Author Topic: Malware? (Read 5136 times)

craige · « **on:** June 10, 2006, 08:11:37 PM »

i was told that some one here might be able to help me with what ever this problem is\
http://forum.avast.com/index.php?topic=21563.0

mitch · « **Reply #1 on:** June 10, 2006, 09:50:06 PM »

how old is the D drive?
or is it just a partition of the c drive?

what other anti-mailware programs have you tried?

can you right click any file and select properties? if so anything unusual about the " last modified date"?

craige · « **Reply #2 on:** June 10, 2006, 11:21:15 PM »

the d drive is a drive by its self and its only about a year and a little over half old. iv just used avast and zonelab and avast found win32:dialer-461 [Trj]. and when i click properties one any thing in d it shows no ms-dos name and modified says [unknown] along with created and accessed. but my Recycling bin is fine. and both times this happened i was running bitlord and it froze after about a gig or two was downloaded and when i restarted they were like this. the second time there was about 2 to 3 hours after it froze that i found it and restarted it. when i try and scan for errors it gets to checking for lost file fragments and freezes, iv left it for about an hour after this happens and i can still move the mouse but the clock is stoped and i cant click any thing.

craige · « **Reply #3 on:** June 10, 2006, 11:38:52 PM »

btw im on cable so i dont think that dialer did any thing

mitch · « **Reply #4 on:** June 11, 2006, 12:11:02 AM »

ok, lets do a few things first

run a ad-aware log and post it here ok?

here is the info on "how to"
http://www.landzdown.com/index.php?topic=425.0

let's see what it says first ok?

don't want to have you run a bunch of things, let's do it nice and slow and safe !

and have you tried to do a "error check scan" in SAFE mode?

and sounds like you also could use some good protection

click my sig and just READ "how did i get infected" we can do all that after you are back to normal

mitch

GR@PH;<'S · « **Reply #5 on:** June 11, 2006, 12:12:43 AM »

craige,
Please can you make sure that you are using
Ad-aware SE Build 106
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R111 08.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98/ME users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default.

GR@PH;<'S

craige · « **Reply #6 on:** June 11, 2006, 12:21:36 AM »

iv already got adaware se but havnt ran it as zonelab has an anti spyware thing. let me ru adaware

craige · « **Reply #7 on:** June 11, 2006, 12:24:54 AM »

and iv tryed running it in safe mode and it does the same thing. and iv tryed in msdos and get bad file command and it now restarts in msdos every time i restart. iv typed win and it loads msdos so iv gone to step by step and oking every thing but dos and then loading all windows drivers and it works

craige · « **Reply #8 on:** June 11, 2006, 12:57:00 AM »

here

Quote

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 10, 2006 5:56:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R111 08.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

6-10-06 5:56:23 PM - Scan started. (ADS scan)
Performing deep Scan and listing Alternate Data Streams...

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
C: Drive does not support Alternate Data Streams.
Performing deep scan...

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
D: Drive does not support Alternate Data Streams.
Performing deep scan...

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 7\general
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

6:04:24 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:00.210
Objects scanned:24884
Objects identified:0
Objects ignored:0
New critical objects:0

mitch · « **Reply #9 on:** June 11, 2006, 01:14:48 AM »

ok the mru's can be deleted !

go here
http://www.ewido.net/en/download/

It is a free version of the program.

* Install ewido AntiMalware
* Launch ewido, there will be a large yellow E icon on your desktop, double-click it.
* The program will prompt you to update. Click the OK button.
* The program will now open to the main screen
* On the left-hand side of the main screen, click on Update
* Click on Start. The update will start and a progress bar will show the updates being installed.
* When complete, the status bar at the bottom will display "Update successful".

NOTE the first 30 days it is the full version and you will have active scanning
at the end of 30 days you can uninstall it or have it as a good manual scanner

run a scan and save the log and post it here ok?
let's see what they find ( they are true malware tools, not wanna-be's)

the above ewido instructions copied from one of corine's post

craige · « **Reply #10 on:** June 11, 2006, 01:18:02 AM »

oops didnt run full scan

Quote

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 10, 2006 6:20:29 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R111 08.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

6-10-06 6:20:29 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 7\general
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : .DEFAULT\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279205605
Threads : 6
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294901793
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294915729
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951845
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSGLOOP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950869
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright (c) Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:6 [VSMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\ZONELABS\
ProcessID : 4294739825
Threads : 24
Priority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:7 [MSG32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294746193
Threads : 2
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:8 [FIRESVC.EXE]
FilePath : C:\PROGRAM FILES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\
ProcessID : 4294788789
Threads : 13
Priority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : McAfee Desktop Firewall
CompanyName : Networks Associates Technology, Inc.
FileDescription : Fire Service
InternalName : FireService
LegalCopyright : Copyright © 2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : Network Associates, McAfee
OriginalFilename : FireSvc.exe

#:9 [FRAMEWORKSERVICE.EXE]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\
ProcessID : 4294785637
Threads : 12
Priority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:10 [ASHSERV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294834817
Threads : 24
Priority : Normal
FileVersion : 4, 7, 844, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe

#:11 [NAPRDMGR.EXE]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\
ProcessID : 4294700145
Threads : 6
Priority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294566793
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294556881
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:14 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294552481
Threads : 2
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:15 [ATICWD32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294329993
Threads : 1
Priority : Normal
FileVersion : 4.10.2339
ProductVersion : 4.10.2339
ProductName : ATI Technologies Inc.
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATICWD32
LegalCopyright : Copyright © ATI Technologies Inc., 1998
OriginalFilename : ATICWD32.EXE

#:16 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294314849
Threads : 8
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:17 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294374081
Threads : 1
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:18 [MMKEYBD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294349673
Threads : 7
Priority : Normal
FileVersion : 3.0.6.5
ProductVersion : 3.0.6.5
ProductName : One-touch Multimedia Keyboard
CompanyName : Netropa Corp.
FileDescription : One-touch Multimedia Keyboard
InternalName : MMKEYBD
LegalCopyright : Copyright © 1995-1998 Netropa Corp.
All Rights Reserved.
OriginalFilename : MMKEYBD.EXE

#:19 [MA2507MON.EXE]
FilePath : C:\PROGRAM FILES\HI-SPEED USB-TO-IDE WIN98 DRIVER\
ProcessID : 4294405789
Threads : 1
Priority : Normal
FileVersion : 1, 4, 0, 12
ProductVersion : 1, 4, 0, 12
ProductName : Hi-Speed USB-to-IDE
CompanyName : Prolific Technology Inc.
FileDescription : PL2507 Safely Remove Hardware
InternalName : PL2507MON
LegalCopyright : Copyright (C) Prolific Technology Inc.
OriginalFilename : PL2507MON.EXE
Comments : License to Maxtor Corporation

#:20 [AVGAMSVR.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294204933
Threads : 4
Priority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:21 [UPDATERUI.EXE]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\
ProcessID : 4294208861
Threads : 5
Priority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:22 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294208117
Threads : 1
Priority : Normal
FileVersion : 3.0.6.4
ProductVersion : 3.0.6.4
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright © 1998, Netropa Corp.
OriginalFilename : KeybdMgr.exe

#:23 [TBMON.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\NETWORK ASSOCIATES\TALKBACK\
ProcessID : 4294185949
Threads : 1
Priority : Normal
FileVersion : 2.0.266.0
ProductVersion : 2.0.266.0
ProductName : TalkBack Monitor
CompanyName : Network Associates, Inc.
FileDescription : TalkBack Monitor
InternalName : TBMON
LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : McAfee & Network Associates are registered trademarks of Netxt
OriginalFilename : TBMON.EXE

#:24 [ZLCLIENT.EXE]
FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\
ProcessID : 4294203677
Threads : 11
Priority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:25 [ASHWEBSV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294245109
Threads : 19
Priority : Normal

#:26 [OSD.EXE]
FilePath : C:\PROGRA~1\NETROPA\ONSCRE~1\
ProcessID : 4294259225
Threads : 1
Priority : Normal
FileVersion : 2.42
ProductVersion : 2.42
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1995-1998 Netropa Corp.
LegalTrademarks : Netropa
OriginalFilename : OSD.EXE

#:27 [FIRETRAY.EXE]
FilePath : C:\PROGRAM FILES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\
ProcessID : 4294303637
Threads : 3
Priority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : McAfee Desktop Firewall
CompanyName : Networks Associates Technology, Inc.
FileDescription : McAfee Desktop Firewall Tray Application
InternalName : FireTray
LegalCopyright : Copyright © 2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : Network Associates, McAfee
OriginalFilename : FireTray.exe

#:28 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294155233
Threads : 2
Priority : Realtime
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2001
OriginalFilename : DDHelp.exe

#:29 [FIREFOX.EXE]
FilePath : C:\PROGRAM FILES\MOZILLA FIREFOX\
ProcessID : 4294261945
Threads : 10
Priority : Normal

#:30 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293918801
Threads : 9
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:31 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294381173
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 11

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

6:30:25 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:56.270
Objects scanned:62796
Objects identified:0
Objects ignored:0
New critical objects:0

craige · « **Reply #11 on:** June 11, 2006, 01:20:56 AM »

dont make fun of me but im still on 98. im trying to build a new computer and should be able to finish it once school gets out and i can get a job

mitch · « **Reply #12 on:** June 11, 2006, 03:35:06 AM »

did you see my post above?
run ewido

and you can only run one firewall at a time!!

you have ZA and Mcafee??????

FilePath : C:\WINDOWS\SYSTEM\ZONELABS\

FilePath : C:\PROGRAM FILES\MCAFEE DESKTOP FIREWALL FOR WINDOWS 98\

and just as bad with 2 a/v's?

FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\

FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\

craige · « **Reply #13 on:** June 11, 2006, 03:47:44 AM »

the mcafee this is a desktop firewall, it contrals programs. and i removed avg and avast, zonelab has a anti virus in it. and ill run that program but it says its for 2000 and xp

craige · « **Reply #14 on:** June 11, 2006, 03:55:19 AM »

i tryed ewido and i get "ewido needs 2000 or higher to run"

LandzDown Forum

News:

Author Topic: Malware? (Read 5136 times)

craige

Malware?

mitch

Re: Malware?

craige

Re: Malware?

craige

Re: Malware?

mitch

Re: Malware?

GR@PH;<'S

Re: Malware?

craige

Re: Malware?

craige

Re: Malware?

craige

Re: Malware?

mitch

Re: Malware?

craige

Re: Malware?

craige

Re: Malware?

mitch

Re: Malware?

craige

Re: Malware?

craige

Re: Malware?