internet garbage infesting my computer-?Triton Technologies?

[db]

I used Corrine and Boz's advice and tried Ad-aware6. I also tried another one. Ad-aware is great and finds a lot of stuff but not all of it.

It seems that most of the pop ups and junk infesting my computer has "Triton Technologies" on it's header. "Triton Technologies" also appears in the address bar in the middle, surrounded by commas, on a lot of regular stuff that i want. Is it something that has taken over and is inviting garbage over for beer and pizza? BTW: I have used Mcafee, Norton Symantec, Ad-aware and the Triton Trash is still there.

WTF is "Triton Technologies"? Can i get rid of it?

BTW: I tried a lot of the sites that i go to individually and Ad-awared the computer in between. Heres what i found, the number is the number of offending files or folders that Ad-aware found and deleted after one visit:

6 - Mailcity....yes thats 6! I.m going to loose that email address.
2 - Ebay
1 - Hotmail
0 - Google, however you can get a lot of garbage clicking on any commercial site listed high up on google
0 - Daily Rotten Wierd News....this site is said to be the devil incarnate but they don't pass on pop ups or other trash.
0 - everything else too

[plodr]

Aside from being an ISP, Triton also has Remote Control Software  http://www.nwc.com/609/609rev1.html 
are you sure that your computer manufacturer did not install the software? (I have an HP and BackWeb was installed. That is supposed to help them troubleshoot any computer problems. I immediately got rid of that because if I have to get tech support, I don't want them remotely connecting to my computer).

[bruce bailey]

Run RegCleaner (or similar), go to the sofware folder and delete the suspect files. Then look in the start-up folder and delete the same as you probably have it in there and it is getting installed with each boot-up. This is an easy way to play around with out removing a program that you may need and if you goof up, the file is waiting in the back-up folder for re-installation. You may want to set your internet options > advanced set to "empty temo files when closing" to help (if possible) keep some of this stuff to a minimum.

[bruce bailey]

The message got posted twice and I am trying to delete it, but only an edit box comes up so I am just filling the space here!!!

[Corrine]

Hi, db. If you would like, you could post an Ad-aware logfile as there may be something else buried that I could advise you on. You see, with some of these objects, if you don't remove them as a group or in a particular manner, they will repopulate!

If you wish to post that log, I just ask that you first do a webupdate, followed by a full (custom) scan. Just follow the links provided below and post your logfile in this thread as a reply.

 Webupdate 
 Full (Custom) Scan 
 Post Logfile 
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[db]

Plodr: Some of it does seem to belong there, like an hp printer application.

Bruce: I'll try Rugcleaner next. Besides rugs, does it do windows?

Corrine: Here's the file at the end. About all that it tells me is that i'm too stupid to understand it. The Eudora file is because i'm trying out the Shareware sample version and there's an ad on it. This is not the worst cleanup that ad-aware has done for me after the first one, which was about 60 or 80. There was one time with almost thirty hits. The computer is not running bad at all right now so maybe i should have waited.
Anyway; does this tell you anything?

THANKS EVERYONE!


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, February 28, 2004 10:43:15 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R263 27.02.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


2-28-04 10:43:15 AM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279190407
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294931575
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294902503
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294911991
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:5 [nprotect.exe]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\
ProcessID : 4294914115
Threads : 3
Priority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 11/28/02 6:56:15 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 8/14/02 2:03:00 PM

#:6 [symtray.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294914375
Threads : 1
Priority : Normal
FileSize : 84 KB
FileVersion : 2003.6.49
ProductVersion : 2003.6.49
Copyright : Copyright (c) 1997-2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
OriginalFilename : SymTray.exe
ProductName : Norton SystemWorks
Created on : 8/29/02 8:44:54 AM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 8/29/02 8:44:54 AM

#:7 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294935867
Threads : 3
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 11/7/02 7:32:54 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 11/7/02 7:32:56 PM

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294853671
Threads : 30
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 1/1/80 6:22:00 AM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 8/5/89 4:13:52 AM

#:9 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294899319
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:10 [hpztsb04.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294883171
Threads : 1
Priority : Normal
FileSize : 192 KB
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2001
CompanyName : HP
ProductName : HP DeskJet
Created on : 11/29/03 3:33:49 AM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 11/15/01 5:00:18 PM

#:11 [alunotify.exe]
FilePath : C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\
ProcessID : 4294899563
Threads : 2
Priority : Normal
FileSize : 53 KB
FileVersion : 1.80.19.0
ProductVersion : 1.80.19.0
Copyright : Copyright 1996-2001
CompanyName : Symantec Corporation
FileDescription : Symantec ALUNotify Module
InternalName : Symantec ALUNotify
OriginalFilename : ALUNotify.exe
ProductName : LiveUpdate
Created on : 11/28/02 6:50:52 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 8/7/02 5:04:28 PM

#:12 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294781427
Threads : 2
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:13 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294825503
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:14 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294839771
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:15 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294791391
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1996
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:16 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294607843
Threads : 5
Priority : Realtime
FileSize : 48 KB
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
OriginalFilename : ddhelp.exe
ProductName : Microsoft
Created on : 1/5/90 5:13:57 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:14 AM

#:17 [pstores.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294619259
Threads : 3
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 1/1/01
Last accessed : 2/28/04 8:00:00 AM
Last modified : 1/3/90 6:12:00 AM

#:18 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294647855
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/30/03 8:00:45 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 7/13/03 6:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : default@valueclick[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 5:33:20 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 5:33:22 PM



Tracking Cookie Object recognized!
Type : File
Data : default@doubleclick[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 5:43:10 AM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 5:43:12 AM



Tracking Cookie Object recognized!
Type : File
Data : default@atdmt[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/26/04 10:23:21 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/26/04 10:23:22 PM



Tracking Cookie Object recognized!
Type : File
Data : default@bfast[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 5:11:36 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 5:11:38 PM



Tracking Cookie Object recognized!
Type : File
Data : default@2o7[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/26/04 10:54:07 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/26/04 10:54:08 PM



Tracking Cookie Object recognized!
Type : File
Data : default@mediaplex[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 5:10:35 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 5:10:36 PM



Tracking Cookie Object recognized!
Type : File
Data : default@trafficmp[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/28/04 6:28:53 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/28/04 6:28:54 PM



Tracking Cookie Object recognized!
Type : File
Data : default@advertising[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 8:21:36 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 8:21:38 PM



Tracking Cookie Object recognized!
Type : File
Data : default@tmpad[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/04 8:20:58 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/27/04 8:21:00 PM



Tracking Cookie Object recognized!
Type : File
Data : default@servedby.advertising[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/28/04 6:27:21 PM
Last accessed : 2/28/04 8:00:00 AM
Last modified : 2/28/04 6:27:22 PM



Cydoor Object recognized!
Type : Folder
Object : C:\Program Files\Eudora\App Data\EudPriv\Ads\AdCache



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 11


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 11


11:01:21 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:18:06:650
Objects scanned :123817
Objects identified :11
Objects ignored :0
New objects :11

[canuk]

Hi there db, lets see if I can assist just a little. Can you please go to the link below, it is a KB article from Lavasoft (AdAware) regarding Windows Messenger. Let me know if this is what you are seeing please.

 http://www.lavahelp.com/articles/v6/03/05/0302.html 

Hope that helps, best of luck to you.

[normmork]

hi db

In addition to Canuk's instructions.

You can remove the tracking cookies if you wish. A free program for cookie control is Cookiewall  www.analogx.com 

Please update your reference file to the latest by using the globe icon in AA6.

Run a Full Scan

Post a new reference file

[db]

Canuk; Thankfully, that is not one of the problems (knock on wood). Thats one down....Gracias for the idea to check.
Nomork; I just downloaded the cookie thing to my desktop and will try it. Thank you too.

[canuk]

Ok db, just wanted to eliminate that possibility. So can you please do this. Go to the link below and download HijackThis:

 http://www.sherrylynn.us/HijackThis.exe 

Download then save the file to your desktop and double click on the "HijackThis" icon.
When finished loading click on the "Scan button".
Next click on the "Save Log" button.
Save the log somewhere you will remember and open the log file with notepad.
Then copy the contents and paste them in a reply to be checked.

Please do not fix anything yet with this or any other program as most of what it shows is harmless.

After you have scanned with HJT, please copy and paste the logfile here

Good luck

[db]

Canuk - HijacThis started downloading but wouldn't finish because it said it couldn't find some DLL file. Did i hold my mouth wrong? thanks - d
Normmork - It told me that I downloaded cookiewall but it didn't leave an icon on the system tray like it said it would. I'll look around for it. thanks - d

[normmork]

You are probably missing the runtime files for MS Visual Basic.
You can find them here
 http://support.microsoft.com/default.aspx?scid=kb;EN-US;290887 

[Corrine]

db -- Please go to  http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60  and download msvbvm. This is MS Virtual Basic Virtual Machine. You will then be able to install HJT an post your log here.

(P.S. BTW, this was a group effort, with Normmork, Cannymum and Canuk all tracking down the file you needed. What a team!)
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[normmork]

I agree with Corrine that this was a collaborate effort amoung us all.

If you are using Windows98SE there is a good chance that the missing file error is for this file "msvbvm60.dll" as Corrine mentioned. Since Microsoft Visual Basic runtime needs to be version 6 to run Hijackthis.

If you just install msvbvm60.dll file then it still may not work and you must install it in the correct folder.

The link I previously gave is an Microsoft Exe file that downloads and installs all the files required to run VB 6 runtime on your machine.

You may want to uninstall Cookiewall and try to install it again.

[db]

First; I want to thank everyone for all the help. I am really trying to do what you all are suggesting.
Now; I tried to open the msvbvm60 thing. I tried one link and it did not take, then i tried the other and that one needed winzip. winzip has never worked for me. However; it does waste my time each time i try to use it. I guess that is something.
One thing that i should have mentioned is that i have a Toshiba laptop (2105cds) of the family that was so bad that Toshiba lost a class action suit over it and had to give two seperate refunds. Part of this problem might be because of that. Many things just don't seem to work for me on this computer.

[Corrine]

db, here is a link to Microsoft Support -- you can get an exe file for Visual Basic here, no winzip is needed! (Thanks, Winchester73!)

 http://support.microsoft.com/default.aspx?...bContent=1 
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[db]

First: thanks everybody.

Corrine & Canuk, something worked there this time at the VBRun60 site after i clicked enough links. Then i ran hijack this and saved a log, twice. It won't let me read it after i save it so i coppied it the second time while it was displayed. Here it is:

Parenthetically to Normmork: (after getting VBRun60 loaded i tried to run cookiewall again. It still doesn't have an icon to start it up on the system bar. It won't run from the thinger on the desktop, it just pretends to re-load again and again.)

Logfile of HijackThis v1.97.7
Scan saved at 8:18:54 PM, on 3/3/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EUDORA\EUDORA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =  http://www.dailyrotten.com/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://findloss.com/home.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  http://findloss.com/srchasst.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://findloss.com/home.html 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  http://findloss.com/srchasst.html 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  http://findloss.com/srchasst.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Triton Technologies - Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =  http://findloss.com/srchasst.html 
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -  http://download.macromedia.com/pub/shockwa...wflash.cab 
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -  http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab 
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -  http://v4.windowsupdate.microsoft.com/CAB/...7275925926 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -  http://www.apple.com/qtactivex/qtplugin.cab 
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -  http://a1540.g.akamai.net/7/1540/52/200211...taller.exe 
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -  http://216.249.24.142/code/PWActiveXImgCtl.CAB 
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -  http://security.symantec.com/sscv6/SharedC.../cabsa.cab 

[normmork]

I don't see the causefor your problem in the HJT log. You may want to put the HJT exe in a folder other than deaktop as the HJT backup files will be written to your desktop.

IF you are not using the findloss or daily rotten as a home page or search engine then do the following. Removing the Triton Technologies entry will elminate it in IE's window title only.

Close all open windows, put a check beside the entries below and press fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =  http://www.dailyrotten.com/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://findloss.com/home.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  http://findloss.com/srchasst.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://findloss.com/home.html 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  http://findloss.com/srchasst.html 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  http://findloss.com/srchasst.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Triton Technologies - Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =  http://findloss.com/home.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =  http://findloss.com/srchasst.html 

REBOOT

One entry that is puzzling is
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -  http://216.249.24.142/code/PWActiveXImgCtl.CAB 

[winchester73]

Findloss is CWS-related ... definitely fix those entries.

I don't see a "trigger", so my guess is that stuff is left over from previous cleanings.

That Triton Technologies banner is showing because of this: Window Title = Triton Technologies

Triton is an ISP, and that is their attempt at customizing your Internet experience.
_________________
Speak softly, but carry a Winchester

Member of , the Alliance of Security Analysis Professionals

[normmork]

winchester73 wrote:

Findloss is CWS-related ... definitely fix those entries. I don't see a "trigger", so my guess is that stuff is left over from previous cleanings. That Triton Technologies banner is showing because of this: Window Title = Triton Technologies Triton is an ISP, and that is their attempt at customizing your Internet experience.

Thanks Winchester73 for the iinformation.

CWS = Coolwebsearch, see here for more info  http://www.doxdesk.com/parasite/CoolWebSearch.html