1. mbam-log-2008-10-12 (09-23-06).txt10/12/2008 9:23:06 AM shows removal of Zlob, Hotbar and other adware and Trojans.
2. mbam-log-2008-10-12 (14-50-54).txt 10/12/2008 2:50:54 PM shows the same removal of Hotbar, adware and other Trojabs, but no section for Zlob.
It appears you may have posted the same log twice, leaving the 'Zlob' section off the second log.
3. You ran the first HijackThis in Safe mode Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:14, on 10/12/2008.
4. You posted the same HijackThis log again Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:14, on 10/12/2008
When we tell you to check specific items in a HijackThis log, following though with a reboot after all has been done and tell you to scan with HijackThis again and post the log, that does NOT mean copy the previous log. The only way we can see if the removals have worked is by viewing the subsequent log.
Please see Part 5 here:
https://www.techspot.com/vb/post645589-1.html For SuperAntispyware. Attach the log.
Make these changes if still on the log, run SuperAntispware, THEN HijackThis again and post both logs. No need to do Mbam again:
Please reopen HijackThis and scan. Put a check next to the following processes:
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - (no file)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Unknown owner - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe (file missing)
NOTE: The entry for 'monln.dll is for the Comodo AntiVirus. You are running AVG v8 which has AV+AntiSpyware. You should only run one AV program. The last entry for 'dikage' is from Zlob Trojan that infects you with the VirusHeat rogue anti-spyware program.
I am breaking the following entries out separately. All of these processes for the two programs shouldn't run from startup. If you don't want either program, check ALL the entries in each group:
For RoboForms:
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
NOTE: If you decide to keep RoboForm and start it Manually when you need it, remove all the entries above. When you boot into Safe Mode below, open the Roboform program and disable any of it's startups.
For iespell:
O8 -
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
When through close all windows other than HiJackThis, then click
Fix Checked. Close HiJackThis and reboot into Safe Mode:
Go to Start> Run> tyoe in 'msocnfig' without quotes> enter> Selective Startup> Startuo tab> UNCHECK everything except the AVG processes> Apply> OK
Control Panel> Add/Remove Programs> Uninstall iespell and RoboForm if you don't use them. Uninstall Comodo Security suite. Look for any other programs that are unused and uninstall them.
Start> Run> type in 'services.msc' without quotes> enter> look for Comodo Anti-Virus and Anti-Spyware Service> right click> Properties> change Startup type to Disabled> Apply> OK
Remove
ALL from Trusted Zone- leave the in the internet zone- it's safer:
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: .att.net[/url]
O15 - Trusted Zone:
http://www.mycoupons.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: .sbcglobal.net[/url]
Reboot into Normal Mode> You will get a nag message that you can ofnore after checking 'don't show this message again'. Stay in Selective Startup.
Scan with HijackThis again and post a NEW log. Include the log from SuperAntispyware.
If you neeed a spell checker for the internet, I suggest the Google Toolbar. You don't have to enable all the available options, but it has a good spell checker and pop-up blocker:
http://www.download.com/Google-Toolbar-for-IE/3000-12777_4-10056938.html
Use this version as v5 is a beta version- still testing. We can add jut the Comodo firewall to our system if wanted.