Zlob downloader

seathach · June 09, 2006, 05:34:28 PM

I have Zlob. downloader. Avg didn't find it but sb s&d did but it can't remove it. I couldn't do it manually, it said a program was using it. How do I get rid if it?

Cheers Fraser :shock:

GR@PH;<'S · June 09, 2006, 08:44:23 PM

seathach,
Please can you make sure that you are using
Ad-aware SE Build 106
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R111 08.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98/ME users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default.
GR@PH;<'S :breakkie:

seathach · June 09, 2006, 09:12:12 PM

Thanks for the reply I hope this is what you're looking for:

Ad-Aware SE Build 1.05
Logfile Created on:09 June 2006 22:03:04
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R111 08.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
EzuLa(TAC index:6):18 total references
MRU List(TAC index:0):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

09-06-2006 22:03:04 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\IDEAs\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\IDEAs\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-73586283-746137067-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 408
ThreadCreationTime : 09-06-2006 18:45:02
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 456
ThreadCreationTime : 09-06-2006 18:45:05
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 09-06-2006 18:45:06
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 09-06-2006 18:45:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 09-06-2006 18:45:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 09-06-2006 18:45:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 09-06-2006 18:45:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 09-06-2006 18:45:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 09-06-2006 18:45:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 09-06-2006 18:45:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1184
ThreadCreationTime : 09-06-2006 18:45:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1288
ThreadCreationTime : 09-06-2006 18:45:16
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1324
ThreadCreationTime : 09-06-2006 18:45:16
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1356
ThreadCreationTime : 09-06-2006 18:45:16
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:15 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1392
ThreadCreationTime : 09-06-2006 18:45:16
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1404
ThreadCreationTime : 09-06-2006 18:45:17
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1512
ThreadCreationTime : 09-06-2006 18:45:18
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZONELABS\
ProcessID : 1588
ThreadCreationTime : 09-06-2006 18:45:19
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:19 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1664
ThreadCreationTime : 09-06-2006 19:17:29
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:20 [mouse32a.exe]
FilePath : C:\Program Files\Kensington\Kensington Mouse 1.1\
ProcessID : 2000
ThreadCreationTime : 09-06-2006 19:18:31
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

#:21 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 1876
ThreadCreationTime : 09-06-2006 19:18:35
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:22 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 436
ThreadCreationTime : 09-06-2006 19:18:38
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:23 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 792
ThreadCreationTime : 09-06-2006 19:18:55
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 276
ThreadCreationTime : 09-06-2006 19:18:59
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:25 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 1064
ThreadCreationTime : 09-06-2006 19:19:04
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:26 [e_s4i0t1.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 600
ThreadCreationTime : 09-06-2006 19:19:08
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S4I0T1
LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2004
OriginalFilename : E_S4I0T1.EXE

#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 940
ThreadCreationTime : 09-06-2006 19:19:21
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [myspaceim.exe]
FilePath : C:\Program Files\MySpace\IM\
ProcessID : 1548
ThreadCreationTime : 09-06-2006 19:19:28
BasePriority : Normal
FileVersion : 1.0.312.0
ProductVersion : 1.0.312.0
ProductName : MySpaceIM
FileDescription : MySpace Instant Messenger
InternalName : MySpaceIM
LegalCopyright : Copyright MySpace.com 2006. All rights reserved.
OriginalFilename : MySpaceIM.exe

#:29 [easyshare.exe]
FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\
ProcessID : 1716
ThreadCreationTime : 09-06-2006 19:20:02
BasePriority : Normal
FileVersion : 5, 2, 30, 84
ProductVersion : 5, 2, 0, 49
ProductName : KODAK EasyShare Software
FileDescription : KODAK EasyShare Software
InternalName : EasyShare
LegalCopyright : © Eastman Kodak Company, 2002-2005. All Rights Reserved.
OriginalFilename : EasyShare.exe

#:30 [kodak software updater.exe]
FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\
ProcessID : 2084
ThreadCreationTime : 09-06-2006 19:20:11
BasePriority : Normal

#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2344
ThreadCreationTime : 09-06-2006 19:22:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3944
ThreadCreationTime : 09-06-2006 20:58:45
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1924
ThreadCreationTime : 09-06-2006 21:01:43
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{10049d2a-2965-4e4f-8c7e-cb33ad95feb7}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{10049d2a-2965-4e4f-8c7e-cb33ad95feb7}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0fd6420a-f789-40ae-b921-3983f84e074e}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0fd6420a-f789-40ae-b921-3983f84e074e}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{994a0535-b09c-4d1c-aa4a-2f76002349b1}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{994a0535-b09c-4d1c-aa4a-2f76002349b1}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{82910ce3-d86a-435a-a519-6a8c369855d3}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 21

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
109 entries scanned.
New critical objects:0
Objects found so far: 21

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : le.toy24

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : le.toy24
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : le.toy24.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : le.toy24.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : onone.thegimp

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : onone.thegimp
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : onone.thegimp.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : onone.thegimp.1
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\microsoft\internet explorer\urlsearchhooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\microsoft\internet explorer\toolbar\shellbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 32

22:19:41 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:36.584
Objects scanned:114433
Objects identified:18
Objects ignored:0
New critical objects:18

Corrine · June 10, 2006, 10:49:02 PM

Hi, seathach. I posted a reply in your HJT thread, here: http://www.landzdown.com/index.php?topic=5903.msg28001#new

Zlob downloader

seathach

GR@PH;<'S

seathach

Corrine