Hello all,
My computer has been acting a little strangely. So I thought I would do the prework and have you guys take a look.
I use a browser from my isp called the verizon yahoo browser, it has a feature known as the start group, which you can set to load web pages on separate tabs when you open the browser. Lately, rather than staying on the first tab, it cycles through them as they load.
Also when I open a stand alone instance of internet explorer, I noticed that the Yahoo toolbar is no longer there (no great loss, but abnormal nonetheless).
I have recently switched from McAfee security suite to ZoneAlarm internet security suite, I don't know if this has anything to do with my problem. A recent scan with the anti spyware scanner in ZoneAlarm turned up something called Win32 Trojan,Spy.Ardamax.b.
Lemme know what you think.

Thanks, cb

Attached Files

	SUPERAntiSpyware Scan Log - 06-22-2007 - 23-33-15.log (561 Bytes, 2 views)
	Report-Scan-20070622-223910.txt (1.2 KB, 3 views)
	hijackthis.log (8.3 KB, 2 views)

Hello.

Please run HijackThis and place a tick by the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Did ZA Anti-Spyware remove the Ardamax keylogger? Try running another scan with it to see if it still detects it.


Other than that, there are no major problems with your logs. I suggest you re-install the browser, and monitor how it goes for a few days. If the problem appears again, post back here, and we'll then deal with it.

Thank you chiaz, I did as you requested for HJT.
It does seem as though the ZoneAlarm spyware scanner removed the Ardamax keylogger, subsequent scan shows nothing.
I will try your suggestion about the browser, and let you know.
BTW, I noticed PCHF is no longer using Spy Sweeper in the prework, is this no longer a recommended program?

Thanks again for your help chiaz, you're the best!

Oh yeah, any theories about the disappearing Yahoo toolbar?

cb

Nice catch there.
SpySweeper remains a recommended product. Just that the security staff feels that the logfile generated from SUPERAntiSpyware would be easier to peruse. This product has also impressed us with its scanning and detecting capabilities.

HijackThis showed that the Yahoo toolbar had file(s) missing, but remain in the registry. Did anyone else use this computer before the toolbar went on a disappearing act?

Nope, I am the only one that uses this pc. Unless my pooches are sneaking into my office while I am at work. Ya just never know, confounded aminals.

Thanks, cb