1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! I have a virus!!

Discussion in 'Virus & Other Malware Removal' started by Smurfette, Apr 16, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Smurfette

    Smurfette Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    144
    I have a virus that is called adware.look2me. I have ran norton virus umpteen times. It is up to date and newly installed. I have tried everything. I am including my Hijack this log, just in case you need to see it. I have spybot and ad-aware 6.0. It seems people tell me to download that usually, but I already have it.

    Thanks so much for any help you can give, Tammy





    Logfile of HijackThis v1.97.2
    Scan saved at 1:07:56 PM, on 4/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\docume~1\tammyd~1\locals~1\temp\4aOQ.exe
    C:\docume~1\tammyd~1\locals~1\temp\nlK.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\KeyText\KeyText.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\Nmain.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Documents and Settings\Tammy Dunbar\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [4aOQ] C:\docume~1\tammyd~1\locals~1\temp\4aOQ.exe
    O4 - HKLM\..\Run: [nlK] C:\docume~1\tammyd~1\locals~1\temp\nlK.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
    O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Wow! :eek: You do like online games, don't you?

    These two entries don't look like they belong:

    O4 - HKLM\..\Run: [4aOQ] C:\docume~1\tammyd~1\locals~1\temp\4aOQ.exe
    O4 - HKLM\..\Run: [nlK] C:\docume~1\tammyd~1\locals~1\temp\nlK.exe

    Close your browser, check the entries in HJT, click Fix and reboot afterwards.

    After rebooting, find and delete these files:

    C:\docume~1\tammyd~1\locals~1\temp\4aOQ.exe
    C:\docume~1\tammyd~1\locals~1\temp\nlK.exe

    :)
     
  3. Smurfette

    Smurfette Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    144
    TYVM for replying. I will try to do what you said right now. :)

    Thanks, Tammy
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,294
    Tammy, you should also download the latest version of Hijack This which is v1.97.7 before you post another log.

    Cookie
     
  5. Smurfette

    Smurfette Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    144
    Hi, I have done what Buck said to do. Thank you very much for the help. Also, where do you update hijack this at? I tried to do it through mine, but it said internet server is down or internet site is down. I know both to be wrong. I can get on the internet, and I think the site works too. I looked around but didn't see where to update it at.....Also, below is my updated hijack this log.

    Thanks, Tammy


    Logfile of HijackThis v1.97.2
    Scan saved at 12:00:47 AM, on 4/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\KeyText\KeyText.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tammy Dunbar\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
    O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,294
  7. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Thanks CG! (y)

    Smurfette, log looks good, but do download the latest version of HJT and post a current log just to make sure, okay?

    :)
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,294
  9. Smurfette

    Smurfette Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    144
    Ok, I hope I've got it updated. Here is my current Hijack this log. If it is ok, what happens? I still have the virus. :mad:

    Thanks, Tammy



    Logfile of HijackThis v1.97.7
    Scan saved at 9:48:13 AM, on 4/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\KeyText\KeyText.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tammy Dunbar\Local Settings\Temporary Internet Files\Content.IE5\0P6JC1IN\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino03.pogo.com/applet/domino/domino-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://temp92.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://perfectpasser01.pogo.com/applet/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit09.pogo.com/applet/poppit/poppit-ob-assets.cab
    O16 - DPF: Sawgrass Golf by pogo - http://sawgrass.pogo.com/applet/sawgrass/sawgrass-ob-assets.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
    O16 - DPF: Spades by pogo - http://spades03.pogo.com/applet/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://sweet07.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem07.pogo.com/applet/holdem/holdem-ob-assets.cab
    O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://turbo16.pogo.com/applet/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Word Riot by pogo - http://wordriot.pogo.com/applet/wordriot/wordriot-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) - http://66.98.132.156/g_bin_eng/wordssingle_2_0_0_22.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.156/g_bin_eng/mahjong_2_0_0_10.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  10. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  11. Smurfette

    Smurfette Thread Starter

    Joined:
    Aug 2, 2003
    Messages:
    144
    Thanks Buck. Sorry to be a nuisance. I went there and downloaded it and ran my norton anti-virus again and it still shows that I am infected with it. :(

    Thanks, Tammy
     
  12. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  13. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220971

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice