Thread: Lost log in cookies
View Single Post
  #32 (permalink)  
Old 07-17-2009, 01:50 PM
Mike
Newsgroup Contributor
  
Posts: n/a
Re: Lost log in cookies
Update

I was running Zone Alarm, Avira AV, Spybot and Lavasoft adaware.
However partly due to this problem and because of a good free offer via my
bank I now use Kaspersky 8 and have removed Spybot and Lavasoft.
Clearly ZA and Avira have gone also.

The problem persists.

My security is now:

Kaspersky 8.
SpywareGuard
SpywareBlaster
SupderAntiSpyware 4.
Malwarebytes' Anti-Malware

Apart from the changes with Kaspersky my system had been stable and well for
over two years.

No scanner finds any infection.


So what could be responsible?

Here then is a hijack this log in case anyone can spot the problem.
Note that the symantec ref is just for Norton Ghost and that all other
Norton applications and left overs have been well removed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:01, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\GEARSec.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Norton Ghost\Agent\VProSvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PGPsdkServ.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
E:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Password Safe\pwsafe.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program
Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Encarta Web Companion Helper Object -
{955BE0B8-BC85-4CAF-856E-8E0D8B610560} - E:\Program Files\Common
Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer -
{E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4}
- E:\Program Files\Common Files\Microsoft Shared\Encarta Web
Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]
"E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType
Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series]
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE /P30 "EPSON Stylus
Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "E:\Program Files\Norton
Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet
Security 2009\avp.exe"
O4 - HKLM\..\Run: [SmartDefrag] "E:\Program Files\IObit\IObit
SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - E:\Program
Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -
E:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Gears Settings -
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
E:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
E:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web traffic protection statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} -
E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\mswsock32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{A8F5FCA6-48BB-4538-8EE1-4BF55A385B87}:
NameServer = 192.168.90.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,E:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,E:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,E:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner -
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance
(FirebirdServerMAGIXInstance) - MAGIX® - E:\Program
Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - E:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner
- E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner -
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Norton
Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation -
E:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -
E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner
- E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -
file:///E:/WINDOWS/TEMP/msohtml1/01/clip_image002.gif

--
End of file - 10803 bytes


I have now spent several 100 hours trying to resolve this problem :-(
Reply With Quote

 
Old 07-17-2009, 01:50 PM