W32.WINSHOW.CW WONT BE DELETED
Started by
MEK2
, Jul 15 2005 09:52 AM
#1
Posted 15 July 2005 - 09:52 AM
#2
Posted 15 July 2005 - 09:56 AM
ZONE LABS PRO , ZONE LABS ANTI-VIRUS REPORT THIS VIRUS/TROJAN REFUSES TO BE DELETED, REPAIRED, AND/OR RENAMED. SPYBOT INDICATES NO ADVERSE PROGRAMS/BUGS...ETC. ANY ADVICE ON .....REMOVAL TOOL ? PROCEDURE TO GET RID OF IT....WILL BE GREATLY APPRECIATED ! THANKS VERY MUCH ! >>>> HELP?
HIJACK THIS LOG 11:55AM 07/15/05 >>>>>>>>
Logfile of HijackThis v1.99.1
Scan saved at 11:54:14 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\lxbscoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft LSASS32 Protocol] lsass32.exe
O4 - HKLM\..\Run: [MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
HIJACK THIS LOG 11:55AM 07/15/05 >>>>>>>>
Logfile of HijackThis v1.99.1
Scan saved at 11:54:14 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\lxbscoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft LSASS32 Protocol] lsass32.exe
O4 - HKLM\..\Run: [MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users