Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: "Insecure Internet Activity: Threat of Virus Attack"?? HJT log included

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default "Insecure Internet Activity: Threat of Virus Attack"?? HJT log included

    On Saturday, my IE suddenly froze and then closed, but then restarted but instead of my homepage normally coming up, I had this screen that said "Insecure Internet Activity: Threat of Virus Attack" and it was telling me I should register my antivirus software, etc, to be safe. So I went to that link that was provided on there (can't remember the name of the software though), and in a panic, I clicked to try to fix it. But my IE kept closing down, and everytime I tried to open it up, I'd get that same Insecure Activity page. So I did a system restore to the last restore point, and that seemed to solve the problem. However, I am very paranoid that this thing could still be on my computer hidden in the background, with keyloggers, spyware, etc. So if anyone here can help me to determine if my computer is ok, I would really appreciate it. Thanks.

    I am using AVG Antivirus, and Windows Vista. AVG hasn't found anything.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:36:20 PM, on 12/9/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16757)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Laurie\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...PUplden-us.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10513 bytes

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    I'm not seeing anything in the HJT log, let start the investigation like this.

    1) Download Malwarebytes' Anti-Malware to your Desktop
    http://www.besttechie.net/mbam/mbam-setup.exe <<< here

    http://www.malwarebytes.org/

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    * Please post contents of that file & a new HJT log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Tutorial if needed:
    http://www.techsupportteam.org/forum...ware-mbam.html

    2) Post an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default

    Thanks for helping me out! Ok, I did the things that you asked, and I'm posting the three requested lists below. Malwarebyte's Anti-Malware didn't find anything though. I really hope we can get this resolved.

    Malwarebyte log:
    Malwarebytes' Anti-Malware 1.31
    Database version: 1500
    Windows 6.0.6000

    12/14/2008 3:58:42 PM
    mbam-log-2008-12-14 (15-58-42).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 110302
    Time elapsed: 42 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    New HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:00:41 PM, on 12/14/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16764)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Laurie\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...PUplden-us.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10370 bytes



    HJT Uninstall List:

    Acer Arcade Deluxe
    Acer Assist
    Acer Crystal Eye webcam
    Acer Crystal Eye Webcam Video Class Camera
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Acer Tour
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.3
    Adobe Shockwave Player
    AIM 6
    ALPS Touch Pad Driver
    AppCore
    AV
    AVG Free 8.0
    Big Kahuna Reef 2
    Cake Mania
    ccCommon
    Dynasty
    Galapago
    HDAUDIO Soft Data Fax Modem with SmartCP
    HijackThis 2.0.2
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Launch Manager
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Luxor 2
    Malwarebytes' Anti-Malware
    Microsoft Visual C++ 2005 Redistributable
    MSRedist
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    Mystery Case Files - Prime Suspects
    Mystery Case Files Ravenhearst
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    NVIDIA Drivers
    PowerProducer 3.72
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    SPBBC 32bit
    Star Defender 3
    Treasures of the Deep
    Viewpoint Media Player
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Yahoo! Toolbar
    Zuma Deluxe

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

    Hackers are using out of date programs to infect folks more and more,
    Here is a small free tool that lets you know when something needs an update if you are interested:
    http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

    Adobe Reader 8.1.3 <<< out of date and unsafe, see this:
    http://news.cnet.com/8301-1009_3-100...ml?tag=nl.e433
    http://www.filehippo.com/download_adobe_reader/
    (if you want a smaller program, look at this one)
    Foxit Reader 2.3 for Windows
    http://www.foxitsoftware.com/pdf/rd_intro.php

    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

    Old versions that can be exploited, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    Be aware of this information so you can opt out of anything you do not want.
    Microsoft Does MSN Toolbar Distribution Deal With Java:
    http://searchengineland.com/microsof...java-15413.php

    Viewpoint Media Player
    For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
    http://www.spywareinfo.com/newslette....php#viewpoint
    http://www.clickz.com/news/article.php/3561546

    C:\Users\Laurie\Desktop\HiJackThis.exe <<< located unsafely, appears the directions were not read, follow these directions:
    Download Trend Micro Hijack This™ to your Desktop
    http://download.bleepingcomputer.com...HJTInstall.exe
    Doubleclick the HJTInstall.exe to start it.
    By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
    HijackThis will open after install. Press the Scan button below.
    This will start the scan and open a log. <<< close HJT until I ask for a log.

    This is out next problem:
    You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
    http://service1.symantec.com/SUPPORT...00031316555206
    "Microsoft recommends that you have only one anti-virus program installed on your computer."
    http://www.washingtonpost.com/wp-dyn...120300087.html
    http://www.smartcomputing.com/editor...8s07/38s07.asp

    Look at the uninstall list, Norton AntiVirus, Norton Internet Security/Symantec is all over, also running in the HJT log along with AVG Free 8.0. Please decide what antivirus program you wish to run and uninstall the other one. Once that is done, post a new HJT log, describe any malware issues at that point.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default

    Ah, yeah, the Adobe Reader issue makes a lot of sense now! The night that I started having that "Insecure Internet Activity" issue and things started getting a bit funky with my computer, such as Norton not opening up--right before IE froze on me and all that happened, I noticed in my IE status bar that it was downloading some pdf. I had also had some issues with Adobe error windows and IE closing down in the recent past.

    I've done the things that you suggested:

    --I downloaded Adobe Reader 9.

    --I removed Java Updates 3, 5, and 7.

    --For some reason when I first downloaded HJT the first time, it didn't automatically install into my Program Files, but this time, it did...strange. It should be ok now.

    --I had to use the help of the Norton Removal Tool from their website to uninstall Norton. It's gone now.

    --I removed Viewpoint Media Player.


    I believe that was everything that you asked for--let me know if I missed anything. Since you were not seeing anything in my log, and the Malwarebyte didn't catch anything, I am wondering what could be going on, since Norton still wasn't opening up. Could there still be a virus on my computer somewhere in the background?

    Lastly, here's my new HJT log. Thanks again very much for working with me on this!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:07:54 PM, on 12/14/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16764)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...PUplden-us.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8022 bytes

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Code:
    I am wondering what could be going on, since Norton still wasn't opening up. Could there still be a virus on my computer somewhere in the background?
    It could be Norton was corrupted, you keep an eye open for anything tangible to tell me, watch for any error messages as we proceed with some cleaning.

    I do not own Vista, but this information may help you:
    http://windowshelp.microsoft.com/win...9156A1033.mspx

    1) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    2) Run DISK CLEANUP: ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > DISK CLEANUP

    3) I will post this tutorial for you if you can use it.
    How to Install Free version AVG 8.0 without LinkScanner feature
    http://russelltexas.com/tutorials/avg8install.htm

    4) Let's have AVG 8 take a look like this:
    *Right click the icon for AVG in System Tray and choose Open AVG User Interface.

    *Click on Update now, allow AVG to download and install any new updates.

    * Click on Computer Scanner then choose "Scan whole computer", this takes a round one hour on the computer I am using now.

    * Near the bottom above the words "The scan is complete" choose "Export overview to file"

    * Choose Desktop and give it a name you will recognize like AVG Scan Results, then choose SAVE.

    * Close results and close the Interface.

    * Copy and paste the contents of that file to this topic unless it is clean.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default

    Hmm. Norton seemed to be working ok before the incident though. But is it possible for a system restore to remove a virus? Because when I did that, the "Insecure Internet Activity" window stopped coming up. But Norton quit working.

    I clicked and fixed all those line items that you said to click. But the SearchAssistant and CustomizeSearch items are still there when I run a new scan. The other two seem to be gone, though.

    Here is my log from the AVG Scan. These are the warnings that I always get, but for some reason, I can't force removal.

    "Scan ""Scan whole computer"" was finished."
    "Infections found:";"0"
    "Infected objects removed or healed:";"0"
    "Not removed or healed:";"0"
    "Spyware found:";"0"
    "Spyware removed:";"0"
    "Not removed:";"0"
    "Warnings count:";"131"
    "Information count:";"0"
    "Scan started:";"Sunday, December 14, 2008, 9:12:00 PM"
    "Scan finished:";"Sunday, December 14, 2008, 9:50:01 PM (38 minute(s) 1 second(s))"
    "Total object scanned:";"885139"
    "User who launched the scan:";"Laurie"

    "Warnings"
    "File";"Infection";"Result"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.f31be13a";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.bb8bcae";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.1635d65f";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.a3218a37";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
    "C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.61b5dd52";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.837115b5";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@m.webtrends[2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@media.adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@realmedia[1].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
    "C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"

  8. #8
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    But is it possible for a system restore to remove a virus?
    When you have looked at as many infected computers as I have, you begin to believe anything is possible. Hackers follow no rules and the malware could have corrupted Norton files, that is the first program they try to disable. The System Restore to a clean restore point could very well have removed the infection. I am not 100% sure of how System Restore works on this operating system, here is information:
    Windows Vista System Restore Guide
    http://www.bleepingcomputer.com/tuto...torial143.html
    These are the warnings that I always get, but for some reason, I can't force removal
    What does that mean? Are you talking about the items in Add Remove program? It is likely malware programs removed the stuff and just the entry in Add Remove is all that remains. I suggest you use Search Companion (or the Vista version of it) to search for the programs and if SC can't locate them, don't concern yourself.

    I hope you had AVG delete or quarantine all of those junk cookies? Here is information to help you control cookies:
    http://www.mvps.org/winhelp2002/cookies.htm
    http://www.microsoft.com/windows/ie/...cy/config.mspx

    If there is nothing else, here is some good information:

    (all information will not apply to Vista)
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

    http://users.telenet.be/bluepatchy/m...oes/Links.html
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #9
    Junior Member
    Join Date
    Dec 2008
    Posts
    8

    Default

    I understand about Norton now--thanks!

    Thanks for all of that information--I will look through it later when I get home. The links about the cookies look quite helpful.

    As for the AVG warnings about the tracking cookies--what I meant was, when I tried to have AVG delete them, it froze up my computer. And I tried looking for this stuff manually when I allowed it to show hidden files, but couldn't find it. Deleting files and cookies via IE doesn't help either...these 100+ cookies in that AppData folder are always found whenever AVG runs a scan. Are cookies even supposed to be stored in that location?

    Is there anything else that I can do to try to ensure that there's not a virus hidden on my computer from the incident?

  10. #10
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Open that folder and delete the cookies manually, I have do idea why AVG is not removing them? I know with Vista, tools must be run as administrator.
    C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\ <<< that folder, delete the contents, not the folder.

    I can post additional scan if you want:

    Run this online scan using Internet Explorer:
    Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

    Next Click on Launch Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    * Standard
    * Scan Options:
    * Scan Archives
    * Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    * Select My Computer
    * This will program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
    * Save the file to your desktop.

    Then post it here.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •