Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-02-2007, 09:19 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hello,

I received a pop up about this virus TrojanDownloader.Win32.Zlob.ci from my Windows Defender a few days ago. I downloaded AVG anti-virus, and it also found the same virus. I tried to remove it using the both Windows Defender and AVG, but I keep getting warnings about it every few hours when my computer is on.

I also get a MS-DOS pop-up screen for a few seconds every once in a while too. I usually use Firefox to browse, but I recently started using IE 6.0 to run the Panda ActiveScan, and I've been getting more pop-ups. They are usually boxes that state that my privacy is compromised and that I need to download some sort of Privacy program in order to protect my computer. I also was surprised to see that the background wallpaper was replaced with a huge red *.gif file that stated that my privacy is in danger, and has a button to click on in order to presumably download software. The entire gif file is a button that would take me to something, and I've moved it off to the side of my desktop.

I performed the 5 steps listed before posting. Any help removing the virus, getting rid of the pop-ups, and cleaning my computer would be greatly appreciated.

Thanks!

Here is the start of Deckard's System Scanner log, and I've attached the extra.txt file as well:

Deckard's System Scanner v20071014.68
Run by Jason on 2007-12-02 22:34:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2007-12-03 03:34:23 UTC - RP231 - Deckard's System Scanner Restore Point
79: 2007-12-02 16:18:43 UTC - RP230 - Windows Defender Checkpoint
78: 2007-12-02 16:01:16 UTC - RP229 - Software Distribution Service 3.0
77: 2007-11-26 02:44:46 UTC - RP228 - Software Distribution Service 3.0
76: 2007-11-26 02:25:03 UTC - RP227 - Removed Google Desktop


-- First Restore Point --
1: 2007-08-31 01:18:00 UTC - RP152 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.85 GiB (less than 15%) free.


-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:18 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll (file missing)
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll (file missing)
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O21 - SSODL: pmkret - {237148EA-5B97-49A7-A6C3-745A649DF0C3} - C:\WINDOWS\pmkret.dll (file missing)
O21 - SSODL: gormet - {C7E528F7-CF40-4B7D-9822-EA71D0FC9F06} - C:\WINDOWS\gormet.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 15191 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 PrivateDisk - c:\program files\lenovo\safeguard privatedisk\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R2 smihlp (SMI helper driver) - c:\program files\thinkvantage fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; ThinkVantage Fingerprint Software>
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>

S3 catchme - c:\docume~1\jason\locals~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; PSA Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 22:16:04 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2007-12-02 11:12:12 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-07 15:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-14 05:28:42 366 -----n--- C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 17:54:04 0 d-------- C:\WINDOWS\privacy_danger
2007-12-02 17:30:07 172032 --a------ C:\WINDOWS\nsduo.dll <Not Verified; ; nsduo>
2007-11-26 01:17:21 266240 --a------ C:\WINDOWS\msmdev.dll
2007-11-25 22:34:56 0 d-------- C:\ie-spyad_zo
2007-11-25 22:27:41 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-11-25 22:27:38 0 d-------- C:\Program Files\SpywareBlaster
2007-11-25 22:12:21 0 d-------- C:\Program Files\CCleaner
2007-11-25 22:08:06 0 d-------- C:\WINDOWS\pss
2007-11-25 21:30:31 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 2105 0 d-------- C:\Program Files\Trend Micro
2007-11-25 21:02:10 233472 --a------ C:\WINDOWS\msmhost.dll <Not Verified; ; msmhost>
2007-11-25 20:48:00 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-25 20:47:21 0 d-------- C:\Documents and Settings\Jason\Application Data\WholeSecurity
2007-11-25 10:20:37 0 dr-h----- C:\$VAULT$.AVG
2007-11-25 09:33:16 0 d-------- C:\Documents and Settings\Jason\Application Data\AVG7
2007-11-25 09:33:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-25 09:32:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-25 09:32:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-24 11:50:51 235520 --a------ C:\WINDOWS\system32\PowerVideo.dll <Not Verified; 3gp.org; >
2007-11-24 11:45:49 0 d-------- C:\Program Files\RichVideoCodec
2007-11-07 22:39:49 0 d-------- C:\Program Files\Hewlett-Packard


-- Find3M Report ---------------------------------------------------------------

2007-12-02 10:50:46 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2007-12-02 10:50:25 0 d-------- C:\Program Files\Google
2007-11-26 04:59:30 40 --a------ C:\WINDOWS\system32\profile.dat
2007-11-25 22:53:38 0 d-------- C:\Program Files\Windows Defender
2007-11-25 22:53:00 0 d-------- C:\Program Files\ThinkVantage Fingerprint Software
2007-11-25 22:51:41 0 d-------- C:\Program Files\Picasa2
2007-11-25 22:48:18 0 d-------- C:\Program Files\Digital Line Detect
2007-11-25 22:48:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-25 22:47:39 0 d-------- C:\Program Files\Common Files\Lenovo
2007-11-18 13:02:41 0 d-------- C:\Documents and Settings\Jason\Application Data\BitTorrent
2007-10-14 17:56:07 0 d-------- C:\Program Files\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}]
09/06/2007 01:19 PM 172032 --a------ C:\WINDOWS\nsduo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
C:\WINDOWS\werbetdqw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [05/25/2006 11:13 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [05/25/2006 11:13 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 12:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 12:16 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [02/23/2006 12:22 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/03/2006 01:00 AM]
"TpShocks"="TpShocks.exe" [03/15/2006 10:04 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [07/24/2006 08:19 PM]
"TP4EX"="tp4ex.exe" [10/17/2005 04:11 AM C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 07:11 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 06:06 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/25/2006 01:21 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/25/2006 01:17 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/25/2006 01:21 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/23/2007 05:32 PM]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [07/04/2006 11:11 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [07/14/2006 09:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [11/14/2005 01:23 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 08:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [08/16/2006 12:07 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 12:21 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [08/18/2005 08:22 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 07:24 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [08/26/2006 03:22 AM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [08/26/2006 03:17 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [03/15/2006 06:07 PM]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [03/13/2006 07:38 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [07/14/2006 09:13 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 05:20 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/25/2007 09:32 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/7/2006 12:03:00 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pmkret"= {237148EA-5B97-49A7-A6C3-745A649DF0C3} - C:\WINDOWS\pmkret.dll [ ]
"gormet"= {C7E528F7-CF40-4B7D-9822-EA71D0FC9F06} - C:\WINDOWS\gormet.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 08/26/2006 03:17 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 08/16/2006 12:07 PM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/25/2006 10:20 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 09:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 06:16 AM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd ACGina




-- End of Deckard's System Scanner: finished at 2007-12-02 22:37:13 ------------
Attached Files
File Type: txt extra.txt (19.9 KB, 2 views)
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-03-2007, 07:20 AM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hello and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

===============================================================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.ts important that you follow this through until i give you the all clear,a lack of symptoms does not mean the infection is gone.

======================================================

P2P

P2P - I see you have P2P software BitTorrent 5.0.9 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

======================================================

Please download SmitfraudFix (by S!Ri) to your Desktop.Do Not run a scan just yet, we will shortly.

--------------------------------------

Download ComboFix from Here or here

**Save it to your desktop**Do Not run a scan just yet, we will shortly.

=====================================================

I see you have AVG antispyware installed. Double-click the icon on Desktop to launch AVG Anti-Spyware.You will need to update AVG Anti-Spyware to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
.
  • Under "Reports"Select "Do not Automatically generate report after every scanWhen you have finished updating, EXIT AVG Anti-Spyware
. Do Not run a scan just yet, we will shortly.

=====================================================

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
__

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

====================================================

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and Reboot in Normal Mode.

======================================================

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

=======================================================
Run Combofix

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=======================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:rapport.txt
AVG scan report
C:\Combofix.txt
Hijackthis log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 06:24 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hi TheBruce1,

I only have AVG Anti-Virus Free Edition installed on my computer, not the complete AVG Internet Security program with Anti-Spyware. Can I go ahead with the other steps without upgrading to the full AVG Internet Security program with Anti-Spyware? Or would you recommend getting the program in order to go through all the steps in order?

Thanks
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 07:43 PM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
I forgot to mention you had two antivirus programs installed,namely AVG7 and Symantec.You`ll need to remove one of them as they will fight for control,slow your system down and in the end this could lead to a system crash.

If uninstalling Symantec/Norton download and run the Norton Removal Tool.You can uninstall AVG7 from add/remove.

Remove one of those programs before you boot into safe mode.

As for AVG antispyware,just ignore that part and carry on with the rest of the instructions.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2007, 09:18 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hi TheBruce1,

I uninstalled AVG7 and ran all the log fixes.

Here are the log in this order: 1) Smitfraudfix.exe 2) Combofix.exe 3) HijackThis log. I'll post the subsequent logs on new posts and name them.

Thanks,

SmitFraudFix v2.257

Scan done at 22:48:02.04, Tue 12/04/2007
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\msmdev.dll Deleted
msmdev not found.
C:\WINDOWS\msmhost.dll Deleted
msmhost not found.
C:\WINDOWS\nsduo.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\system32\PowerVideo.dll Deleted
C:\Program Files\RichVideoCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{483B733D-EB5D-4AA7-9AE9-0927E87F87CE}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{483B733D-EB5D-4AA7-9AE9-0927E87F87CE}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{483B733D-EB5D-4AA7-9AE9-0927E87F87CE}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2007, 09:19 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
This is the combofix.exe log

ComboFix 07-12-02.7 - Jason 2007-12-04 23:05:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT -5:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-04 22:48 . 2007-12-04 22:48 6,056 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 22:33 . 2007-12-02 22:33 <DIR> d-------- C:\Deckard
2007-11-25 22:34 . 2007-11-25 22:39 <DIR> d-------- C:\ie-spyad_zo
2007-11-25 22:27 . 2007-12-04 22:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-25 22:27 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-11-25 22:27 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-25 22:12 . 2007-11-25 22:12 <DIR> d-------- C:\Program Files\CCleaner
2007-11-25 21:30 . 2007-11-26 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 21:30 . 2007-11-25 21:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 21:30 . 2007-11-25 21:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-25 21:30 . 2007-11-25 21:30 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-25 21:06 . 2007-11-25 21:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 20:48 . 2007-11-25 20:48 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-25 20:47 . 2007-11-25 20:47 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\WholeSecurity
2007-11-25 09:33 . 2007-11-25 09:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-25 09:33 . 2007-12-02 10:54 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AVG7
2007-11-25 09:32 . 2007-12-04 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-07 22:43 . 2007-11-07 22:46 511 --a------ C:\hpfr3320.xml
2007-11-07 22:39 . 2007-11-14 03:10 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-11-07 22:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-07 22:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 15:50 --------- d-----w C:\Program Files\Google
2007-11-26 03:53 --------- d-----w C:\Program Files\Windows Defender
2007-11-26 03:53 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-11-26 03:51 --------- d-----w C:\Program Files\Picasa2
2007-11-26 03:48 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-26 03:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 03:47 --------- d-----w C:\Program Files\Common Files\Lenovo
2007-11-18 18:02 --------- d-----w C:\Documents and Settings\Jason\Application Data\BitTorrent
2007-10-14 22:56 --------- d-----w C:\Program Files\BitTorrent
.

((((((((((((((((((((((((((((( snapshot@2007-11-25_20.56.48.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 08:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 1808 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 15:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 19:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 19:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 18:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 13:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 13:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-18 22:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 19:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 11:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 22:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 17:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2007-11-25 05:00:00 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
+ 2007-12-02 15:50:46 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
- 2007-03-15 22:19:28 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2003-03-25 23:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2007-12-05 04:09:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_15c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 11:13]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 11:13]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 00:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 00:16]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 12:22]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 01:00]
"TpShocks"="TpShocks.exe" [2006-03-15 22:04 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-24 20:19]
"TP4EX"="tp4ex.exe" [2005-10-17 04:11 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 19:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 18:06]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-25 01:21]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-25 01:17]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-25 01:21]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-23 17:32]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 11:11]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 01:23]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 08:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 12:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 12:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-18 20:22]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 19:24]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 03:22]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 03:17]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 18:07]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 19:38]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 21:13]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-07 12:03:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-16 12:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 22:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 09:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 06:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 PrivateDisk;PrivateDisk;\??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
R2 smihlp;SMI helper driver;\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
R3 EraserUtilDrvI2;EraserUtilDrvI2;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI2.sys
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 20:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-05 03:58:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-05 04:09:59 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2007-01-14 10:28:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 23:10:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 23:12:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-25 20:57
.
--- E O F ---
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2007, 09:20 PM   #7 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
And this is the Hijackthis log. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:53 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 13304 bytes
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2007, 06:16 AM   #8 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Good job

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

=====================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=====================================================
Logs Required
Kaspersky scan report
Hijackthis log

How is your system behaving now,thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2007, 08:30 PM   #9 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hi TheBruce1,

I've run both scans and have attached them in the order you had listed. Here's the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 05, 2007 10:25:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/12/2007
Kaspersky Anti-Virus database records: 473542
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47262
Number of viruses found: 13
Number of infected objects: 137
Number of suspicious objects: 0
Duration of the scan process: 00:42:01

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT115.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT115.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT115.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1202.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1202.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1202.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1202.tmp ZIP: infected - 3 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT121.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT121.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT121.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1224.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1224.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1224.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1236.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1236.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1236.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1259.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1259.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1259.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT126.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT126.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT126.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1282.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1282.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1282.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1D6.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1D6.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT1D6.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT22A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT22A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT22A.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT312.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT312.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT312.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AA.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AA.tmp ZIP: infected - 3 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AF.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AF.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4AF.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CD.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CD.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CD.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CE.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT4CE.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT59D.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT59D.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT59D.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT59D.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT59D.tmp ZIP: infected - 4 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT688.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT688.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT688.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT85.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT85.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT85.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT85.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT85.tmp ZIP: infected - 4 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT94.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT94.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BIT94.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAB.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAD.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAD.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITAD.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB0.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB0.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB1.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITB1.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITC1.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITC1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITC1.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITCC.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITCC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITCC.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITD36.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITD36.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITD36.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITD36.tmp ZIP: infected - 3 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITF5.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITF5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITF5.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITFC.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITFC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Jason\LOCALS~1\Temp\BITFC.tmp ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04172007-194344.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\history.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\key3.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbdam Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbdao Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbeam Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbeao Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbm Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\fii.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\hp Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Desktop\6290507f177c\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3436E11C-A994-4712-A812-60A24185FA3E} Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\63329BDCd01/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\63329BDCd01/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\63329BDCd01 RarSFX: infected - 2 skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\AE208952d01 Infected: not-virus:Hoax.Win32.Renos.xb skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\qvzs86i6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\~DF5093.tmp Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0593NAV~.TMP Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0897NAV~.TMP Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\msmhost.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP221\A0006113.ocx Infected: Trojan.Win32.Agent.bjd skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006120.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.eof skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006120.exe/stream Infected: Trojan-Downloader.Win32.Zlob.eof skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006120.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006121.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.eof skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006121.exe/stream Infected: Trojan-Downloader.Win32.Zlob.eof skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006121.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006122.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ny skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006123.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ny skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP222\A0006125.dll Infected: not-a-virus:AdWare.Win32.Vapsup.nx skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP223\A0006126.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP223\A0006127.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP223\A0006128.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP223\A0006156.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP223\A0006157.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP224\A0006158.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP224\A0006159.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP224\A0006160.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP225\A0006163.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP225\A0006164.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP225\A0006165.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP226\A0006214.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP226\A0006215.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP226\A0006216.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP228\A0006233.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP228\A0006234.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP229\A0006272.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP229\A0006273.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP230\A0006274.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP230\A0006275.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP230\A0006276.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP231\A0006377.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP231\A0006378.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP233\A0006461.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP233\A0006462.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP233\A0006463.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP233\A0006464.dll Infected: Trojan-Downloader.Win32.Delf.cxi skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP234\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CC9BD2D0-7281-4AF4-94CD-0CEDBE3C5C00}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\profile.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_15c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2007, 08:30 PM   #10 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Here's the newest Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:32 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 13502 bytes
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2007, 08:31 PM   #11 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
I haven't seen a pop-up about a virus or any piracy pop-ups lately, but according to the Kaspersky scan, I'm still infected.

Thanks
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 07:17 AM   #12 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Hello again

Kaspersky found in infections in Deckard System Scanner backup(DSS)which acts like quarantine,so those files are harmless,follow instructions below and DSS will be removed and so will those files found by Kaspersky.

Kaspersky also found infected files in System Volume Information which is your system restore,when you delete a file windows makes a back-up of that file in System Volume Information in case you delete something by mistake,you can use system restore to recovery that file.Follow instructions below and we will be disabling/enabling system restore which will remove those files for good.All other infected files found by Kaspersky will also be removed.

======================

Well done,your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

You can remove Smitfraudfix tool as well.

----------------------------------------

Clear IE6 cookies

*Open IE and click Tools
*Click on Internet Options
*Click on General Tab
*Click on Delte Temp Files & Cookies buttons.

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

Only install one of the above

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera


------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
AVG Antispyware Free
Ad-Aware
Spybot S&D
Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
Download Spyware Guard to catch and block spyware before it can execute.

------------------------------------------------------------------

IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List.

Download and installation instructions for IE-Spyad™ Here

-----------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Also, please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more,as we may mark this as resolved,thanks.[/quote]
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 01:41 PM   #13 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 10
OS: Windows XP Service Pack 2


Re: Need help - TrojanDownloader.Win32.Zlob.ci and privacy protection pop ups
Thanks for all your help TheBruce1. My computer hasn't had any pop ups or warnings about viruses or piracy. If anything comes up in the future, I'll let you know. Otherwise, I hope it's clean.

Thanks again!
ijjit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:50 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85