAdvisor\4608\
ProcessID : 2940
ThreadCreationTime : 26-12-2006 16:17:13
BasePriority : Normal
FileVersion : 2.1.1.35
ProductVersion : 2.1.1.35
ProductName : SiteAdvisor
CompanyName : McAfee, Inc.
FileDescription : SiteAdvisor
InternalName : SiteAdv
LegalCopyright : Copyright McAfee, Inc. All rights reserved.
OriginalFilename : SiteAdv
#:73 [spuvolumewatcher.exe]
FilePath : C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\
ProcessID : 4240
ThreadCreationTime : 26-12-2006 16:17:21
BasePriority : Normal
#:74 [searchprotocolhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2192
ThreadCreationTime : 26-12-2006 16:24:35
BasePriority : Below Normal
FileVersion : 6.0.5486.108 (winmain(wmbla).060818-2106)
ProductVersion : 6.0.5486.108
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Windows Search Protocol Host
InternalName : SearchProtocolHost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SearchProtocolHost.exe
#:75 [emproxy.exe]
FilePath : C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\
ProcessID : 5600
ThreadCreationTime : 26-12-2006 16:31:22
BasePriority : Normal
FileVersion : 11,2,115,0
ProductVersion : 11,2,0,0
ProductName : McAfee Email Proxy
CompanyName : McAfee, Inc.
FileDescription : McAfee Email Proxy
InternalName : EmProxy
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : EmProxy.exe
#:76 [searchfilterhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4048
ThreadCreationTime : 26-12-2006 16:33:11
BasePriority : Below Normal
FileVersion : 6.0.5486.108 (winmain(wmbla).060818-2106)
ProductVersion : 6.0.5486.108
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Windows Search Filter Host
InternalName : SearchFilterHost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SearchFilterHost.exe
#:77 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 1968
ThreadCreationTime : 26-12-2006 16:33:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:78 [ad-aware.exe]
FilePath : C:\ARQUIV~1\Lavasoft\AD-AWA~1\
ProcessID : 3212
ThreadCreationTime : 26-12-2006 16:34:29
BasePriority : Idle
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-1532298954-839522115-1004\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {96ebbe6a-2864-4345-b32b-26ee9be524b5}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\Julio\CONFIG~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1
MRU List Object Recognized!
Location: : S-1-5-21-789336058-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
14:35:40 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:33.859
Objects scanned:102462
Objects identified:1
Objects ignored:0
New critical objects:1
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hello,drjuliocezar & Welcome
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
First make sure to update AVG anti-spyware you will be using in Safe Mode.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
Then
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log and the AVG anti-spyware log in your next reply.
Gogo
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
First make sure to update AVG anti-spyware you will be using in Safe Mode.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
Then
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log and the AVG anti-spyware log in your next reply.
Gogo
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.