• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Good_Day

CWS infected my machine

174 posts in this topic

I tried to disinfect my pc using all advices, but it doesn't work.

Please help me !

[unsolicited log removed]

Edited by WinHelp2002

Share this post


Link to post
Share on other sites

Hi there,

 

You must start your own thread for assistance, please read the posting guidelines at the top of the page :wave: Please remember that it is best to have your log looked at if you are still having problems :wave:

Share this post


Link to post
Share on other sites

That's good news Carol :cool: I hope it stays that way :wave:

Share this post


Link to post
Share on other sites

It didn't. I did a search and destroy last night, got rid of some ad ware. Everytime I run AVG or Norton they tell me my system is clean.

 

I wake up and get all these "Byte, verify" messages and Norton saying they deleted the Trojans. But my friend said that even if you aren't on the machine and you have cable or DSL, the stuff can multiply why you aren't sleeping.

 

Every morning I wake up, I get these messages from Norton saying they deleted

a "Byte, Verify" Trojan.

 

When I run the virus software it says I'm clean. S&D got rid of all the ads.

 

I knew something was up when my friend had a site on the bloominamazing.com server and I get redirected to a pay for surveys.com page. (Which I found out when I typed in pay for surveys.com in Yahoo that others got that redirect too.)

 

I'll do a HiJack this log....sorry 12g! It didn't stay that way!

 

I'll be back to edit this with my HJ information. *oh and that new HJ this you told me to dl, or someone else to told me to dl the new version, it opens, but says it should be taken out of the temp folder* I did that, but I still get that opening message that it's in the temp folder. Even when I cut and pasted that program directly to C:/

 

START HJ THIS LOG (I still got the error msg. that I started HJThis from the temp folder, I didn't...it's in my C:/ drive)

 

Logfile of HijackThis v1.98.0

Scan saved at 7:32:23 AM, on 10/8/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\MMKeybd.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe

C:\Eudora\eudora.exe

C:\NewHijackThis.exe

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/hushmail/H...ptionEngine.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O20 - AppInit_DLLs:

 

END

 

PS--I also get these media fast click pop ups. Well they aren't pop ups but they show up as browser windows, they can't open, but you have to close them and such.

 

 

That's good news Carol :cool: I hope it stays that way :wave:

79997[/snapback]

Edited by Good_Day

Share this post


Link to post
Share on other sites

12g, are you in the bldg? :)

 

Carol

 

No one answered my post. :(

 

Help you guys.  This is the forum I trust, when my machine acts wonky!

 

Carol

129112[/snapback]

Share this post


Link to post
Share on other sites
12g, are you in the bldg? :)

 

Carol

 

No one answered my post. :(

 

Help you guys.  This is the forum I trust, when my machine acts wonky!

 

Carol

129112[/snapback]

129208[/snapback]

 

 

Hi Carol,

 

It has been a while since you last posted, and because it is a new problem you need to post a log and wait for help from one of the helpers/advisors/experts.

 

Please start a new thread with you log.

Edited by 12g

Share this post


Link to post
Share on other sites

Hi 12g,

 

I did post a new log from yesterday morning...:)

 

But since I did have that problem this morning (but Search and Destroy got rid of it) I'll make a new one. Just in case.:

 

HJTHIS:

 

Logfile of HijackThis v1.98.0

Scan saved at 5:32:41 PM, on 10/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\MMKeybd.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe

C:\Eudora\eudora.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\NewHijackThis.exe

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/hushmail/H...ptionEngine.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O20 - AppInit_DLLs:

 

END HJTHIS LOG

 

It still says it's in the temporary folder (HJThis, even though I moved it to C:/)

Yahoo mail switches me off from time to time too. (but I'm still connected and if I hit the back button or refresh, I get my logon screen back)

And the rest of the problems are on post I typed yesterday.

Edited by Good_Day

Share this post


Link to post
Share on other sites

Ok,

 

Create a folder for HJT, like this C:\HJT\HijackThis.exe

 

You are running 2 Antivirus Programs, this is not a good idea as they will conflict. There is nothing wrong with having 2, just don't run them in tandem.

 

Next:

 

There is nothing suspicious on your log.

 

Fix these if needed,

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present <<Did you set these? if so keep them, if not fix them

 

O20 - AppInit_DLLs:

 

You could also do this for future use, should you need it:

 

Update HijackThis to version 1.98.2

To do that, do this;

• run HijackThis

select config> misc tools and select "update online". then yes.

If that doesn’t work download a new copy Here and then delete your old copy

 

When you have done all that, do out of this, what you have not done already:

 

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
     
    You can find instructions on how to enable and reenable system restore here:
     
    Managing Windows Millenium System Restore
     
    or
     
    Windows XP System Restore Guide
     
    Renable system restore with instructions from tutorial above
     
     
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

      [*]Next press the Apply button and then the OK to exit the Internet Properties page.

      [*]Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

       

      See this link for a listing of some online & their stand-alone antivirus programs:

       

      Virus, Spyware, and Malware Protection and Removal Resources

       

       

      [*]Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

       

       

      [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

       

      For a tutorial on Firewalls and a listing of some available ones see the link below:

       

      Understanding and Using Firewalls

       

       

      [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

       

       

      [*]Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

       

      A tutorial on installing & using this product can be found here:

       

      Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

       

       

      [*]Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

       

      A tutorial on installing & using this product can be found here:

       

      Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

       

       

      [*]Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

       

      A tutorial on installing & using this product can be found here:

       

      Using SpywareBlaster to protect your computer from Spyware and Malware

       

       

      [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

      Follow this list and your potential for being infected again will reduce dramatically.


Share this post


Link to post
Share on other sites

Wow! That's quite a list, 12g!

 

But I can do it. :)

 

It's funny because I have Norton on my desktop. AVG is not active, but every so often it'll pop up and scan. But I can click on the icon that says "shut down AVG control center."

 

I'll report back later on tonight.

 

Every morning, I get those "byte, verify" things that Norton said they deleted.

& why I can't view sites on the bloominamazing.com server (the redirect to payforsurveys.com) is a mystery. but the later, I know happened to others, I just can't find the solution.

 

Oh, and the HJT that I have is the new version from when I had my problem in the summer, you or another person told me to update. :) But I did put that in folder just now and deleted the 19.77 version. :)

 

Thanks. I'll let you know how it goes. :)

 

PS--I don't know if I installed the 06 on the Log. So I'm afraid to delete them.

I deleted the 020...and now I can view those sites on that domain now, without that payforsurveys.com redirect. Now I'm off to do the rest of the list.:)

 

The Internet Options were all set from the last time I had computer problems. I didn't have to change anything.

 

Carol

Edited by Good_Day

Share this post


Link to post
Share on other sites
It's funny because I have Norton on my desktop. AVG is not active, but every so often it'll pop up and scan. But I can click on the icon that says "shut down AVG control center."

 

AVG is running too, you need to shut one of them down.

 

Oh, and the HJT that I have is the new version from when I had my problem in the summer, you or another person told me to update.

 

We are on ver 1.98.2 now :cool:

 

PS--I don't know if I installed the 06 on the Log. So I'm afraid to delete them.

 

These are not installed, they lock Internet Explorer settings, so they are safe to fix.

 

& why I can't view sites on the bloominamazing.com server (the redirect to payforsurveys.com) is a mystery

 

??

Share this post


Link to post
Share on other sites

I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

 

Yeah. I installed 1.98.2 earlier this summer.

 

Thanks. I can fix the 06 ones now.

 

bloominamazing is a free (and terrible) free host like a geocities. I just went to one of the websites I couldn't get on before (after I deleted the 020 or whatever number it was) and the site came up. Before that it would redirect me to payforsurveys.com. I wasn't the only one, I Yahooed a search awhile back,

and found out others had the same problem, but not one of them shared the solution.

 

 

Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

 

Carol

Share this post


Link to post
Share on other sites
I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

You will probably find it will run from startup.

 

Yeah. I installed 1.98.2 earlier this summer.

You need to delete the one you used then, check the log you posted :cool:

 

Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

Yes that will happen, but it will startup again on reboot.

Share this post


Link to post
Share on other sites

Hi 12g,

 

Some goodies before bed. :)

 

Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal. :) I deleted the '77 one befoer I used the 1980 version.

 

Yes, when I restarted the computer, I did see that the AVG control center opened again. I closed it and did a Norton scan. Well, apart from the adware...it says I have in quarantine, something about a class portal, the byte, verify. When I wake up tomorrow--or I should say later on today--there will be a bunch of Norton pop ups telling me that the deleted byte, verify. When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.

 

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.

 

So those are the only problems I have right now.

 

I also did a CWShredder thing just for fun and it said my system was clean.

 

Carol

 

 

 

I shut down the control center on AVG...but if it is on. Without sounding stupid, I don't have the program open on the desktop or anywhere else...so where is it running?

You will probably find it will run from startup.

 

Yeah. I installed 1.98.2 earlier this summer.

You need to delete the one you used then, check the log you posted :cool:

 

Back to AVG--When I closed the control center it is no longer on the quick launch on the task bar. So, I think it's not on.

Yes that will happen, but it will startup again on reboot.

129707[/snapback]

Share this post


Link to post
Share on other sites
Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal.  I deleted the '77 one befoer I used the 1980 version.

 

That version is out of date we are on 1.98.2

 

When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.

 

Is that 1 Antivirus Program telling you to run another??

 

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.

 

There is nothing on your log to suggest problems :cool:

 

It would be a good idea to do this:

 

Update Windows & IE

 

SP2 is available, you may want to get it on CD due to the size of the download.

Share this post


Link to post
Share on other sites

Hi 12g,

 

Yes, Norton tells me to run AVG for windows.

 

This morning there were NO pop ups about the byte, verify.

 

And I know this isn't the place to ask a question unrelated to spyware but

can you logon to http://www.yahoo.com

No one at my regular chat boards will tell me! So, I don't know if it's my system or something on Yahoo's end.

 

I'll do your suggestions.

 

Carol

 

Logfile of HijackThis v1.98.0~I am using the current version. The only old one I had was 1.97.7. or wherever you put the decimal.  I deleted the '77 one befoer I used the 1980 version.

 

That version is out of date we are on 1.98.2

 

When Norton found it in the scan, it told me to run AVG for windows. When I do that, it says my system is clean.

 

Is that 1 Antivirus Program telling you to run another??

 

And I get these media fast click things. You know they are like pop ups but you can't open them, I just click on the mouse and close them. I don't know what they are or where they came from but they are annoying.

 

There is nothing on your log to suggest problems :cool:

 

It would be a good idea to do this:

 

Update Windows & IE

 

SP2 is available, you may want to get it on CD due to the size of the download.

129802[/snapback]

Share this post


Link to post
Share on other sites

Downloaded the 1982 HJT

 

Logfile of HijackThis v1.98.2

Scan saved at 12:41:14 PM, on 10/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\MMKeybd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Eudora\eudora.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\HijackThis19802.exe

 

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\CAS\Application Data\Mozilla\Profiles\default\xvct8rvc.slt\prefs.js)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/hushmail/H...ptionEngine.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

 

 

Carol

Share this post


Link to post
Share on other sites

There is nothing wrong with your yahoo link.

 

Avg is still running on your system, I would suggest you uninstall 1 of the Antivirus programs.

 

Again there is nothing suspicious on your log.

Share this post


Link to post
Share on other sites

Hi 12g,

 

After three hours Yahoo finally started working for me. It must have been a local problem, because I finally had someone else check earlier in the day, and they said it was fine for them.

 

I closed the AVG control center hours ago. How can you tell it is still on?

 

And where can I turn it off? See, I have one on my desktop, but it won't open for me. The AVG that I use is the one on the task bar, but when I close the control center it disappears from the task bar.

 

I'm glad that log is fine. :)

 

And I just deleted one of those media fast click buttons. I have no idea waht they are...okay you know when you have multiple browser windows open, that are numbered? Okay, well it'll show up "media fast clicks"...it doesn't open so you can see what it is, you have to click on it with the mouse and close it. I have no idea what it is, but it is annoying.

 

Thanks,

Carol

 

There is nothing wrong with your yahoo link.

 

Avg is still running on your system, I would suggest you uninstall 1 of the Antivirus programs.

 

Again there is nothing suspicious on your log.

130165[/snapback]

Edited by Good_Day

Share this post


Link to post
Share on other sites

I see the running process of AVG in your log. As I explained before, even if you close it at the control center it will start again on reboot.

 

What you should do is, if your Norton is bang up to date, and keep it up to date! I suggest you go to Add/Remove Programs and uninstall AVG.

Share this post


Link to post
Share on other sites

OH! Okay. I thought you meant something else. I didn't think those virus things were on, until you put them on.

 

Yes, my Norton is up to date. And I do that live update option once a week.

 

I'll remove the AVG, thanks. :)

 

Carol

 

I see the running process of AVG in your log. As I explained before, even if you close it at the control center it will start again on reboot.

 

What you should do is, if your Norton is bang up to date, and keep it up to date!  I suggest you go to Add/Remove Programs and uninstall AVG.

130262[/snapback]

Share this post


Link to post
Share on other sites
You might want to re-think that. AVG plays nice with other AVs even if running as real time scanner. But they can certrainly keep it and run it manually, just disable the real time service.

 

Carol, I have just been advised about the above. If you have already uninstalled AVG, download it again and follow the above.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0