scrane

Members
  • Content Count

    13
  • Joined

  • Last visited

About scrane

  • Rank
    Member
  1. Thank you for all your help. Stephen
  2. Here is an update. Thanks, Stephen Logfile of HijackThis v1.99.1 Scan saved at 6:23:56 PM, on 16/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program F
  3. There was no report generated. AVG picked up a few tracking cookies but no Zlob. My F-Secure software quaranteened a W32 Trojan that was deleted. Any ideas? Residual image? Thanks, Stephen
  4. Here is the full line. HKEY_CLASSES_ROOT\CLSID\{55385A7-4922-4e7e-B1C1-97140C1C16EF} Thanks, Stephen
  5. HKEY_CLASSES_ROOT\CLSID\{Bunch of #'s and letters} Does this mean anything?
  6. Thank you for all your help. I am running F-Secure that encompasses all of these. Obviously it is not perfect. I will add another couple of layers of protection. I did download a program called Spynomore. It still tells me that a Zlob trojan still resides. I am assuming it is reading a false positive? Thank you again for taking the time to take care of non-professional pc users like me. Stephen
  7. Here is the latest. Is this log easy to read for a trained person? Thanks, Stephen Logfile of HijackThis v1.99.1 Scan saved at 5:53:56 PM, on 13/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\
  8. Here is the smitfiles.txt report. smitRem © log file version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="7.0000" The current date is: 13/11/2006 The current time is: 16:56:09.90 Running from C:\Documents and Settings\Stephen Crane\Desktop\New Folder\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share
  9. Here is the updated report. Thanks, Stephen Logfile of HijackThis v1.99.1 Scan saved at 11:57:43 AM, on 13/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\WINDOWS\Explo
  10. Here is what the report kicked out. Anything serious? Thanks, Stephen Incident Status Location Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\curren
  11. I ran the tool and I believe the trojan has been removed. My home page is not hijacked anymore. Here is the report just to make sure. Thanks for your help. Stephen SmitFraudFix v2.120 Scan done at 19:11:10.64, 12/11/2006 Run from C:\Documents and Settings\Stephen Crane\Desktop\New Folder\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Micro
  12. I hope I did this right. SmitFraudFix v2.120 Scan done at 18:52:32.84, 12/11/2006 Run from C:\Documents and Settings\Stephen Crane\Desktop\New Folder\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»
  13. Someone in the family viewed a video and installed a codec. This contained a trojan that has taken over my brower. Try's to get you to install different kinds of spyware trackers and removers. Nasty thing. I have attached the Hijack log file. Can anyone help me? Thanks, Stephen Logfile of HijackThis v1.99.1 Scan saved at 6:09:57 PM, on 12/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\s