I have a virus named Zlob.dnschanger on my computer. Spybot cannot delete it. I also have some other viruses that showed up on avg called winbo32.exe. I have read these forums trying to figure out what I should do but I have had no luck. This is my hijackthis file :

Logfile of HijackThis v1.99.1
Scan saved at 7:59:37 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Steam\steam.exe
c:\program files\steam\steamapps\brett123\counter-strike source\hl2.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169488693102
O18 - Protocol: bw+0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw+0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw-0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw-0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw00 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw00s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw10 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw10s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw20 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw20s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw30 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw30s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw40 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw40s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw50 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw50s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw60 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw60s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw70 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw70s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw80 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw80s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw90 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw90s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwa0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwa0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwb0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwb0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwc0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwc0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwd0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwd0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwe0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwe0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwf0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwf0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwg0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwh0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwh0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwi0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwi0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwj0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwj0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwk0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwk0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwl0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwl0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwm0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwm0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwn0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwn0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwo0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwo0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwp0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwp0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwq0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwq0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwr0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwr0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bws0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bws0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwt0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwt0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwu0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwu0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwv0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwv0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bww0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bww0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwx0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwx0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwy0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwy0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwz0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwz0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: offline-8876480 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - (no file)
O20 - Winlogon Notify: avgwlntf - C:\windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: klogon - C:\windows\
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

I have posted a different thread, but this one is using the v1.99.1 of Hijackthis

Hello griffsta and welcome to Safer Networking Forums.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

Since I am still in training, I have to let experts check the content of my fixes before I post them so please be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions!

I have the following viruses Smitfraudfix, Reboot.exe, Zlob.dns changer. I need some help fairly fast. Please reply if you need my hijackthis log. I have used spybot and avg, but they cannot get rid of Zlob.dns changer

Hi griffsta.

I will be helping you out with your malware problems. When replying don't start a new thread, just reply to this one. Thanks :)


R/BOT ADVICE

You have been infected by W32/Rbot-GRU, which allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.

R/BOT INFO (http://www.sophos.com/security/analyses/w32rbotgru.html)

I recommend that you disconnect this machine from the internet NOW!

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

After you've done above, let's start some cleaning.

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.