Author Topic: help (Read 4575 times)

davcho · « **on:** February 26, 2006, 05:45:26 PM »

Hi there

I'm new here & would like the experts to analyse my ad=aware logfile which found one object in zonealarm file. When i quarantined it, zonealarm closed & cannot start again

Can anybody advise me???

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, February 27, 2006 2:27:00 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R93 22.02.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.GAIN.Dashbar(TAC index:7):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

2-27-2006 2:27:00 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 2-26-2006 6:39:31 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 2-26-2006 6:39:32 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 572
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 2-26-2006 6:39:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 984
ThreadCreationTime : 2-26-2006 6:39:34 AM
BasePriority : Normal
FileVersion : 103.0.6.5
ProductVersion : 103.0.6.5
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:11 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1016
ThreadCreationTime : 2-26-2006 6:39:34 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:12 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1028
ThreadCreationTime : 2-26-2006 6:39:34 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1104
ThreadCreationTime : 2-26-2006 6:39:35 AM
BasePriority : Normal
FileVersion : 103.0.6.5
ProductVersion : 103.0.6.5
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 2-26-2006 6:39:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp.050610-1527)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1352
ThreadCreationTime : 2-26-2006 6:39:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1364
ThreadCreationTime : 2-26-2006 6:39:36 AM
BasePriority : Normal
FileVersion : 3.0.0.150
ProductVersion : 3.0.0.150
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:17 [dkservice.exe]
FilePath : C:\Program Files\Executive Software\Diskeeper\
ProcessID : 1400
ThreadCreationTime : 2-26-2006 6:39:38 AM
BasePriority : Normal
FileVersion : 8.0.478.0
ProductVersion : 8.0.478.0
ProductName : Diskeeper (TM) Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:18 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1432
ThreadCreationTime : 2-26-2006 6:39:38 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:19 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1456
ThreadCreationTime : 2-26-2006 6:39:38 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:20 [gbpoll.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton GoBack\
ProcessID : 1504
ThreadCreationTime : 2-26-2006 6:39:38 AM
BasePriority : Normal

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ProcessID : 1540
ThreadCreationTime : 2-26-2006 6:39:38 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [npfmntor.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\
ProcessID : 1568
ThreadCreationTime : 2-26-2006 6:39:39 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:23 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\
ProcessID : 1600
ThreadCreationTime : 2-26-2006 6:39:39 AM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:24 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 2-26-2006 6:39:39 AM
BasePriority : Normal
FileVersion : 6.14.10.8195
ProductVersion : 6.14.10.8195
ProductName : NVIDIA Driver Helper Service, Version 81.95
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.95
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:25 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1728
ThreadCreationTime : 2-26-2006 6:39:39 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:26 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1752
ThreadCreationTime : 2-26-2006 6:39:39 AM
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:27 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2120
ThreadCreationTime : 2-26-2006 6:39:47 AM
BasePriority : Normal
FileVersion : 6.00.2900.2649 (xpsp.050406-1732)
ProductVersion : 6.00.2900.2649
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:28 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2212
ThreadCreationTime : 2-26-2006 6:39:50 AM
BasePriority : Normal
FileVersion : 103.0.6.5
ProductVersion : 103.0.6.5
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:29 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2220
ThreadCreationTime : 2-26-2006 6:39:50 AM
BasePriority : Normal
FileVersion : 5.1.0.36
ProductVersion : 5.1.0.36
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:30 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2236
ThreadCreationTime : 2-26-2006 6:39:50 AM
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe

Adware.GAIN.Dashbar Object Recognized!
Type : Process
Data : zlparser.dll
TAC Rating : 7
Category : Adware
Comment : fddli_1200_Bo_s_Inst-76.exe
Object : C:\WINDOWS\system32\ZoneLabs\
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs ZLPARSER.DLL
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs ZLPARSER.DLL
InternalName : zlparser
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlparser.dll

Warning! Adware.GAIN.Dashbar Object found in memory(C:\WINDOWS\system32\ZoneLabs\zlparser.dll)

Warning! "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"Process could not be terminated!

#:31 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2264
ThreadCreationTime : 2-26-2006 6:39:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2272
ThreadCreationTime : 2-26-2006 6:39:51 AM
BasePriority : Normal

#:33 [freeram xp pro.exe]
FilePath : C:\Program Files\YourWare Solutions\FreeRAM XP Pro\
ProcessID : 2280
ThreadCreationTime : 2-26-2006 6:39:51 AM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.0.0.0
ProductName : FRXPRO
CompanyName : YourWare Solutions (TM)
FileDescription : FreeRAM XP Pro (YourWare Solutions)
InternalName : FRXPRO
LegalCopyright : Copyright YourWare Solutions (TM), 2001-2005
LegalTrademarks : YourWare Solutions, FreeRAM XP, FreeRAM XP Lite, FreeRAM XP Professional
OriginalFilename : FRXPRO
Comments : Freeware application that frees and defragments your computer's memory to increse performance. Enjoy! Visit website for periodic updates.

#:34 [gbtray.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton GoBack\
ProcessID : 2464
ThreadCreationTime : 2-26-2006 6:39:55 AM
BasePriority : Normal

#:35 [bittorrent.exe]
FilePath : C:\Program Files\BitTorrent\
ProcessID : 2024
ThreadCreationTime : 2-26-2006 7:12:32 AM
BasePriority : Normal

#:36 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 192
ThreadCreationTime : 2-26-2006 9:17:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:37 [opera.exe]
FilePath : C:\Program Files\Opera9.0P2\
ProcessID : 1660
ThreadCreationTime : 2-26-2006 3:59:46 PM
BasePriority : Normal
FileVersion : 8212 (Beta 2)
ProductVersion : 9.00
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2006
OriginalFilename : Opera.exe

#:38 [acrord32.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 3348
ThreadCreationTime : 2-26-2006 5:59:08 PM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 7.0
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 284
ThreadCreationTime : 2-26-2006 6:24:13 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
9828 entries scanned.
New critical objects:0
Objects found so far: 1

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

2:30:35 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:35.94
Objects scanned:124259
Objects identified:0
Objects ignored:0
New critical objects:0

mitch · « **Reply #1 on:** February 26, 2006, 07:28:28 PM »

hummmm
i THINK you have a false positive there

open up aaw and go into the quarentine folder and put it back
then might have to reboot and see if your ZA works again !
and post back here ok?

GR@PH;<'S · « **Reply #2 on:** February 26, 2006, 08:27:09 PM »

davcho,

Quote

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
9828 entries scanned.
New critical objects:0
Objects found so far: 1

Have you added to your host file using a third party program if not then I recommend that
you download “Host File Reader“
save it say on your desktop and take a look at your Hosts file. If you are not familiar with the Hosts file entries just click the reset default button at the “Host File Reader”.

And as for the file that Ad-aware has found it does seem as it is an FP so for now please add it to your ignore list till the next definition file is released.

GR@PH;<'S

Corrine · « **Reply #3 on:** February 26, 2006, 10:07:11 PM »

Before restoring from quarantine, please make sure that you click on the Gear icon to launch the configuration menu. Then select Tweaks > Cleaning Engine > UNCHECK "Delete quarantined items after restoring".

Please let us know how you make out. In the meantime, we'll check around to see if others have experienced this problem.

LS SteveJ · « **Reply #4 on:** February 27, 2006, 01:18:30 PM »

Coming in here to sort this out...

The Zlparser.dll issue is a known issue. This is not a false positive. The error occurs as there is a conflict between the two anti-spyware softwares. Ad-Aware recognises references to known malware inside the Zonelabs file while it is loaded into memory, and therefore flags it as malicious and "Potential New Malware". It is therefore not recommended to run an ad-aware scan while Zonelabs resident protection is active. However, we are in no way suggesting that you should uninstall Zonelabs OR Ad-Aware. Indeed, the more anti-spyware applications are run, the more likely you will have a clean system! Basically, you have two ways of fixing this problem... you can either disable the Zonelabs resident protection while performing an Ad-Aware scan, and re-enable it directly after; or (and this is the more favourable solution); you can add this process / file to the AAW whitelist... when you have finished the scan, and you see an object that you KNOW 100% is legitimate (you can send it to us guys if you are not sure).. then you go to the "Critical Objects" window after the scan... select the process and the file that you know are legitimate, and check their checkboxes... then right click and choose "Add Selected to Ignore List"

Hope this works out for you...

Thanks!

//Steve

winchester73 · « **Reply #5 on:** February 27, 2006, 02:12:57 PM »

Quote from: LS SteveJ on February 27, 2006, 01:18:30 PM

The Zlparser.dll issue is a known issue. This is not a false positive. The error occurs as there is a conflict between the two anti-spyware softwares. Ad-Aware recognises references to known malware inside the Zonelabs file while it is loaded into memory, and therefore flags it as malicious and "Potential New Malware". It is therefore not recommended to run an ad-aware scan while Zonelabs resident protection is active.

//Steve

... except ...

This box I am typing on runs ZA Pro and Ad-Aware SE Pro, and there is nary a peep about zlparser.dll ...

Why do I not see a conflict when I scan with A-A?

Quote

#:30 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2236
ThreadCreationTime : 2-26-2006 6:39:50 AM
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe

Adware.GAIN.Dashbar Object Recognized!
Type : Process
Data : zlparser.dll
TAC Rating : 7
Category : Adware
Comment : fddli_1200_Bo_s_Inst-76.exe
Object : C:\WINDOWS\system32\ZoneLabs\
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs ZLPARSER.DLL
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs ZLPARSER.DLL
InternalName : zlparser
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlparser.dll

Warning! Adware.GAIN.Dashbar Object found in memory(C:\WINDOWS\system32\ZoneLabs\zlparser.dll)

Warning! "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"Process could not be terminated!

Is the objection to fddli_1200_Bo_s_Inst-76.exe instead? That is a known GAIN item.

Or is it because the version of ZA is relatively old? The log above shows 5.0.590.015, whereas I am using 6.1.737.000 ... that .dll is on this box, and I know it is on another box with 5.5.062.004 ... but that box doesn't have A-A objecting either.

winchester73 · « **Reply #6 on:** February 27, 2006, 02:57:23 PM »

Just had a buddy install a free version of Ad-Aware SE on his XP computer, and run a scan to see if his already installed free version of ZA would object ...

Nope.

How odd if this is a known issue.

davcho · « **Reply #7 on:** February 27, 2006, 05:04:10 PM »

Hello again

Mitch!!....when i reboot my PC, i think the zlparserdll reloads again from memory & my zonealarm auto start again so there's no problem there...thanks

Graph!!!....when you mentioned hosts file, i remember about adding in zonealarm address in the hosts file cos' i've read somewhere in a forum that it is calling home!!!.....could it be the reason why????.....& before all this while, i've never have that problem with zonealarm when i scan with AA

GR@PH;<'S · « **Reply #8 on:** February 27, 2006, 05:35:16 PM »

davcho,
I am sure that by your adding ZoneAlarm to your host file it would not have added as many as you seem to have I recommend that you use “Host File Reader“,
Also your Zone Alarm is version 5.0.590.015 you could update it to the lastest version 6.1.737.000
That is what I am using and Ad-aware does not an issue on my PC's

GR@PH;<'S

davcho · « **Reply #9 on:** February 27, 2006, 08:17:48 PM »

Graph!!!...thanks, i've just downlaoded HostFile Reader & open Notepad.......& the zonealarm addy that i've added disappeared

....how did it disappear???....weird???

Anyway, i'll upgrade my zonealarm later & see whether all is well again.....thanks again

GR@PH;<'S · « **Reply #10 on:** February 27, 2006, 08:35:08 PM »

davcho,

Quote

i've just downlaoded HostFile Reader & open Notepad.......& the zonealarm addy that i've added disappeared ....how did it disappear???....weird???

If you used the default button in the “Host File Reader” it will have replaced the host file with an original windows one.
have you updated ZoneAlarm to v6 if not then i recommend that you do so.
but can you rescan using Ad-aware doing a "Full Scan" and then post your logfile here
by using the Add-Reply Feature .

GR@PH;<'S

davcho · « **Reply #11 on:** March 01, 2006, 07:25:56 PM »

Graph!!...i didn't used the default button but its okay, i'll just add it again

I've downloaded the latest zonealarm but i just can't seem to upgrade it or even clean install it

Everytime i do that, my PC would reboot

....very weird.

Paddy · « **Reply #12 on:** March 01, 2006, 07:37:28 PM »

Hello,davcho what way did you uninstall Zone Alarm IE did you do it through the Zone Alarm built-in uninstaller ?
or did you use Add and Remove Programs control panel

As there are knowen issues with the Zone Alarm built-in uninstaller and can result in loss of network access..

Some more info on this please would help us ...

numbnuts...

Paddy · « **Reply #13 on:** March 01, 2006, 10:27:15 PM »

Hi davcho I see you have norton AV there also you might want to check this also ...
It can also interfere with the installation process..

Link
http://forum.zonelabs.org/zonelabs/board/message?board.id=inst&message.id=45710

numbnuts.

davcho · « **Reply #14 on:** March 03, 2006, 05:41:22 PM »

numbnuts - i could't find zonealarm in the add/remove programs control panel so i deleted the files from C/Program files/Zonealarm/ & try to clean install the latest one but the reboot thing still occur. ...BTW, i did tried the uninstaller earlier & the same thing happens

...as my PC is quite new, i remember about something weird when i first install Zonealaram, it did install normally but during the process of installing, it suddenly reboot & i was "what's happening???". After the reboot, i thought the installation failed but it was there & i checked it out & it is running normally so i didn't think of it any further until when i tried to upgrade. Could it be that my first installation is corrupted???

.....& fyi, after the upgrade failed when it reboot, zonealarm couldn't start & a window pops up & said that zonealarm failed to initialize because the vsutil.dll is missing or something like that & i have to restore it thru' Norton Go Back

....& also to let you know that Nortorn AV is already installed before i first install Zonealarm.

LandzDown Forum

News:

Author Topic: help (Read 4575 times)

davcho

help

mitch

Re: help

GR@PH;<'S

Re: help

Corrine

Re: help

LS SteveJ

Re: help

winchester73

Re: help

winchester73

Re: help

davcho

Re: help

GR@PH;<'S

Re: help

davcho

Re: help

GR@PH;<'S

Re: help

davcho

Re: help

Paddy

Re: help

Paddy

Re: help

davcho

Re: help