Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HijackThis log - please review, with many thanks

Started by rtag63 , May 27 2006 04:09 AM

  • This topic is locked This topic is locked
7 replies to this topic

#1 rtag63

rtag63

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 May 2006 - 04:09 AM

Dear Mr. Coyote!

Enclosed is my log file from HijackThis. My computer has been impossible with:

res://c:\windows\system32\shdoclc.dll/navcancl.htm

preventing me from using IE.

Help me Obi-WAn, you're our only hope!

Any assistance would be greatly appreciated.

PS - Ad-Aware, Windows Defender, Registry Cure, WINTASK 5 Pro have all been used with no success.

Thank you,
rtag63



Logfile of HijackThis v1.99.1
Scan saved at 5:32:32 AM, on 5/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\RobenShannon\Desktop\Roben\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Controller.LNK = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

http://autosupport.i...oad/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -

https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo.walgree...eensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1129768948703
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) -

http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} -

C:\WINDOWS\system32\config\atuvp\ShellService.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\system32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove

#2 rtag63

rtag63

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 June 2006 - 09:52 AM

I posted yesterday and am adding info. IE 6 does not allow me to browse for more then 5 seconds. The culprit seems to be Res.//c://windows/system32/shdoclc.dll/navancl.htm.

I am reposting my Hijack log.

I would appreciate any help as IE is completely useless now.

Regards, rtag63

_____________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 7:31:44 AM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\RobenShannon\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://autosupport.i...oad/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129768948703
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atuvp\ShellService.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#3 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 July 2006 - 06:29 PM

rtag63, :D

Welcome to the forum, sorry for the delay in responding. You need to stay in this thread only by using the Add Reply Button and not the New Topic button .



* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK




Download and install the 30 day trial of Ewido Anti-Spyware from HERE and save that file to your desktop.

* Once you have downloaded Ewido Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run Ewido and update the definition files.
* On the main screen select the icon Update then select the Update now link.
* Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
* Once in the Settings screen click on Recommended actions and then select Quarantine
* Under Reports
* Select Automatically generate report after every scan
* Un-Select Only if threats were found
* Close Ewido Anti-Spyware <-- Do not run the scan yet.



Open HJT Scan Only, close your browser and all open windows, check this items and click on Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://autosupport.i...oad/tgctlsr.cab

O20 - Winlogon Notify: pmkjg - C:\WINDOWS\

O21 - SSODL: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atuvp\ShellService.dll





Boot your computer into Safemode

* Go to Start> Shut Off your Computer> Restart
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
* Use the Up and Down Arrow Keys to scroll up to SAFEMODE
* Then press the Enter on your Keyboard

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

* Lauch Ewido-Anti-Spyware by double-clicking the icon on your desktop.
* Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
* Ewido will now begin the scanning process, be patient this may take a little time.
* Once the scan is complete do the following:
* If you have any infections you will prompted, then select Apply all actions
* Next select the Reports icon at the top.
* Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
*** make sure to remember where you saved that file, this is important
* Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido report scan.



Still in Safemode, look for this file and delete it by right clicking on Start and then click on Explore and navigate to the following file.

C:\WINDOWS\system32\config\atuvp


Reboot back into Normal mode.

Lets run a system cleaner to clean out all the temp files and such that may be clogging you up.

Download and Install CCleaner
* Click on Run Cleaner
Tutorial for CCleaner



I need to see the Ewido report and a new HJT log.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#4 rtag63

rtag63

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 12 July 2006 - 10:37 PM

My logs. I am using IE6 so far so good. Have been using Firefox 'cause IE6 was useless. Thank you.

rtag63

Logfile of HijackThis v1.99.1
Scan saved at 11:22:06 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\RobenShannon\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


wido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:14:51 PM 7/12/2006

+ Scan result:



:mozilla.33:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.166:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.167:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.10:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.7:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.34:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.92:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.93:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.94:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.60:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.70:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.120:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.121:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.122:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.123:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.124:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.125:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.126:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.173:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.174:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.38:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.39:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.40:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.41:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.42:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.116:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.117:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.36:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.37:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.96:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.97:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.98:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.100:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.99:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.137:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.138:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.139:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.140:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.209:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.210:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.211:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.212:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.213:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.214:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.215:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.216:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.8:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\RobenShannon\Cookies\robenshannon@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.72:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\RobenShannon\Cookies\robenshannon@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:16:35 PM 7/12/2006

+ Scan result:



:mozilla.33:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\RobenShannon\Cookies\robenshannon@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\RobenShannon\Application Data\Mozilla\Firefox\Profiles\zw6ipajz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\RobenShannon\Cookies\robenshannon@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:22:52 AM 7/13/2006

+ Scan result:



Nothing found.


::Report end

#5 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 July 2006 - 05:53 AM

rtag63 :D

Good Job, your log is clean :thumbup: If you look at your Ewido report, all it picked up where cookies. Ewido is a 30 day trial but after the 30 days, you can keep the program, you will just lose the background guard feature. You still will be able to check for updates, run the scans and remove what it finds. You should have it set this way.
Once in the Settings screen click on Recommended actions and then select Quarantine


There a a couple of minor issues we need to fix, you should temporarally disable Windows Defender.

We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.

Open HJT Scan Only, close your browser and all open windows and fix these two entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =



Your Java is out of date and leaving your system vunerable, you can update it here.

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:
    [list]
    http://www.java.com/en/download/manual.jsp



Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this



Download and Install CCleaner
* Click on Run Cleaner
Tutorial for CCleaner




* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.


Now Empty your Recycle Bin




* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one
AVG Free Edition
AntVir Personal Edition



* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.


* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.


* Spyware Blaster It will prevent most spyware from ever being installed.


* Spyware Guard It offers realtime protection from spyware installation attempts.


* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.


* IE- Spyad IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents downloads and (cookies etc) from the sites listed, although you will still be able to connect to the sites.


* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this for awhile, you will want to make it your default.


* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine, this has a good spam filter and is more secure than Outlook Express.


* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.


* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.



Thanks for stopping by Tom Coyote, I was glad to be able to help you. I will leave this thread open for about a week or so in case you have any other questions.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#6 rtag63

rtag63

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2006 - 07:58 AM

Ken, Many thanks. I will complete the rest tonite. I have always used ad-aware, spybot, etc. I think this infection occurred after I replaced zone-alarm with Mcafee becuase I received it through Comcast. I have since replaced it with my zone-alarm again. It's an awesome program - with it I never had any problems. While IE was crapped out I was using Firefox. I have used it off and on for a couple of years. I stopped because some of the local county gov. sites don't work with firefox so my wife was unable to use them. I intend to keep the firefox and at your suggestion I think I will set up the thunderbird. I intend to send you guys a donation - I think it is a great thing that you are spending hours helping people. Nice to know people like you are still around. Many thanks, Roben Taglienti

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 July 2006 - 08:12 AM

Hi Robin, :wavey:

I have used the free version of Zone Alarm for about the past 5 years. I also use Firefox as my default browser, my wife still likes to use IE :(
I also use Thunderbird mail.

I tend to stay away from the Security Suites like Nortons or Mcafee, allthough they are good programs they tend to be resource hogs and sometimes can bog down your system. I just use a stand alone version of Norton and Zone Alarm. Keep in mind that with Anti Virus software, more is not better , just use one.


Any donation, big or small just helps keep us online, we are all just volunteers because we do not like the people that write this garbage and like helping nice people like yourself.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 July 2006 - 01:33 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·