please help me get rid of avast antivirus!!

[bakura_revenge]

hello.

here again with someone else problem.

my friend cannot remove avast since no entry on add and remove program!!

her avg detect some file as virus, but cannot heal. so,she already uninstall the program.

here the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:00:32 AM, on 8/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe

C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com' rel="external nofollow">http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com'>http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe SVICHOSST.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...erInstaller.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...063/mcfscan.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 8636 bytes

thank in advanced for any help!!

[JeanInMontana]

Hello again.

AVG Anti Spyware detected a virus? Or AVG Anti Virus? What did she uninstall? Did she already uninstall Avast and that is why it is not in Add/Remove? You need to tell this user that they have an infection that gathers information and takes control of the system. They need to contact all credit card and banks immediately as their identity could have been stolen. I can't guarantee we can get rid of this. The only way is to reformat. If she decides to go ahead these are the beginning instructions.

[*]Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Next, download SDFix by AndyManchesta:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Save it to the Desktop.

Right click the SDFix.zip folder

Select: Extract All to extract it to its own folder on the Desktop.

~~~~

Now, reboot to Safe Mode :

-Restart your computer.

-When the machine first starts again, tap the F8 key before Windows starts

-You are presented with a Windows XP Advanced Options menu.

-Select the option for Safe Mode using the arrow keys.

-Press Enter to boot into Safe Mode.

~~~~

In Safe Mode, open the SDFix folder on the Desktop, and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy

AVG AntiSpyware

Then go here and run a scan PandaActive Scan

Post the logs from the Panda and AVG scans please, along with a log from HiJack This.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

[bakura_revenge]

sorry for late reply.

about the thing you asked, avg anti virus is the one that detect the virus.....

she said she was not sure if she uninstall avast, but avast is still running (since she not payed the program, the program not function as before)

i've done the step until avg scan report........

i still do not scan the laptop with panda online scan because the laptop seem to run slower than ever!

i immediately uninstall avg anti spyware after use, but i have the report.

here the sdfix log

SDFix: Version 1.99

Run by shindou hikaru on Mon 08/20/2007 at 12:54 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\SHINDO~1\Desktop\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\autorun.ini - Deleted

C:\WINDOWS\system32\setting.ini - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:

[bakura_revenge]

ive stop the avg anti spyware scanning 2 times, cause to slow even to run for itself.

here the latest report.

i told her to delete all the detected file, i dont know if the file is deleted after the report is saved or really no action as below report.... in the end of this post, ill provide you with the other two report....

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 1:54:40 PM 8/21/2007

+ Scan result:

:mozilla.41:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.97:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.13:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.14:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.15:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : No action taken.

:mozilla.133:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.

:mozilla.134:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.

:mozilla.24:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.

:mozilla.35:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.36:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.178:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.60:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.61:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.139:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Information : No action taken.

:mozilla.140:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@auto.search.msn[2].txt -> TrackingCookie.Msn : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.

:mozilla.149:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Netflame : No action taken.

:mozilla.150:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Netflame : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.

:mozilla.114:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Overture : No action taken.

:mozilla.115:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Overture : No action taken.

:mozilla.116:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Overture : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.

:mozilla.19:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.20:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.21:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.22:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.120:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.121:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.132:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Revenue : No action taken.

:mozilla.63:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.

:mozilla.64:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.

:mozilla.157:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@CANWYT9V.txt -> TrackingCookie.Tribalfusion : No action taken.

C:\Documents and Settings\shindou hikaru\Cookies\shindou hikaru@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.200:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.201:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.202:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.203:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.204:C:\Documents and Settings\shindou hikaru\Application Data\Mozilla\Firefox\Profiles\990gmenz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

Report_Scan_20070820_152944.txt

Report_Scan_20070820_153010.txt

Report_Scan_20070821_135440.txt

Report.txt

Report_Scan_20070820_152944.txt

Report_Scan_20070820_153010.txt

Report_Scan_20070821_135440.txt

Report.txt

[JeanInMontana]

You need to do the Panda scan. Shut down all extra programs and un-needed stuff and let the scan run undisturbed. No surfing etc. It should be some better because SDFix got two trojan files. She didn't clean the tracing cookies though when action is taken it shows in the log. Run Panda and post that log and a new HJT.

[bakura_revenge]

it seem like i cannot do the panda scan for her now,

since she move to another department...... (dont know how long)

anyway,

i will send the new log file within a week...

sorry for the inconvenient.

[JeanInMontana]

It doesn't work that way. In a week we will have to start over. Too many changes will have taken place and I will need to see all new logs. I know it's not your fault, but that is just the way these things work. If a user doesn't respond within 5 days I close the thread because all the information is old.

To get the Avast to stop she needs to shut off the service in computer management. Then find the files and reg keys left from the uninstall.

[adchia]

Or to uninstall avast, use this:

http://www.avast.com/eng/avast-uninstall-utility.html

There is information and a download. Avast! offers their own uninstaller that is separate.

[JeanInMontana]

Or to uninstall avast, use this:

http://www.avast.com/eng/avast-uninstall-utility.html

There is information and a download. Avast! offers their own uninstaller that is separate.

Thanks, in the future please do not reply to any posts in this forum unless they are your thread or topic.

[bakura_revenge]

due to lack of her (my friends)response, i suggest that we closed the topic.

Anyway, thanks to Jean and adchia for help.

sorry for the inconvenient

[JeanInMontana]

Ok then thats just what I will do.