Spyware problem help!!

  1. 23-07-2006  #1
    nattymiller
    nattymiller is offline Newbie

    Spyware problem help!!

    Hi

    My boyfriends computer has numerous viruses on it. We did a scan with his software and it detected some of them but they couldn't be removed. In the task bat he as a yellow yellow triangle with a black exclamation mark! Which says system alert:Spyware detected and pop ups which say your computer is infected.

    This is just a link to some dodgy spyware advertising site and also when im on internet explorer and every so often there are popups for a site called error404.com which is another spyware site that re directs you to another lot of pop up menus for purchasing things.

    I have taken the details from the scan and would appreciate it if someone could get back to me.

    I have ran ad-aware, spyboy s&d and ewido anti-malware and they have failed to get rid of the problem.

    any help would be much appreciated

    Thank you

    Ad-Aware SE Build 1.06r1
    Logfile Created on:22 July 2006 14:01:36
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R115 18.07.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):1 total references
    SpywareQuake(TAC index:10):1 total references
    Tracking Cookie(TAC index:3):2 total references
    Win32.Trojandownloader.Zlob(TAC index:10):6 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    22-07-2006 14:01:36 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplicatio n
    Description : most recent application to use microsoft directdraw


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 696
    ThreadCreationTime : 22-07-2006 13:00:02
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 760
    ThreadCreationTime : 22-07-2006 13:00:03
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 784
    ThreadCreationTime : 22-07-2006 13:00:03
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 828
    ThreadCreationTime : 22-07-2006 13:00:03
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 840
    ThreadCreationTime : 22-07-2006 13:00:03
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [ati2evxx.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 980
    ThreadCreationTime : 22-07-2006 13:00:04
    BasePriority : Normal


    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 992
    ThreadCreationTime : 22-07-2006 13:00:04
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1064
    ThreadCreationTime : 22-07-2006 13:00:04
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [msmpeng.exe]
    FilePath : C:\Program Files\Windows Defender\
    ProcessID : 1100
    ThreadCreationTime : 22-07-2006 13:00:04
    BasePriority : Normal
    FileVersion : 1.1.1347.0
    ProductVersion : 1.1.1347.0
    ProductName : Windows Defender
    CompanyName : Microsoft Corporation
    FileDescription : Service Executable
    InternalName : MsMpEng.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : MsMpEng.exe

    #:10 [incdsrv.exe]
    FilePath : C:\Program Files\Ahead\InCD\
    ProcessID : 1168
    ThreadCreationTime : 22-07-2006 13:00:04
    BasePriority : Normal
    FileVersion : 4, 3, 20, 1
    ProductVersion : 4, 3, 20, 1
    ProductName : Nero AG incdsrv
    CompanyName : Nero AG
    FileDescription : incdsrv
    InternalName : incdsrv
    LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
    LegalTrademarks : InCD is a trademark of Nero AG
    OriginalFilename : incdsrv.exe

    #:11 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1432
    ThreadCreationTime : 22-07-2006 13:00:06
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:12 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1480
    ThreadCreationTime : 22-07-2006 13:00:07
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:13 [ati2evxx.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1524
    ThreadCreationTime : 22-07-2006 13:00:07
    BasePriority : Normal


    #:14 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1616
    ThreadCreationTime : 22-07-2006 13:00:08
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:15 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1752
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:16 [aluschedulersvc.exe]
    FilePath : C:\Program Files\Symantec\LiveUpdate\
    ProcessID : 1852
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 3.0.0.166
    ProductVersion : 3.0.0.166
    ProductName : LiveUpdate
    CompanyName : Symantec Corporation
    FileDescription : Automatic LiveUpdate Scheduler Service
    InternalName : Automatic LiveUpdate Scheduler Service
    LegalCopyright : Copyright © 1996-2005 Symantec Corporation
    OriginalFilename : ALUSchedulerSvc.exe

    #:17 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1892
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:18 [ccevtmgr.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1908
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 1.03.4
    ProductVersion : 1.03.4
    ProductName : Event Manager
    CompanyName : Symantec Corporation
    FileDescription : Event Manager Service
    InternalName : ccEvtMgr
    LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFilename : ccEvtMgr.exe

    #:19 [ctsvccda.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1924
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 1.0.1.0
    ProductVersion : 1.0.0.0
    ProductName : Creative Service for CDROM Access
    CompanyName : Creative Technology Ltd
    FileDescription : Creative Service for CDROM Access
    InternalName : CTsvcCDAEXE
    LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
    OriginalFilename : CTsvcCDA.EXE

    #:20 [sagent2.exe]
    FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
    ProcessID : 1956
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 2, 0, 0, 0
    ProductVersion : 1, 0, 0, 0
    ProductName : EPSON Bidirectional Printer
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Printer Status Agent
    InternalName : SAgent2
    LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000-2001
    OriginalFilename : SAgent2.exe

    #:21 [ewidoctrl.exe]
    FilePath : C:\Program Files\ewido anti-malware\
    ProcessID : 1984
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : ewido control
    CompanyName : ewido networks
    FileDescription : ewido control
    InternalName : ewido control
    LegalCopyright : Copyright © 2004
    OriginalFilename : ewidoctrl.exe

    #:22 [lssrvc.exe]
    FilePath : C:\Program Files\Common Files\LightScribe\
    ProcessID : 156
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 1.4.56.1
    ProductName : LightScribe
    CompanyName : Hewlett-Packard Company
    LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
    OriginalFilename : LSSrvc.exe

    #:23 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ProcessID : 184
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 9.05.1015
    ProductVersion : 9.05.1015
    ProductName : Norton AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFilename : NAVAPSVC.EXE

    #:24 [nisum.exe]
    FilePath : C:\Program Files\Norton Personal Firewall\
    ProcessID : 200
    ThreadCreationTime : 22-07-2006 13:00:09
    BasePriority : Normal
    FileVersion : 6.02.2003
    ProductVersion : 6.02.2003
    ProductName : Norton Internet Security
    CompanyName : Symantec Corporation
    FileDescription : Norton Internet Security NISUM
    InternalName : NISUM
    LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFilename : NISUM.exe

    #:25 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 460
    ThreadCreationTime : 22-07-2006 13:00:10
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:26 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 492
    ThreadCreationTime : 22-07-2006 13:00:10
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:27 [mspmspsv.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 544
    ThreadCreationTime : 22-07-2006 13:00:10
    BasePriority : Normal
    FileVersion : 7.00.00.1954
    ProductVersion : 7.00.00.1954
    ProductName : Microsoft (R) DRM
    CompanyName : Microsoft Corporation
    FileDescription : WMDM PMSP Service
    InternalName : MSPMSPSV.EXE
    LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
    OriginalFilename : MSPMSPSV.EXE

    #:28 [symwsc.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
    ProcessID : 592
    ThreadCreationTime : 22-07-2006 13:00:10
    BasePriority : Normal
    FileVersion : 2005.1.2.20
    ProductVersion : 2005.1
    ProductName : Norton Security Center
    CompanyName : Symantec Corporation
    FileDescription : Norton Security Center Service
    InternalName : SymWSC.exe
    LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
    OriginalFilename : SymWSC.exe

    #:29 [ccpxysvc.exe]
    FilePath : C:\Program Files\Norton Personal Firewall\
    ProcessID : 1032
    ThreadCreationTime : 22-07-2006 13:00:11
    BasePriority : Normal
    FileVersion : 6.02.2003
    ProductVersion : 6.02.2003
    ProductName : Norton Internet Security
    CompanyName : Symantec Corporation
    FileDescription : Norton Internet Security Proxy Service
    InternalName : ccPxySvc
    LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFilename : ccPxySvc.exe

    #:30 [atmclk.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1568
    ThreadCreationTime : 22-07-2006 13:00:13
    BasePriority : Normal


    #:31 [dcomcfg.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1608
    ThreadCreationTime : 22-07-2006 13:00:13
    BasePriority : Normal


    #:32 [ccapp.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1676
    ThreadCreationTime : 22-07-2006 13:00:14
    BasePriority : Normal
    FileVersion : 1.0.10.006
    ProductVersion : 1.0.10.006
    ProductName : Common Client
    CompanyName : Symantec Corporation
    FileDescription : Common Client CC App
    InternalName : ccApp
    LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    OriginalFilename : ccApp.exe

    #:33 [e_s10ic2.exe]
    FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
    ProcessID : 2088
    ThreadCreationTime : 22-07-2006 13:00:14
    BasePriority : Normal
    FileVersion : 3.08
    ProductVersion : 3.08
    ProductName : EPSON Status Monitor 3
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Status Monitor 3
    InternalName : E_S10IC2
    LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2003
    OriginalFilename : E_S10IC2.EXE

    #:34 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
    ProcessID : 2156
    ThreadCreationTime : 22-07-2006 13:00:15
    BasePriority : Normal


    #:35 [msascui.exe]
    FilePath : C:\Program Files\Windows Defender\
    ProcessID : 2180
    ThreadCreationTime : 22-07-2006 13:00:15
    BasePriority : Normal
    FileVersion : 1.1.1347.0
    ProductVersion : 1.1.1347.0
    ProductName : Windows Defender
    CompanyName : Microsoft Corporation
    FileDescription : Windows Defender User Interface
    InternalName : MSASCUI
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : MSASCUI.exe

    #:36 [license_manager.exe]
    FilePath : C:\Program Files\License_Manager\
    ProcessID : 2204
    ThreadCreationTime : 22-07-2006 13:00:15
    BasePriority : Normal
    FileVersion : 20.464.0.19
    ProductVersion : 20.464.0.19
    ProductName : Notifier
    FileDescription : Notifier
    LegalCopyright : Copyright © 2004 Notifier

    #:37 [ctdetect.exe]
    FilePath : C:\Documents and Settings\Burgess\My Documents\Detector\
    ProcessID : 2220
    ThreadCreationTime : 22-07-2006 13:00:15
    BasePriority : Normal
    FileVersion : 2.3.1.0
    ProductVersion : 2.3.0.0
    ProductName : Creative MediaSource Detector
    CompanyName : Creative Technology Ltd
    FileDescription : Creative MediaSource Detector
    InternalName : CTDetect
    LegalCopyright : Copyright (c) Creative Technology Ltd., 2003-2004. All rights reserved.
    OriginalFilename : CTDetect.EXE

    #:38 [ssaad.exe]
    FilePath : C:\PROGRA~1\Sony\SONICS~1\
    ProcessID : 2228
    ThreadCreationTime : 22-07-2006 13:00:16
    BasePriority : Normal
    FileVersion : 4.0.00.05080
    ProductVersion : 4.0.00
    ProductName : SonicStage
    FileDescription : SonicStage Atrac Hard Disk Monitor
    InternalName : SonicStage Atrac Hard Disk Monitor
    LegalCopyright : Copyright 2005 Sony Corporation
    OriginalFilename : SSAAD.EXE

    #:39 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ProcessID : 2244
    ThreadCreationTime : 22-07-2006 13:00:16
    BasePriority : Normal
    FileVersion : 4.7.3001
    ProductVersion : Version 4.7.3001
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Windows Messenger
    InternalName : msmsgs
    LegalCopyright : Copyright (c) Microsoft Corporation 2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msmsgs.exe

    #:40 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 2800
    ThreadCreationTime : 22-07-2006 13:00:37
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:41 [wmiprvse.exe]
    FilePath : C:\WINDOWS\System32\wbem\
    ProcessID : 3004
    ThreadCreationTime : 22-07-2006 13:01:01
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : WMI
    InternalName : Wmiprvse.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : Wmiprvse.exe

    #:42 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3088
    ThreadCreationTime : 22-07-2006 13:01:15
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    SpywareQuake Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : clsid\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\windows\currentversion\explorer \browser helper objecta\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\windows\currentversion\explorer \browser helper objects\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 4
    Objects found so far: 5


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 5


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : burgess@www.movieland[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:burgess@www.movieland.com/
    Expires : 22-07-2007 14:00:24
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : burgess@ads.vitalix[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:burgess@ads.vitalix.net/
    Expires : 22-07-2007 14:00:24
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 7



    Deep scanning and examining files (C
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 7


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 7




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\windows\currentversion\policies \explorer\run
    Value : wininet.dll

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : RegValue
    Data :
    TAC Rating : 10
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : software\microsoft\windows\currentversion\policies \explorer\run
    Value : dcomcfg.exe

    Win32.Trojandownloader.Zlob Object Recognized!
    Type : File
    Data : stdole3.tlb
    TAC Rating : 10
    Category : Malware
    Comment :
    Object : C:\WINDOWS\system32\



    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 3
    Objects found so far: 10

    1404 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:19:28.125
    Objects scanned:181281
    Objects identified:9
    Objects ignored:0
    New critical objects:9
  2. 23-07-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply (if unsure of your results).
    DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm





    If infected files were listed above, please proceed as follows:

    STEP # 2 - Cleaning

    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



    Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
    • Click the Download BUTTON. On the next page click the Download now BUTTON.
    • Save and then install (Run) from the save location.
    • Open/Run ewido anti-spyware
    • Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    • Click on the Update now LINK at the top of the window
      • Click on the Start update button
      • Wait for the update to download and install
  3. This is very important to get the LATEST updates
  4. Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  5. Click on the Scanner ICON at the top of the window
  6. Click on the Settings tab then select Recommended Actions and choose Quarantine
  7. When updating has finished. Close Ewido.



    8. We will be using this tool in a later step.




    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________

    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    ______________________________

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


    ______________________________

    Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:
    • Click on the default Status ICON and select the Scan now LINK.

      OR

    • Click on the Scanner ICON . Select the Scan TAB.

      • Select Complete System Scan. Ewido will now begin to scan your system.

    • If Ewido finds anything it will list them in the Preview WINDOW:
      • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
      • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

    • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
    • Copy and paste the EWIDO scan results into your next post.
    • Close Ewido and REBOOT.


    ______________________________

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #3 - Delete Trusted zone by typing 3 and press Enter
    Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


    ______________________________
    Reboot in Normal Mode.

    Please post (preferably not file attachments, please):
    1. c:\rapport.txt
    2. Ewido log
    3. A HijackThis log
+ Reply to Thread
« hijackthis log, virused and mouse disabled, pls help. | hijack log, after fix »

Similar Threads