Jump to content

Barbara S

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Indiana
  1. Hi, Jean; Here is the HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:24:02 PM, on 7/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\SYSTEM32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe F:\WINDOWS\stsystra.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE F:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe F:\WINDOWS\system32\ctfmon.exe C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nickjr.com/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - Unknown owner - F:\WINDOWS\System32\GEARSec.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9075 bytes I removed Panda and installed the AVG program, but haven't been able to find a way to remove Symantec (not listed in the add/remove programs list and no uninstall files in the Symantec folder). I disabled Symantec and thought I had removed it when I installed Panda, but obviously not. I had to reboot the computer to get back on the internet, since every time I turn off and on my modem, my computer refuses to go back online, so I missed your message to give you the AVG log as I'd turned off the modem while it was scanning. I went into AVG and pulled up the test results, which stated the following: AVG Test Result - General Properties -- Report name: Complete test -- Start time: 7/29/2007 7:44:46 PM -- End time: 7/29/2007 10:04:44 PM (total: 2:19:56.8 hrs) -- Launch method: Scanning launched manually -- Scanning result: no threats found -- Report status: scanning completed successfully - Object Summary -- Scanned: 360261 -- Threats found: 0 -- Cleaned: 0 -- Moved to vault: 0 -- Deleted: 0 -- Errors: 0 I've also run RogueRemover, and the results said, "RogueRemover did not detect any items". I've also run AVG Anti-Spyware, and these were the results (I had it delete everything it found): --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:06:00 PM 7/29/2007 + Scan result: :mozilla.548:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.748:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.781:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.782:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.378:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.379:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.380:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.545:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Cnn : Cleaned. :mozilla.669:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.670:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.671:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.672:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.673:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.570:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.571:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.572:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.502:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.909:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.910:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.197:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.470:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.471:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.879:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.880:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.156:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.473:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.475:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.477:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.478:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.479:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.480:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.481:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.482:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. F:\Documents and Settings\AYHM\Cookies\ayhm@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.486:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.487:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.327:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.328:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.329:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.330:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.331:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.454:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.459:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.461:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.462:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.6:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.825:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.826:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.827:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.828:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.855:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.47:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.48:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.49:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.50:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.51:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.52:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.53:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.54:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.55:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.56:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.57:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.58:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.59:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.60:F:\Documents and Settings\AYHM\Application Data\Mozilla\Firefox\Profiles\jbvz3buw.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned. ::Report end Sorry for the incredibly long post, but I wanted to update you on all the actions I've taken so far. Barbara
  2. Hi, Jean; The AVG is still running the scan, so I will get the HJT log to you ASAP. The addresses I see most frequently are http://avsystemcare.com, http://login.tracking101.com, http://ad2profit.com/, http://publishers.xy7.com, www.wixawin.com, http://passion.com, and http://em.pc-on-internet.com. As soon as AVG finishes, I'll run RogueRemover as well. Barbara
  3. Hello, Jean; Thank you so much for the help and advice. I really appreciate it. Here is the SDFix log. I'll post the new HJT log as soon as AVG is finished. As far as changes go -- I'm still getting pop-ups, but have installed "ad-block" and "no script" since I use Firefox, and although they haven't stopped the pop-ups, it's made a difference in that I've been able to block reoccurring addresses, etc. SDFix: SDFix: Version 1.94 Run by AYHM on Sun 07/29/2007 at 06:12 PM Microsoft Windows XP [Version 5.1.2600] Running From: F:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: F:\WINDOWS No streams found. F:\WINDOWS\system32 No streams found. F:\WINDOWS\system32\svchost.exe No streams found. F:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\InternetCalls.com\\InternetCalls\\internetcalls.exe"="C:\\Program Files\\InternetCalls.com\\InternetCalls\\internetcalls.exe:*:Enabled:InternetCalls" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files: --------------- Files with Hidden Attributes: F:\Documents and Settings\AYHM\Desktop\icon\TextbookX.com shipment information for order [843111]\Thumbs.db F:\Program Files\Shockwave.com\Thumbs.db F:\IUPUI Online\Office XP Professional\MSDE2000\SQLRESLD.DLL F:\i386\KGyGaAvL.sys F:\WINDOWS\system32\C54E35E495.sys F:\WINDOWS\system32\KGyGaAvL.sys F:\Documents and Settings\AandA\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp F:\Documents and Settings\AandA\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp F:\Documents and Settings\AandA\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp F:\Documents and Settings\AandA\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp Finished Once again, thanks so much. I'd be lost otherwise! Barbara
  4. Hello; I am in serious need of help. I have tried to remove this trojan on my own but have completely failed at it. Here is my HijackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:24:06 AM, on 7/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe f:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe f:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE F:\WINDOWS\system32\svchost.exe f:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe f:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe f:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe f:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe f:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE f:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe F:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe F:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE F:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe F:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe f:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE f:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe f:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe F:\Program Files\Mozilla Thunderbird\thunderbird.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\WINDOWS\system32\javaw.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE f:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe f:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nickjr.com/ F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [APVXDWIN] "f:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "f:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - Unknown owner - F:\WINDOWS\System32\GEARSec.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Panda Software Controller - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - f:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - f:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- End of file - 10573 bytes Thanks, much appreciated. Barbara
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.