hjt log Please Read (Resolved)

  1. 31-10-2004  #1
    Susangirl
    Susangirl is offline Newbie

    hjt log Please Read (Resolved)

    Good Day and Thank-you,

    Last evening I ran Spybot, Adware, PestPatrol, CWShredder and my Norton AV. Only spybot came back with this: coolwwwSearch.msconfig It took multiple times to delete, I even did an uninstall/reinstall of spybot. It is now deleted and honestly I do not see anything untowards w/my computer. I am looking for assurance that I am safe and nothing is being redirected. If it helps in reading my log I can tell you the following programs are all recognizable to me and I've used w/o conflict for varying periods of time: Invention Pilot\Tray Pilot Lite>Application Data\Map Maker>Cogitum\Image Co-Tracker>Cogitum Co-Citer\CogitumHelpers>Program Files\FreshWatch>moneycentral.msn.com/... and this which is under a trial period for web building http://install.homestead.com. I believe all my other programs are rather "popular" or recognizable and I hope I've provided the most prudent info I can. I just need reassurance that I'm ok and properly protected and I thank-you so very much for your time and effort.

    Logfile of HijackThis v1.98.2
    Scan saved at 1:47:50 PM, on 10/31/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe
    C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\MRU-Blaster\scheduler.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\username\Application Data\Invention Pilot\Tray Pilot Lite\MMManager.exe
    C:\Program Files\LockJar\LockJar.exe
    C:\Documents and Settings\username\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.myway.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe"
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: SunClock5.lnk = C:\Documents and Settings\username\Application Data\Map Maker\MMManager.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Grab &Image - C:\Program Files\Cogitum\Image Co-Tracker\grab.htm
    O8 - Extra context menu item: Grab &Selected Text... - res://C:\Program Files\Cogitum Co-Citer\CogitumHelpers.dll/ctGrab.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Passcards &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra 'Tools' menuitem: Passcards &. - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Image Co-Tracker - {7F17B2B0-A7EA-11d3-AA97-00C0F048995B} - C:\Program Files\Cogitum\Image Co-Tracker\app.hta
    O9 - Extra 'Tools' menuitem: &Image Co-Tracker - {7F17B2B0-A7EA-11d3-AA97-00C0F048995B} - C:\Program Files\Cogitum\Image Co-Tracker\app.hta
    O9 - Extra button: Add URL - {CA095B3E-B06D-4128-B703-DE19489E7B63} - C:\Program Files\FreshWatch\FWadd.exe
    O9 - Extra 'Tools' menuitem: Add to FreshWatch - {CA095B3E-B06D-4128-B703-DE19489E7B63} - C:\Program Files\FreshWatch\FWadd.exe
    O9 - Extra button: FreshWatch - {CA095B3E-B06D-4128-B703-DE19489E7B64} - C:\Program Files\FreshWatch\FreshWatch.exe
    O9 - Extra 'Tools' menuitem: Open FreshWatch - {CA095B3E-B06D-4128-B703-DE19489E7B64} - C:\Program Files\FreshWatch\FreshWatch.exe
    O9 - Extra button: Co-Citer - {CDE56277-42BE-11d4-B79C-00C0F04903DC} - C:\Program Files\Cogitum Co-Citer\Co-Citer.exe
    O9 - Extra 'Tools' menuitem: Cogitum &Co-Citer - {CDE56277-42BE-11d4-B79C-00C0F04903DC} - C:\Program Files\Cogitum Co-Citer\Co-Citer.exe
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://liverep.esignal.com/netagent/.../custappx3.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095880706312
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rcec.webex.com/client/latest...rt/ieatgpc.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
  2. 01-11-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Only this entry needs to go:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.myway.com/

    Close all browser windows, restart Hijack This and put a checkmark next to that entry and click Fix Checked.

    Nothing wrong otherwise.
  3. 01-11-2004  #3
    Susangirl
    Susangirl is offline Newbie
    I much appreciative Owen....thank-you for your time and effort!

    Susan
  4. 02-11-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    You seem to be pretty well protected, so happy surfing.
  5. 05-11-2004  #5
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    This thread has been Resolved and has been locked to prevent other users hijacking the thread and to help others know which threads have been Resolved and which are still being worked on.

    If you started this thread and the problem returns or the case has not been properly Resolved, please send a Private Message to an Administrator or a Moderator of this forum to have the thread opened again. If you have a different problem, please start a new thread.
Closed Thread
« Another fooled by About:Blank in need... (Resolved) | HijackThis log (Resolved) »