ZLOB problem [Archive] - Safer-Networking Forums

iHATEviruses

2006-10-30, 09:03

hey i've noticed a problem with spyware, zlob in particular. i did what was recommended. here are the log files. thanks for the help

PANDA Scan
-----------------------------------

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.ehg-ati.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.spylog.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.com.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.adtech.de/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.target.com/]
Spyware:Cookie/WUpd Not disinfected

iHATEviruses

2006-10-30, 09:04

C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\sk6d9aao.default\cookies.txt[.tucows.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tony\Cookies\tony@2o7[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tony\Cookies\tony@ads.addynamix[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tony\Cookies\tony@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tony\Cookies\tony@belnk[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tony\Cookies\tony@citi.bridgetrack[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tony\Cookies\tony@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tony\Cookies\tony@go[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tony\Cookies\tony@questionmarket[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tony\Cookies\tony@trafficmp[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Tony\Cookies\tony@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tony\Cookies\tony@zedo[2].txt

HJT log
------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:28:44 AM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2e4\FlashIcon.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tony\Desktop\downloads\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mwt.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided by MWT.NET
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.2e4\FlashIcon.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mwt.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154054921984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mafhwdmdd - Unknown owner - (no file)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

pskelley

2006-10-31, 14:06

Welcome to the forum, I am not seeing a whole lot in this log. Your Java program is out of date and that will get you infected, see this information:
http://forums.spybot.info/showthread.php?t=8519
C:\Program Files\Java\jre1.5.0_06\ <<< out of date.

Smitfraud (zlob) is often hidden in the HJT log, so if you say you see it, follow these directions:

Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.

1) When you run SmitfraudFix "Search" function, make sure the log shows it located the infection before running "Clean"

2) When you run AVG Spyware scan, make sure you delete or quarantine what it locates unless you know it is not bad.

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

tashi

2006-11-07, 18:57

This topic is closed due to lack of a response. :sad:

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.