Results 1 to 7 of 7

Thread: Suspected Trojan Horse Infection

  1. 2006-05-01, 05:33 #1
    txag89
    txag89 is offline
    Junior Member
    Join Date
    May 2006
    Posts
    4

    Default Suspected Trojan Horse Infection

    My PC recently was infected by a trojan horse that redirected my IE homepage to a anti-spyware vendor's home page, in addition to other problems. I followed the instructions given in the following thread:http://forums.spybot.info/showthread.php?t=4015

    Following these instructions seemed to have helped, but I don't know if it has completely eliminated the problem. Can someone confirm that my issue is fixed?

    Attached are the requested log files.

    rapport.txt
    SmitFraudFix v2.37

    Scan done at 22:02:28.43, Sun 04/30/2006
    Run from C:\Documents and Settings\Roark Pollock\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\Program Files\Security Toolbar\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» End


    ewido log
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:00:17 PM, 4/30/2006
    + Report-Checksum: FE75A040

    + Scan result:

    C:\Documents and Settings\MCX1\Cookies\mcx1@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
    :mozilla.207:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.208:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.209:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.211:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.212:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.254:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.257:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.281:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.282:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.283:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.284:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.285:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.286:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.301:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.302:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.303:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.304:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.305:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.306:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.337:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.338:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.376:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.377:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.461:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.462:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.466:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.482:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.483:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.484:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.485:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.486:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.487:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.488:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.522:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.523:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.524:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.525:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.526:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.528:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.546:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.573:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.574:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.575:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.576:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.577:C:\Documents and Settings\Roark Pollock\Application Data\Mozilla\Firefox\Profiles\dgpke7d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup
    C:\WINDOWS\SYSTEM32\dcomcfg.exe -> Downloader.Zlob.mj : Cleaned with backup
    C:\WINDOWS\SYSTEM32\hp81FC.tmp -> Downloader.Zlob.mr : Cleaned with backup
    C:\WINDOWS\SYSTEM32\simpole.tlb -> Downloader.Zlob.mj : Cleaned with backup


    ::Report End

    I will post the HJT log in the next message.

    Thanks for any help you can lend.
  2. 2006-05-01, 05:34 #2
    txag89
    txag89 is offline
    Junior Member
    Join Date
    May 2006
    Posts
    4

    Default The HJT log

    Here is the HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:08 PM, on 4/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\EHOME\RMSysTry.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: ItsDeductiblePopUp.lnk = C:\Program Files\ItsDeductible\ItsDeductible.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146441161083
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...3/cpbrkpie.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  3. 2006-05-01, 17:06 #3
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Hello and welcome to the forum. There are still some nasties, let's do this:

    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...3/cpbrkpie.cab

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    Enable hidden files&folders..reverse the process when finished.
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    RIGHT Click on Start then click on Explore. Locate and delete these items:

    C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
    Prefetch info: http://www.windowsnetworking.com/art...efetch-XP.html

    Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
    Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

    Restart the computer and post a new HJT log along with your comments. How is the computer running now?

    Thanks...pskelley
    Safer Networking Forums
  4. 2006-05-02, 03:10 #4
    txag89
    txag89 is offline
    Junior Member
    Join Date
    May 2006
    Posts
    4

    Default

    I have completed the instructions you gave me pskelley. The ccleaner utility found a very large number of registry entries to delete - it took 3 runs to completely clear all the issues. The PC appears to be running normally, but it did take an unusually long time to boot the first time after the changes.

    However, I can't find any evidence of the previous problems. Below is the HJT log file. Please let me know if you see any other issues at this point or if there are any other steps I should take.

    Thanks.
    ------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 8:02:41 PM, on 5/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\EHOME\RMSysTry.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\EHOME\RMSysTry.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: ItsDeductiblePopUp.lnk = C:\Program Files\ItsDeductible\ItsDeductible.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146441161083
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  5. 2006-05-02, 03:27 #5
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Hello and thanks for returning the information. First, here is some information to help control those nasty cookies in Firefox:
    http://privacy.getnetwise.org/browsi...disablecookies
    http://www.mozilla.org/projects/secu...priv_help.html

    Cleaning the Prefetch does slowdown a few boots until windows repopulates it for you. I don't suggest you clean it more often than was suggested in the link. I always do mine if I notice my computer getting sluggish.
    You are also running ewido, if you don't own it, read the information I post later.

    Your HJT log looks clean of malware, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://boards.cexx.org/viewtopic.php?t=957
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    Here is some information that might help with the overall performance:
    http://www.microsoft.com/windows/IE/.../IEtopten.mspx
    http://vlaurie.com/computers2/Articles/runbetter.htm
    http://www.linkgrinder.com/tutorials...s_article.html
    http://www.techbuilder.org/recipes/59201471

    Safe surfing...Phil

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
  6. 2006-05-02, 16:01 #6
    txag89
    txag89 is offline
    Junior Member
    Join Date
    May 2006
    Posts
    4

    Default

    Thanks very much for the help pskelley. I also appreciate the follow-on information to help me prevent the issues from re-occurring. Hopefully I will not have to return to this particular forum with problems.

    Take care and thanks again!

  7. 2006-05-06, 01:54 #7
    CalamityJane
    CalamityJane is offline
    In Memoriam -Always in our heart CalamityJane's Avatar
    Join Date
    Oct 2005
    Location
    Central Florida, USA
    Posts
    651

    Default

    Since it appears your issues have been resolved, I'll go ahead and close and archive this thread. Should you need it reopened for any reason, please feel free to PM me or one of the Forum Leaders
    Microsoft MVP 2003-2009
    Windows-Security
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules