Home > Hjt Log > HJT Log - Win32.zlob Problem

HJT Log - Win32.zlob Problem

Mod:Edit/Info/merged into one/Razielplz don't post in your own thread until you get contact with the sec. looks like you have been infected by one of the many variants of the zlob trojan. Attempting to delete C:\WINDOWS\system32\2423242D262F2.exeC:\WINDOWS\system32\2423242D262F2.exe Has been deleted! This site is completely free -- paid for by advertisers and donations. http://filealley.com/hjt-log/hjt-log-generic-host-process-for-win32-services.html

Attempting to delete C:\windows\system32\qoixaokn.dllC:\windows\system32\qoixaokn.dll Could not be deleted. Widget Engine\YahooWidgetEngine.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\HJT\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://www.dell.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - EDIT: Turns out the blue screens were actually a fake screen saver. For Technical Support, double-click the e-mail address located at the bottom of each menu. https://forums.techguy.org/threads/solved-win32-zlob-trojan-removal-problem.580666/

The time now is 03:23 PM. 2003-2016 Check Point Software Technologies Ltd. I suppose I could stop it if I uninstalled my Flash player, but I really don't want to do that.Odd how ineffective AdAware and SpyBot S & D is.These AdDestination ads Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast!

Step 1 You must place HiJack this into it's own folder, If we ever need to restore any Item then this folder will safely store all entries and enable us to Manual run ZASS (ZA firewall will be OFF but Antivirus/Antispyware will be functional) 4. DO NOT have Hijack This fix anything yet. They're Windows Defender, Symantic Anti-virus Corporate Edition, Spybot Search and Destroy, and whatever is included with AOL.

INeedHelpFast., Jan 27, 2017, in forum: Virus & Other Malware Removal Replies: 0 Views: 92 INeedHelpFast. Attempting to delete C:\WINDOWS\system32\rMa01yyC:\WINDOWS\system32\rMa01yy Could not be deleted.Performing Repairs to the registry.Done!Beginning removal...ComboFix 07-11-19.3 - jwawok 2007-11-25 13:09:40.9 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT -5:00]Running from: C:\Documents and Settings\jwawok\Desktop\ComboFix.exe.((((((((((((((((((((((((( Files Attempting to delete C:\windows\system32\qoixaokn.dllboxC:\windows\system32\qoixaokn.dllbox Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.6.2Checking Java version...Scan started at 15:38:25 2007-11-24Listing files found while scanning....No infected files were found.Beginning removal... http://www.help2go.com/archive/index.php/f-40-p-14.html This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program.

I think it's way over my head. Set ZA antispyware to 'deep scan' (advanced options of the antivirus/antispyware tab) 5. Forbidden You don't have permission to access /archive/index.php/f-40-p-14.html on this server. Back to top #3 ourwilly ourwilly Member Members 206 posts Gender:Male Posted 20 March 2007 - 02:45 PM Hello Bubba5056 Copy and Paste this 'Fix' into either Notepad or Wordpad for

I took care of this "fake" Spyware virus & thought I had cleared everything out. visit Make sure to use NotePad and nothing else.File::C:\WINDOWS\system32\wiixuefl.iniC:\WINDOWS\system32\rnqlvoah.dllC:\WINDOWS\system32\mnxqlhug.iniC:\WINDOWS\system32\ClickToFindandFixErrors_US.icoC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\cbxvsst.dllC:\WINDOWS\system32\lmimirr.dllC:\WINDOWS\system32\lmimirr2.dllFolder::C:\WINDOWS\system32\484748514A535C:\WINDOWS\system32\rMa01yyC:\Temp\abW9Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0025FF5C-8A6F-421E-9C34-E2C63D9579D6}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{584E5B14-9FC3-4763-9F6D-59A91968D0C0}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83b2c75f-e948-4b5a-85fe-d8665d63bc77}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A695CA06-632B-4BA8-A2F1-225599FFE066}][hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}"=-[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECEBECF5EEF7F6F][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kic][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srrp]Save this as CFScript.txt, in the same location as ComboFix.exe Refering Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) I could not find this file which you wanted me to delete "C:\Program Files\RXToolBar" I even did a search on my PC and there's nothing named that.

Advice: Review the alert details to see why the software was detected. have a peek at these guys Back to top #8 Bubba5056 Bubba5056 Member Members 65 posts Posted 22 March 2007 - 06:02 PM Hello again, I ran CCleaner and did everything that you said. Please note - You must Install this version Offline. Open Hijack This and click on the "Open the Misc Tools section" button.

Mind you I don't know much about removing programs like this so it was my first instinct to go to Add/Remove Software Control Panel and remove it. Register now! I also tried to scan it in safe mode and turn off the system restore, but still fail.I got the trojan through mpcoded that i downloaded. check over here Attempting to delete C:\WINDOWS\system32\opnllij.dllC:\WINDOWS\system32\opnllij.dll Has been deleted!

Click on Help >> Help Topics. I've run Ad-Aware (obviously), Spybot, Window Defender, VundoFix, SDFix, SmitFraud Fix, FixIEDef, ComboFix, etc. Attempting to delete C:\WINDOWS\system32\484748514A535C:\WINDOWS\system32\484748514A535 Could not be deleted.

it seems to go away and then its back.

Lucian Bara 29.09.2006 18:24 Dowmnload it and unpack it.Then open it and choose "Do a scan and safe logfile". The Readme.txt file included has instructions on how to use it. ------------------------------ Reboot into Safe Mode by Shutting down your system, then Restart your computer as soon as it starts booting Also, you should always make a backup of the registry before editing it. If asked to update the program definitions, click "Yes".

Click here to join today! After I went to run "Kaspersky On-line Scanner". Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). this content By default it will install to C:\Program Files\Hijack This.

Attempting to delete C:\windows\system32\efqrpofj.dllC:\windows\system32\efqrpofj.dll Has been deleted! A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. Click the "Save List" button. Disable system restore; 2.

Advertisement Recent Posts No valid ip address error,... Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. The list will be saved as Uninstall_list.txt Please now Rescan with Hijack This and post: 1/ The new HijackThis log 2/ The Uninstall_list.txt 3/ The SmitfraudFix text file Thank you. Open the SmitfraudFix folder and double-click "smitfraudfix.cmd" Select option #1 - "Search" by typing "1" and press "Enter".

I'm sure I dont need all those things running at startup. If asked if you want to reboot, click "Yes". horndog187's/AdDestination Started by horndog187 , Apr 03 2009 06:07 PM Please log in to reply No replies to this topic #1 horndog187 horndog187 Member Members 13 posts Posted 03 April 2009 This feels like genuine progress.

Copy the whole log and post it here.Logfile of HijackThis v1.99.1Scan saved at 10:22:30 PM, on 9/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ishost.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet ZoneAlarm Technical Support Open Monday-Saturday 24 hours PST Click Here to Chat with Technical support now. 01/16/2017 Update 15.0.159.17147 version available freeto all users. Any way of identifing what I don't need there and permanetly get rid of it? After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected.

Attempting to delete C:\windows\system32\qoixaokn.dllboxC:\windows\system32\qoixaokn.dllbox Has been deleted! One was update 6 and one was update 10. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Select Scan Archives & Scan Mail Bases and then ok.

Ensable System restore 8.