AllExperts > Computer Security & Viruses 
Search      
Computer Security & Viruses
Volunteer
Answers to thousands of questions
 Home · More Computer Security & Viruses Questions · Answer Library  · Encyclopedia ·
More Computer Security & Viruses Answers
Question Library

Ask a question about Computer Security & Viruses
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (including Vista) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over a thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributer of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

 
   

You are here:  Experts > Computing/Technology > Internet/Network Security > Computer Security & Viruses > trojan zlob

Computer Security & Viruses - trojan zlob

Expert: Brian Benosky - 9/6/2008

Question
Aloha brian, my son has helped me to get another email that I can open. He has been helped by you before. Here is the log file.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:24 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMXOALDR.EXE
C:WINDOWSstsystra.exe
C:Program FilesMaxtorOneTouchutilsOnetouch.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesDell Photo AIO Printer 942memcard.exe
C:Program FilesDell Photo AIO Printer 942dlbubmgr.exe
C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe
C:Program FilesDell Photo AIO Printer 942dlbubmon.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE
C:Program FilesMicrosoft IntelliPointipoint.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesJavajre1.6.0_07injusched.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAIM6aim6.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
C:Program FilesAIM6aolsoftware.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesTrend MicrocrackerHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.sweetim.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.sweetim.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dellconect.com/
R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} -  - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:Program Filesalotinalot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07inssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier.1.509.5470swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMSNToolbar.0.0426.0msneshellx.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:Program Filesalotinalot.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar.0.0426.0msneshellx.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [MXOBG] C:WINDOWSMXOALDR.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [MaxtorOneTouch] C:Program FilesMaxtorOneTouchutilsOnetouch.exe
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [DellMCM] C:Program FilesDell Photo AIO Printer 942memcard.exe
O4 - HKLM..Run: [Dell Photo AIO Printer 942] "C:Program FilesDell Photo AIO Printer 942dlbubmgr.exe"
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [CTDVDDET] "C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE"
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [HotbarOE] C:Program FilesHotbarin.0.368.0OEAddOn.exe
O4 - HKLM..Run: [IntelliPoint] "C:Program FilesMicrosoft IntelliPointipoint.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07injusched.exe"
O4 - HKLM..Run: [My Web Search Bar Search Scope Monitor] "C:PROGRA~1MYWEBS~1ar.binm3SrchMn.exe" /m=2 /w
O4 - HKLM..Run: [RegistryMechanic] C:Program FilesRegistry MechanicRegMech.exe /QS
O4 - HKLM..Run: [Symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0
esourcesen-USlocalsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c225878a79e6e412.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:WINDOWSsystem32dlbucoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriverE0Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 14139 bytes


Answer
Hi Chelle

Please download Malwarebytes' Anti-Malware to your desktop from here:
http://www.besttechie.net/tools/mbam-setup.exe
Double-click mbam-setup.exe and follow the prompts to install the program.
 * At the end, be sure a checkmark is placed next to
       o Update Malwarebytes' Anti-Malware
       o and Launch Malwarebytes' Anti-Malware
 * then click Finish.
 * If an update is found, it will download and install the latest version.
 * Once the program has loaded, select Perform full scan, then click Scan.
 * When the scan is complete, click OK, then Show Results to view the results.
 * Be sure that everything is checked, and click Remove Selected.
 * When completed, a log will open in Notepad.  Copy that log into a reply here and also include a new HJT log.

Brian

Add to this Answer    Ask a Question



  Rate this Answer
   Was this answer helpful?
Not at allDefinitely              
   12345  

     
About Us | Advertise on This Site | User Agreement | Privacy Policy | Help
Copyright  © 2008 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.