Unsolved
This post is more than 5 years old
4 Posts
0
1174
Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack
This is my first post here so I hope that I'm in the right place...
I've been hit with some malware recently and am trying to make sure that I removed it all... Norton 360, Malwarebytes, Spybot, & Ad-Aware are now producing clean scans again, but It was recommended that I try Hijack This also. However, I lack the level of knowledge needed when it comes to normal processes vs. what shouldn't be there, so can someone please assist me by checking my Hijack This log and advising me on what should not be present? TIA if you can help. :)
I'm running a Dell XPS... I guess you'd call it a first generation XPS.
I guess that I should post the results, so here goes:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:13 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bussecompanystore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.000001da&d=00000082.000000e6.0000026f
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189139610125
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9608 bytes
Thank you,
JA Churchman :)
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
January 17th, 2010 13:00
Hi JA Churchman,
HijackThis does not show everything, especially lately with so much malware that likes to hide. What type of malware did you have? Even though the scans are coming up clean, are you having any lingering symptoms of the malware?
Let's run a scan with a more comprehensive tool.
First, please disable TeaTimer:
Go to Start>Run. Type Msconfig > OK. On the next window that opens > Startup tab UNcheck the entry for TeaTimer until this is over...
1. Open Spybot
2. Click Mode > Advanced Mode
3. Click Yes
4. Click Tools (located in the bottom left corner) > Resident
5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active'
6. Then close Spybot.
Reboot.
Verify that TeaTimer is not running. You can enable it again after we have confirmed that we are finished cleaning.
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
January 17th, 2010 15:00
Your log looks good.
Your Java update 17 is one version out of date. You might as well update that.
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it:
* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
* Click Ok and reboot your computer.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.
The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:
1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.
2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/
4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php
6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
There is a Web Of Trust version for Firefox as well.
8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates
9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
JAC27
4 Posts
0
January 17th, 2010 15:00
Hi again,
Here's the 2 DDS files below.
(DDS_Text)
DDS (Ver_09-12-01.01) - NTFSx86
Run by Jaxx at 18:20:50.18 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1384
[GMT -5:00]
AV: Norton 360 *On-access scanning disabled* (Updated)
{E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jaxx\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bussecompanystore.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -
c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -
c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention:
{6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton
360\engine\3.5.2.11\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -
c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}
- c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}
- c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program
files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program
files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program
files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [ ] c:\program files\internet explorer\iexplore.exe
http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&erro
r=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000
082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.00
0001da&d=00000082.000000e6.0000026f
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [StartCCC] "c:\program files\ati
technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PCMService] "c:\program files\dell\media
experience\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"
-atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\jaxx\startm~1\programs\startup\secuni~1.lnk -
c:\program files\secunia\psi\psi.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &ieSpell Options - c:\program
files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel -
c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google
toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmside
wiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam
Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program
files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program
files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -
hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6
be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -
hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie
nt/muweb_site.cab?1189139610125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras
him.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program
files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File
Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys
[2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics
Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys
[2009-9-8 259632]
R1 ccHP;Symantec Hash
Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys
[2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ips
defs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
R2 N360;Norton 360;c:\program files\norton
360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common
files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir
usdefs\20100117.002\NAVENG.SYS [2010-1-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir
usdefs\20100117.002\NAVEX15.SYS [2010-1-17 1323568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
=============== Created Last 30 ================
2010-01-17 19:45:25 0 d-----w- c:\program files\Trend
Micro
2010-01-17 16:44:27 0 dc-h--w-
c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-17 16:43:57 0 d-----w- c:\program files\Lavasoft
2010-01-17 10:11:54 411368 ----a-w-
c:\windows\system32\deploytk.dll
2010-01-17 10:01:36 0 d-----w- c:\program files\Secunia
2010-01-17 00:19:12 0 d-----w-
c:\docume~1\alluse~1\applic~1\Geek Squad
2010-01-17 00:18:55 524288 ---ha-w- c:\documents and
settings\jaxx\ntuser.dat.LOG1
2010-01-17 00:18:55 0 ---ha-w- c:\documents and
settings\jaxx\ntuser.dat.LOG2
2010-01-15 14:06:56 1 ----a-w- C:\s
==================== Find3M ====================
2010-01-07 21:07:14 38224 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w-
c:\windows\system32\drivers\mbam.sys
2009-11-14 00:47:32 90112 ----a-w-
c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w-
c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w-
c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w-
c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w-
c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w-
c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w-
c:\windows\system32\DivX.dll
2009-10-29 07:45:38 916480 ----a-w-
c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w-
c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w-
c:\windows\system32\httpapi.dll
============= FINISH: 18:21:34.36 ===============
***********************************************************************************************************************************************
(DDS_Attach)
DDS (Ver_09-12-01.01) - NTFSx86
Run by Jaxx at 18:20:50.18 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1384
[GMT -5:00]
AV: Norton 360 *On-access scanning disabled* (Updated)
{E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jaxx\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bussecompanystore.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -
c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -
c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention:
{6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton
360\engine\3.5.2.11\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -
c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}
- c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}
- c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program
files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program
files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program
files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [ ] c:\program files\internet explorer\iexplore.exe
http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&erro
r=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000
082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.00
0001da&d=00000082.000000e6.0000026f
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [StartCCC] "c:\program files\ati
technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PCMService] "c:\program files\dell\media
experience\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"
-atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\jaxx\startm~1\programs\startup\secuni~1.lnk -
c:\program files\secunia\psi\psi.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &ieSpell Options - c:\program
files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel -
c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google
toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmside
wiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam
Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program
files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program
files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -
hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6
be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -
hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie
nt/muweb_site.cab?1189139610125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras
him.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program
files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File
Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys
[2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics
Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys
[2009-9-8 259632]
R1 ccHP;Symantec Hash
Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys
[2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ips
defs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
R2 N360;Norton 360;c:\program files\norton
360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common
files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir
usdefs\20100117.002\NAVENG.SYS [2010-1-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir
usdefs\20100117.002\NAVEX15.SYS [2010-1-17 1323568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
=============== Created Last 30 ================
2010-01-17 19:45:25 0 d-----w- c:\program files\Trend
Micro
2010-01-17 16:44:27 0 dc-h--w-
c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-17 16:43:57 0 d-----w- c:\program files\Lavasoft
2010-01-17 10:11:54 411368 ----a-w-
c:\windows\system32\deploytk.dll
2010-01-17 10:01:36 0 d-----w- c:\program files\Secunia
2010-01-17 00:19:12 0 d-----w-
c:\docume~1\alluse~1\applic~1\Geek Squad
2010-01-17 00:18:55 524288 ---ha-w- c:\documents and
settings\jaxx\ntuser.dat.LOG1
2010-01-17 00:18:55 0 ---ha-w- c:\documents and
settings\jaxx\ntuser.dat.LOG2
2010-01-15 14:06:56 1 ----a-w- C:\s
==================== Find3M ====================
2010-01-07 21:07:14 38224 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w-
c:\windows\system32\drivers\mbam.sys
2009-11-14 00:47:32 90112 ----a-w-
c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w-
c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w-
c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w-
c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w-
c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w-
c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w-
c:\windows\system32\DivX.dll
2009-10-29 07:45:38 916480 ----a-w-
c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w-
c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w-
c:\windows\system32\httpapi.dll
============= FINISH: 18:21:34.36 ===============
I hope that I did it right! Thanks again for your help. :)
Best Regards,
JA Churchman
JAC27
4 Posts
0
January 17th, 2010 15:00
Hi :)
I will follow your instructions for the DDS scan. So far so good as far as to no lingering effects. I've run many full scans with various scanners: Norton 360, Malwarebytes, Spybot, Ad-Aware, & Trend Micro online HouseCall, which just finished.
Below are all the names I could gather, and what scanner found what: I also found the program that was exploited originally and uninstalled it (Adobe Acrobat 8.xx).
Wednesday:
0.9363188669021173.exe (Norton)
5f.tmp (Norton)
Trojan.Zbot several times until deleted by Malwarebytes (Norton detected)
Thursday:
No problems, no detected threats
Friday:
0.41560240649622193.exe (Norton)
smss32.exe (Norton)
Trojan.Blotter (Malwarebytes)
Trojan.FakeAlert (Malwarebytes)
At this point, Windows would not load. A quick trip to the local Best Buy (Geek Squad) Saturday evening resolved the problem by replacing a missing registry key.
Saturday night:
Downloader (Norton, labeled as virus, 2 entries)
Today, first attempt back on the 'Net for updates since the attack:
Trojan.Virantix (Norton)
After repeated clean scans by Malwarebytes & Norton, I went back on the Internet to update Spybot (forgot it before). The following Spybot scan found:
Win32.Agent.pz
Followed up with:
Ad-Aware (Clean scan/No threats)
Trend Micro online HouseCall (Clean scan/No threats)
All are claimed to have been resolved at this time. I believe that's all of them, AFAIK. Norton security log not showing high risk entries anymore so far.
I'll post the DDS results as soon as I can.
Thank you.
Best Regards,
JA Churchman
JAC27
4 Posts
0
January 17th, 2010 17:00
Hi :)
Thank you very much, and I will read & follow your suggestions above. I really appreciate the help! :)
Best regards,
JA Churchman
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
January 17th, 2010 17:00
You do have a Google Dictionary entry that you can remove because it is an orphan and has no file attached to it.
If you want to remove it, run HijackThis and place a checkmark next to the following:
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
Close all other windows and click "Fix Checked". Close Hijackthis, and reboot.
I'm glad we were able to help.
NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Message at the top of the forum.