Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad-aware Is Not Getting Rid Of The Viruses


  • Please log in to reply
11 replies to this topic

#1 graphix21

graphix21

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 04 October 2006 - 10:25 PM

hi

my computer is infected(obviously), i only got to the first stage which is scanning my computer with Ad-Aware, everytime the scanning is in process, my Norton Antivirus will pop up and say " detected virus on your computer", it is always the Spyware Quake, then Trojan Horse, because my ad-aware still running, i just ignored Norton Antivirus. am i suppose to close my norton antivirus before i start ad-aware? if so, how?

then the scanning is done. found 2 critical objects.
1. Name: win32.Trojandownloader.Zlob
object: HKEY.CLASSES.ROOT:clsid\{873eb......................

2. Name: win32.Trojandownloader.Zlob
object: HKEY.LOCAL.MACHINE:software....................

then i quarantine n delete them, restart my computer, n scan it again. the same critical obejcts were found again. i've done this for more than 5 times.

please tell me what else i should do. i've also read the Ad-aware tutorials n follow it step by step.

if ad-ware doesnt get rid of the problem, do i continue with Search&Destroy..?

BC AdBot (Login to Remove)

 


#2 graphix21

graphix21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 05 October 2006 - 05:14 AM

here's my log file...
_____________________________________________________________________


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, 5 October 2006 10:48:31 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R124 19.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R124 19.09.2006
Internal build : 152
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 790565 Bytes
Total size : 2559852 Bytes
Signature data size : 2510913 Bytes
Reference data size : 48427 Bytes
Signatures total : 68975
CSI Fingerprints total : 3884
CSI data size : 159891 Bytes
Target categories : 15
Target families : 983


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:260016 kb
Available physical memory:138184 kb
Total page file size:639820 kb
Available on page file:329112 kb
Total virtual memory:2097024 kb
Available virtual memory:2031516 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2006 10:48:31 p.m. - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 5-10-2006 7:14:57 a.m.
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 5-10-2006 7:14:59 a.m.
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 5-10-2006 7:15:01 a.m.
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 5-10-2006 7:15:03 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 5-10-2006 7:15:03 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 5-10-2006 7:15:05 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 5-10-2006 7:15:06 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 824
ThreadCreationTime : 5-10-2006 7:15:06 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 972
ThreadCreationTime : 5-10-2006 7:15:08 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 5-10-2006 7:15:08 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1100
ThreadCreationTime : 5-10-2006 7:15:08 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1232
ThreadCreationTime : 5-10-2006 7:15:09 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1332
ThreadCreationTime : 5-10-2006 7:15:09 a.m.
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:14 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1360
ThreadCreationTime : 5-10-2006 7:15:09 a.m.
BasePriority : Normal
FileVersion : 103.5.9.2
ProductVersion : 103.5.9.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:15 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1372
ThreadCreationTime : 5-10-2006 7:15:10 a.m.
BasePriority : Normal
FileVersion : 103.5.8.2
ProductVersion : 103.5.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:16 [issvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1404
ThreadCreationTime : 5-10-2006 7:15:10 a.m.
BasePriority : Normal
FileVersion : 8.5.0.113
ProductVersion : 8.5
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : ISSVC.exe

#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1452
ThreadCreationTime : 5-10-2006 7:15:11 a.m.
BasePriority : Normal
FileVersion : 11.5.7.5
ProductVersion : 11.5.7
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1608
ThreadCreationTime : 5-10-2006 7:15:12 a.m.
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1684
ThreadCreationTime : 5-10-2006 7:15:13 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1720
ThreadCreationTime : 5-10-2006 7:15:13 a.m.
BasePriority : Normal
FileVersion : 1.8.54.841
ProductVersion : 1.8.54.841
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:21 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1808
ThreadCreationTime : 5-10-2006 7:15:14 a.m.
BasePriority : Normal
FileVersion : 103.5.8.2
ProductVersion : 103.5.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:22 [issearch.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1880
ThreadCreationTime : 5-10-2006 7:15:18 a.m.
BasePriority : Normal


#:23 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1908
ThreadCreationTime : 5-10-2006 7:15:18 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1918
ProductVersion : 7,0,0,1918
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:24 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1916
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 3,0,0,1918
ProductVersion : 7,0,0,1918
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:25 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1924
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:26 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 1932
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 1.63
ProductVersion : 1.63
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE

#:27 [launchap.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 1940
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright © 2001
OriginalFilename : LaunchAp.EXE

#:28 [powerkey.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 1952
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
FileDescription : Powerkey
InternalName : Powerkey
LegalCopyright : Copyright © 2001
OriginalFilename : Powerkey.exe

#:29 [hotkeyapp.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 1960
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 1, 0, 2, 3
ProductVersion : 1, 0, 2, 3
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe

#:30 [ctrlvol.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 1968
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal


#:31 [wbutton.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 1980
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE

#:32 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2004
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:33 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2012
ThreadCreationTime : 5-10-2006 7:15:19 a.m.
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:34 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2024
ThreadCreationTime : 5-10-2006 7:15:20 a.m.
BasePriority : Normal
FileVersion : 103.5.8.2
ProductVersion : 103.5.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:35 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2044
ThreadCreationTime : 5-10-2006 7:15:20 a.m.
BasePriority : Normal


#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 128
ThreadCreationTime : 5-10-2006 7:15:21 a.m.
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:37 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 156
ThreadCreationTime : 5-10-2006 7:15:21 a.m.
BasePriority : Normal


#:38 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 388
ThreadCreationTime : 5-10-2006 7:15:26 a.m.
BasePriority : Normal


#:39 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 684
ThreadCreationTime : 5-10-2006 7:15:35 a.m.
BasePriority : Normal


#:40 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2772
ThreadCreationTime : 5-10-2006 7:16:50 a.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:41 [googledesktopoe.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3368
ThreadCreationTime : 5-10-2006 7:19:12 a.m.
BasePriority : Normal


#:42 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2516
ThreadCreationTime : 5-10-2006 8:55:39 a.m.
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:43 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2708
ThreadCreationTime : 5-10-2006 8:56:37 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2472
ThreadCreationTime : 5-10-2006 9:45:34 a.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{873eb32d-ae1a-4183-89bd-45a77f761be4}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

11:05:56 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:24.750
Objects scanned:138737
Objects identified:2
Objects ignored:0
New critical objects:2

#3 graphix21

graphix21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 08 October 2006 - 02:45 AM

can someone pls tell me why my topic has been moved..??
does that mean im not gonna get any help?

#4 Wildabeast

Wildabeast

    Bleeping Lurker...


  • Members
  • 1,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska, USA
  • Local time:06:54 AM

Posted 08 October 2006 - 02:55 AM

Ad Aware is for spy ware, use the Norton Anti virus. Run Norton, it should pick this up and at the end of the scan you can quarentine or delete the infected file. Make sure Norton AV is up to date with the latest updates.
"The nine most feared words in the english language, 'I'm from the government, and I'm here to help'..."
Ronald Reagan

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 08 October 2006 - 06:57 AM

While Ad-aware and Spybot S&D are very good tools, they are NOT enough to deal with SpywareQuake. Please see the self-help tutorial How to remove SpywareQuake and SpyQuake2.com.

Edited by quietman7, 08 October 2006 - 06:59 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 graphix21

graphix21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 15 October 2006 - 09:37 PM

thanks for the reply!

i downloaded the Roguescanfix, when i click run it says something like: the setup files are corrupted, please obtain a new file.

how do i delete the old file before i can download the new 1...?
i already deleted the shortcut on my desktop, but i think it didnt got rid of anything.

what is the size of the non-corrupted file? mine is 491KB..

Edited by graphix21, 15 October 2006 - 09:41 PM.


#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:54 AM

Posted 15 October 2006 - 09:47 PM

go here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ you should let one of the Hijack This team members help you.

Edited by oldf@rt, 15 October 2006 - 09:48 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:54 AM

Posted 15 October 2006 - 09:58 PM

can someone pls tell me why my topic has been moved..??
does that mean im not gonna get any help?


Your post was moved from the HJT forum to here as it did not contain an HJT log, and you needed more assistance to start off before posting a log.

Please ensure that when you do post an HJT log in the HJT forum, that you reference/link back to this thread.

Regards,
Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#9 graphix21

graphix21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 15 October 2006 - 11:31 PM

so what do i do now? do i stay here? or post that HJT log?
n how do i post a HJT log..?
sorry im so lost..!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 16 October 2006 - 04:37 AM

After reading and following the directions in the "Prep Guide", post your hijackthis log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 graphix21

graphix21
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 16 October 2006 - 06:49 PM

alright.. i'll do that. thanks so much for the advice!

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 17 October 2006 - 04:23 AM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users