donnakin Posted August 12, 2007 ID:7552 Share Posted August 12, 2007 I am trying to fix my advertec laptop and it i know i got some issues with it bad. I cannot surf IE at all . Here is my highjackthis log. I am on my desktop until i can get my laptop to work correctly. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:56:01 PM, on 8/12/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\keyhook.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Admilli Service\AdmilliServ.exeC:\temp\salm.exeC:\Program Files\Internet Optimizer\optimize.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeC:\Program Files\Admilli Service\AdmilliKeep.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Ynfxnph\Qfrv.exeC:\Program Files\Apoint2K\Apntex.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Internet Optimizer\actalert.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exeC:\Program Files\Internet Optimizer\actalert.exeC:\Program Files\Messenger\MSMSGS.EXEC:\PROGRA~1\COMMON~1\irwz\irwzm.exeC:\Program Files\Common Files\Motive\BellSouthBrowser.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\system32\sistray.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\gearsec.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\msiexec.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exeO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exeO4 - HKLM\..\Run: [salm] c:\temp\salm.exeO4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"O4 - HKLM\..\Run: [pyx] C:\WINDOWS\pyx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostartO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bmeuzpb] C:\Program Files\Ynfxnph\Qfrv.exeO4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hiddenO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\RunOnce: [AOLDeskbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Deskbar"O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - HKCU\..\Run: [irwz] C:\PROGRA~1\COMMON~1\irwz\irwzm.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRfox000O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Download...Bridge-c139.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe--End of file - 9339 bytesalso i just downloaded avast antivirus and have it running now to see what is says also. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7561 Share Posted August 13, 2007 Hi donnakin and welcome to Malwarebytes. You need to install Windows Update Service Pack 1 http://www.theeldergeek.com/service_pack_1.htm before we go any further. Without it you are wide open to being reinfected again and again. There is another service pack also, but your infected and it shouldn't be installed until your clean. Also uninstall the MyWebSearch toolbar and you should have better luck getting IE to work. If you connect to the net via dial up don't leave your laptop plugged into the modem while unattended.After you have run Avast and installed Service Pack 1 follow these instructions:Install the following programs, update and run a full scan, remove everything found and be sure to run them in the order they are listed please.CCleanerSpybot Search & Destroy Be sure to use the immunize feature on this program also.AVG AntiSpywareThen go here and run a scan PandaActive ScanPost the logs from the Panda and AVG scans please and a new HiJack This log. The logs from AVG and Panda will probably be fairly long and you may need two posts, that's fine do what ever it takes. You will finish the AVG first so go ahead and post that log, then move on to Panda scan. Once you have posted the logs I will analyze them and give further instructions. To be clear you will post an AVG log, a Panda log and a HJT log in that order. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7564 Share Posted August 13, 2007 ok let me do these things and i will post what i found out. the software i have is advast and superadware but i will do what you suggested and then post back thanks alot for looking at this I am going to post the superspyware log and let you look at it until i return with the rest of the stuff i am to do.SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 08/12/2007 at 07:37 PMApplication Version : 3.9.1008Core Rules Database Version : 3259Trace Rules Database Version: 1270Scan type : Quick ScanTotal Scan Time : 00:15:57Memory items scanned : 472Memory threats detected : 5Registry items scanned : 646Registry threats detected : 139File items scanned : 8010File threats detected : 16Admilli Components C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXEAdware.Avenue Media/Internet Optimizer C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID HKCR\DyFuCA_BH.BHObj HKCR\DyFuCA_BH.BHObj\CLSID HKCR\DyFuCA_BH.BHObj\CurVer HKCR\DyFuCA_BH.BHObj.1 HKCR\DyFuCA_BH.BHObj.1\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Avenue Media HKLM\Software\Avenue Media HKLM\Software\Avenue Media\Internet Optimizer HKLM\Software\Avenue Media\Internet Optimizer#TargetDir HKLM\Software\Avenue Media\Internet Optimizer#CLS HKLM\Software\Avenue Media\Internet Optimizer#RID HKLM\Software\Avenue Media\Internet Optimizer#Version HKLM\Software\Avenue Media\Internet Optimizer#TAC HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval HKLM\Software\Avenue Media\Internet Optimizer#ID HKLM\Software\Avenue Media\Internet Optimizer#InstallT HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT] HKLM\Software\Avenue Media\Internet Optimizer#Conn HKLM\Software\Avenue Media\Internet Optimizer#403 HKLM\Software\Avenue Media\Internet Optimizer#404 HKLM\Software\Avenue Media\Internet Optimizer#410 HKLM\Software\Avenue Media\Internet Optimizer#500 HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval HKLM\Software\Avenue Media\Internet Optimizer\Active Alert HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1 HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version HKLM\Software\Avenue Media\Internet Optimizer\anything HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1 HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#DiffAll HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#TimeStamp HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#Version HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1 HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version HKLM\Software\Avenue Media\Internet Optimizer\WSE HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1443 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1442 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1440 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19988 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19992 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1547 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19981 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20492 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21913 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1437 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI17492 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18293 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI954 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22802 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19994 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19967 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16707 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1466 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20079 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI683 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16458 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI837 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507914 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2481 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19991 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534481 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534473 HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI509469 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5 HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#RawData HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Data HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#DiffAll HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#TimeStamp HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Version HKU\S-1-5-21-1031426968-1432030786-571071867-1007\SOFTWARE\Policies\Avenue Media HKLM\SOFTWARE\Policies\Avenue Media HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32 HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib#Version HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\win32 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\Program Files\Internet Optimizer\trz237.tmp C:\Program Files\Internet Optimizer\trz238.tmp C:\Program Files\Internet Optimizer\update C:\Program Files\Internet Optimizer HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} C:\WINDOWS\Prefetch\ACTALERT.EXE-0F7D82FB.pfAdware.MyWebSearch C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXEAdware.Tracking Cookie C:\Documents and Settings\Donna Carver\cookies\donna carver@ad.yieldmanager[1].txt C:\Documents and Settings\Donna Carver\cookies\donna carver@mywebsearch[2].txtBHObj Class BHO HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgIDTrojan.Search Variant HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32 HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32#ThreadingModel HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\ProgID HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\Programmable HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\TypeLib HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\VersionIndependentProgIDAdware.TargetSavers HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallStringAdware.180solutions/Search Assistant C:\TEMP\TRZ250.TMP C:\TEMP\TRZ251.TMP C:\WINDOWS\TEMP\_AVAST4_\UNP197998163.TMP C:\WINDOWS\TEMP\_AVAST4_\UNP209607335.TMP Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7565 Share Posted August 13, 2007 You have Avast not advast and you said you were scanning with it did it find things? Did you remove them? You posted a log from SuperAntiSpyware, did you have it remove the malware it found? I have no idea what superadaware is. Please use the correct names for programs because many are malware themselves. If your using some of the malware we need to remove. Follow the instructions carefully and in the order posted, and post the logs I asked for. It will take a while, be patient and persistent. We can beat this stuff. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7568 Share Posted August 13, 2007 I did have the superantispyware remove what is found. The avast I had on the computer. And everything it found i put in quentine. I am performing everything that you ask for now. I am starting the ccleaner now. I will be patienced as I know it will take time. I will post what i have found with the things you suggested. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7572 Share Posted August 13, 2007 Sounds good. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7585 Share Posted August 13, 2007 ok got my updates done and here is the avg scan that i got. I will start the panda scan now and post it when i get it :---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 8:45:07 AM 8/13/2007 + Scan result: HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Ignored.HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Ignored.HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Ignored.HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Ignored.HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Ignored.HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Ignored.::Report end Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7595 Share Posted August 13, 2007 You did not remove the items. They all say ignored. You must remove them. They are for the most part tool bars, you can remove them by going to Add/Remove and looking for the toolbar name. Disable in the Tools and Tool bars for IE. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7603 Share Posted August 13, 2007 ok I will do that. I did the panda scan 1st time it hanged up but it was showing 3 hackers and rootkits don't remember what they were. My computer froze then i had to shut it down the hard way to get out of it. Ran it again a few minutes ago and it shows nothing. So i am going to fix the stuff i have to remove then post my highjack log. Least I can use the IE now. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7604 Share Posted August 13, 2007 Remove what AVG found and try Panda again. Do your best to get the names of the files it is finding. If indeed you do have rootkits, it may be the best thing to reformat the machine because I can't guarantee we can remove them completely. You need to contact any banking sites etc that you have exchanged sensitive data with and alert them to the possibility of identity theft and change all passwords. DO NOT log on to those sites with this machine under any circumstances. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7605 Share Posted August 13, 2007 ok here is the scan again only one could not be deleted.---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 3:29:27 PM 8/13/2007 + Scan result: HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned.HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned.HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned.HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Error during cleaning.HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Cleaned.HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned.HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned.:mozilla.6:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.7:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Donna Carver\cookies\donna carver@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.:mozilla.16:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.17:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.18:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.19:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.15:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.:mozilla.20:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.21:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.22:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.23:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.24:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.25:C:\Documents and Settings\Donna Carver\Application Data\Mozilla\Firefox\Profiles\9pctfuzu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.::Report endhere is the hijackthis log also:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:32:26 PM, on 8/13/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\gearsec.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\keyhook.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Messenger\MSMSGS.EXEC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\system32\sistray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exeO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostartO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hiddenO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTOO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRfox000O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187006138543O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187006125084O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe--End of file - 9225 bytes Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7606 Share Posted August 13, 2007 I have not used this computer for a long time and hardly use it but i will do as you say. I will rerun panda again and post what it finds. Thanks for the help. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7607 Share Posted August 13, 2007 here is the highjack log. I am in the process of trying panda again, but it looks like it is sitting still with scanning process in memory and i don't know if it is going to work again. but i do know it quit on me yesturday when i scanned it with the laptop. But i will see what is says. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 13, 2007 ID:7608 Share Posted August 13, 2007 Let's hope it does. Link to post Share on other sites More sharing options...
donnakin Posted August 13, 2007 Author ID:7614 Share Posted August 13, 2007 ok finally got a panda scan could not do it online had to download a trial version of panda 2008 but here it is anyway.Panda Antivirus 2008 incident reportEVENT DATE RESULTS ADDITIONAL INFORMATION ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Scan completed 08/13/07 17:06:20 Scan: All My Computer Tracking program detected: Application/MyWebSearch 08/13/07 16:48:17 Eliminated Location: C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Adware detected: Adware/Sqwire 08/13/07 16:36:45 Eliminated Location: C:\Program Files\Common Files\irwz\irwzd\irwzc.dll Tracking program detected: Application/MyWebSearch 08/13/07 16:35:39 Eliminated Location: C:\Documents and Settings\Donna Carver\Desktop\PopularScreenSaversFFSetup2.0.4.0.exe Scan started 08/13/07 16:29:33 Scan: All My Computer Scan completed 08/13/07 16:26:03 Scan: All My Computer Scan started 08/13/07 16:25:51 Scan: All My Computer Tracking program detected: application/mywebsearch 08/13/07 16:25:35 Eliminated Location: hkey_classes_root\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} Adware detected: adware/searchrelevancy 08/13/07 16:25:22 Eliminated Location: c:\program files\searchrelevancy Adware detected: adware/wupd 08/13/07 16:25:22 Eliminated Location: c:\program files\admilli service Adware detected: adware/ncase 08/13/07 16:25:19 Eliminated Location: c:\temp\salmau_update.dat Adware detected: adware/sahagent 08/13/07 16:25:19 Eliminated Location: c:\windows\downloaded program files\bunsetup.cab Update 08/13/07 16:24:48 OK Threat signatures Update 08/13/07 16:24:41 OK New threat signatures: 9718 here is a highjackthis log after i ran panda Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:24:46 PM, on 8/13/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\gearsec.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\keyhook.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Messenger\MSMSGS.EXEC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\sistray.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeC:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AvltMain.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exeO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostartO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hiddenO4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exeO4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\DONNAC~1\LOCALS~1\Temp\{07F86772-2DEF-4DB9-9AEC-E36B0C6A4F85}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTOO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRfox000O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187006138543O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187006125084O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe--End of file - 9408 byteslet me know what i need to do next. thanks Link to post Share on other sites More sharing options...
JeanInMontana Posted August 14, 2007 ID:7620 Share Posted August 14, 2007 OK, run HJT again and put a check next to these items:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)Click fix and close HJT.Now go to Add/Remove programs and uninstall your Java, also delete the program file. It's an outdated and a security risk. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.If you have no further symptoms we are probably done. If you still have symptoms let me know what they are please. Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsFor an excellent list of reliable free firewalls and antivirus programs see here . If you think you're infection free, go get Service Pack 2 from windows updates tomorrow. It's the monthly "Patch Tuesday". I also don't see a firewall you have to have a firewall. There is one in SP2 but it is not sufficient. Turn it off and get one that monitors traffic both ways. ZoneAlarm, Comodo, are both good with free versions. Check out the link above. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 15, 2007 ID:7680 Share Posted August 15, 2007 Since the issues in this topic appear to be resolved I will close the thread. If you need further assistance just PM me and I will re-open the thread.The advice in this thread is specific to this machine. Using any instructions from here on your machine can cause complete ruination. Start your own thread and get help for your system. Link to post Share on other sites More sharing options...
Recommended Posts